trickest

trickest/cve

HTML MIT Security

Gather and update all available and newest CVEs with their PoC.

7.9k stars
976 forks
active
GitHub +18 / week

7.9k

Stars

976

Forks

20

Open issues

7

Contributors

AI Analysis

CVE PoC is an automated aggregation repository that collects and organizes publicly available proof-of-concept exploits for CVEs, organized by year with easy-to-read markdown documentation. It serves security researchers, penetration testers, and red teams who need to quickly locate and reference working exploits for specific vulnerabilities. This is a specialized tool for the offensive security community, not a general-purpose repository.

Security Security Tool Discovery value: 4/10
Documentation 8/10
Activity 10/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

cve-aggregation exploit-database security-research vulnerability-tracking poc-collection
Actively maintained Well documented MIT licensed Niche/specialized use case Popular Production ready
Deep Analysis · Based on README and public signals
3w ago

Automated CVE PoC aggregator updated daily, covering nearly every public exploit reference

trickest/cve is an automatically maintained repository that aggregates publicly available proof-of-concept exploits for CVEs, sourced from GitHub repositories, CVE reference lists, and HackerOne reports. It is primarily built for security researchers, penetration testers, and bug bounty hunters who need a single, up-to-date index of known exploits. The repository is not a tool to run but a continuously refreshed dataset. Its value is in breadth, automation, and freshness — it updates daily via Trickest's own workflow platform, making it a living reference rather than a static list.

Origin

Created in January 2022 by Trickest, a security workflow automation company. It emerged as a productized, automated alternative to manually curated PoC lists, leveraging Trickest's own platform to run the data pipeline.

Growth

The repository accumulated ~7,885 stars over roughly 4.5 years, with growth likely driven by security community sharing, blog posts, and organic discovery among pentesters. Star velocity has notably slowed — only 1 star in the last 7 days — suggesting the initial growth spike has plateaued and the repo now serves a stable but not rapidly expanding user base.

In production

Community members have built derivative tools on top of this dataset — for example, a searchable HTML summary table at andrewmohawk.com is publicly documented in the README. The 972 forks suggest meaningful downstream use. The atom feed use case implies integration into monitoring pipelines by security teams, though the scale of such usage is not independently verified.

Code analysis
Architecture

Appears to be a data repository rather than a software project. The pipeline likely runs on Trickest's workflow platform: it pulls from CVEProject/cvelist, searches GitHub via a custom tool (find-gh-poc), checks references with ffuf, filters false positives via a blacklist, and writes structured markdown files organized by year. Output is HTML/Markdown files, not executable code.

Tests

not documented in README

Maintenance

Last push was 2026-06-20, one day before the evaluation date, indicating the automated update pipeline is actively running. This is strong evidence of ongoing operational maintenance. Human-driven code changes to the pipeline itself are harder to assess from metadata alone.

Honest verdict

ADOPT IF: you need a continuously updated, broad-coverage index of CVE PoCs for research, red-teaming, or vulnerability monitoring and are comfortable with automated aggregation that may include some false positives. AVOID IF: you need verified, tested, high-confidence exploit code — this is an aggregator, not a curated or validated exploit framework; false positives and broken links are expected. MONITOR IF: you are building security tooling or threat intelligence pipelines that could ingest structured CVE-PoC mappings, but need to evaluate data quality and coverage gaps before committing.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

5/10

Risks
  • False positive rate is acknowledged by the project itself — the blacklist-based filtering may miss low-quality or mislabeled PoC repositories, reducing signal reliability for automated consumers.
  • The pipeline depends on Trickest's proprietary workflow platform; if the company changes direction, pricing, or shuts down, the automation infrastructure could stop without community ability to easily replicate it.
  • Star growth has effectively stalled at ~1/week, suggesting the project may have reached saturation in its target audience without significant expansion beyond the security research niche.
  • Coverage quality depends on upstream sources (CVEProject/cvelist, GitHub search) — CVEs with no GitHub presence or non-English references may be systematically underrepresented.
  • As an aggregator of exploit code links, the repository carries reputational and potential legal risk depending on jurisdiction, which could lead to takedown pressure or content removal.
Prediction

Likely to remain a stable, actively maintained reference dataset for the security research community, continuing daily automated updates, but unlikely to significantly expand its user base or evolve into a broader platform without new product investment from Trickest.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

HTML
75.4%
Python
24.6%

Information

Language
HTML
License
MIT
Last updated
1d ago
Created
54mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Recent releases

No releases published yet.

Similar repos

ycdxsb

ycdxsb/PocOrExp_in_Github

This project automatically aggregates proof-of-concept (POC) and exploit (EXP)...

1.2k Python Security
0xMarcio

0xMarcio/cve

This repository curates and tracks the latest publicly disclosed CVE...

1.3k Python Security
Threekiii

Threekiii/Awesome-POC

Awesome-POC is a curated knowledge base of 1000+ vulnerability...

5.1k Java Security
nomi-sec

nomi-sec/PoC-in-GitHub

PoC-in-GitHub is an automated collection tool that gathers proof-of-concept...

bikini

bikini/exploitarium

Exploitarium is a curated archive of public exploit proof-of-concepts and...

3.8k Python Security
vs. alternatives
nomi-sec/PoC-in-GitHub

Nearly identical star count (~7,847 vs 7,885), also automated and GitHub-focused. nomi-sec indexes GitHub PoC repos in JSON format whereas trickest/cve produces human-readable markdown with broader source coverage including HackerOne and CVE references. The two are complementary rather than strictly competing.

Threekiii/Awesome-POC

Manually curated, focused on Chinese-language security community, organized by vulnerability category. Higher curation quality per entry but much lower coverage breadth and update frequency compared to trickest/cve's automated daily updates.

0xMarcio/cve

Significantly lower star count (1,317). Appears to target a similar use case but with less adoption and likely less automation infrastructure. May overlap in content but trickest/cve has demonstrably larger reach.

swisskyrepo/PayloadsAllTheThings

Much broader scope (payloads, techniques, cheat sheets) with massive adoption (78k stars). Not a direct competitor — PayloadsAllTheThings is a technique reference while trickest/cve is a CVE-specific exploit index. Different use cases with occasional overlap.

ycdxsb/PocOrExp_in_Github

Lower star count (1,173), also GitHub-search-based PoC aggregation. Similar concept but appears less actively maintained and less comprehensive in source coverage than trickest/cve.