Gather and update all available and newest CVEs with their PoC.
AI Analysis
CVE PoC is an automated aggregation repository that collects and organizes publicly available proof-of-concept exploits for CVEs, organized by year with easy-to-read markdown documentation. It serves security researchers, penetration testers, and red teams who need to quickly locate and reference working exploits for specific vulnerabilities. This is a specialized tool for the offensive security community, not a general-purpose repository.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Automated CVE PoC aggregator updated daily, covering nearly every public exploit reference
trickest/cve is an automatically maintained repository that aggregates publicly available proof-of-concept exploits for CVEs, sourced from GitHub repositories, CVE reference lists, and HackerOne reports. It is primarily built for security researchers, penetration testers, and bug bounty hunters who need a single, up-to-date index of known exploits. The repository is not a tool to run but a continuously refreshed dataset. Its value is in breadth, automation, and freshness — it updates daily via Trickest's own workflow platform, making it a living reference rather than a static list.
Created in January 2022 by Trickest, a security workflow automation company. It emerged as a productized, automated alternative to manually curated PoC lists, leveraging Trickest's own platform to run the data pipeline.
The repository accumulated ~7,885 stars over roughly 4.5 years, with growth likely driven by security community sharing, blog posts, and organic discovery among pentesters. Star velocity has notably slowed — only 1 star in the last 7 days — suggesting the initial growth spike has plateaued and the repo now serves a stable but not rapidly expanding user base.
Community members have built derivative tools on top of this dataset — for example, a searchable HTML summary table at andrewmohawk.com is publicly documented in the README. The 972 forks suggest meaningful downstream use. The atom feed use case implies integration into monitoring pipelines by security teams, though the scale of such usage is not independently verified.
Appears to be a data repository rather than a software project. The pipeline likely runs on Trickest's workflow platform: it pulls from CVEProject/cvelist, searches GitHub via a custom tool (find-gh-poc), checks references with ffuf, filters false positives via a blacklist, and writes structured markdown files organized by year. Output is HTML/Markdown files, not executable code.
not documented in README
Last push was 2026-06-20, one day before the evaluation date, indicating the automated update pipeline is actively running. This is strong evidence of ongoing operational maintenance. Human-driven code changes to the pipeline itself are harder to assess from metadata alone.
ADOPT IF: you need a continuously updated, broad-coverage index of CVE PoCs for research, red-teaming, or vulnerability monitoring and are comfortable with automated aggregation that may include some false positives. AVOID IF: you need verified, tested, high-confidence exploit code — this is an aggregator, not a curated or validated exploit framework; false positives and broken links are expected. MONITOR IF: you are building security tooling or threat intelligence pipelines that could ingest structured CVE-PoC mappings, but need to evaluate data quality and coverage gaps before committing.
Independent dimensions
Mainstream potential
3/10
Technical importance
6/10
Adoption evidence
5/10
- False positive rate is acknowledged by the project itself — the blacklist-based filtering may miss low-quality or mislabeled PoC repositories, reducing signal reliability for automated consumers.
- The pipeline depends on Trickest's proprietary workflow platform; if the company changes direction, pricing, or shuts down, the automation infrastructure could stop without community ability to easily replicate it.
- Star growth has effectively stalled at ~1/week, suggesting the project may have reached saturation in its target audience without significant expansion beyond the security research niche.
- Coverage quality depends on upstream sources (CVEProject/cvelist, GitHub search) — CVEs with no GitHub presence or non-English references may be systematically underrepresented.
- As an aggregator of exploit code links, the repository carries reputational and potential legal risk depending on jurisdiction, which could lead to takedown pressure or content removal.
Likely to remain a stable, actively maintained reference dataset for the security research community, continuing daily automated updates, but unlikely to significantly expand its user base or evolve into a broader platform without new product investment from Trickest.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- https://trickest.com
- Language
- HTML
- License
- MIT
- Last updated
- 1d ago
- Created
- 54mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Top contributors
Recent releases
No releases published yet.
Similar repos
ycdxsb/PocOrExp_in_Github
This project automatically aggregates proof-of-concept (POC) and exploit (EXP)...
nomi-sec/PoC-in-GitHub
PoC-in-GitHub is an automated collection tool that gathers proof-of-concept...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
7.9k | +18 | HTML | 7/10 | 1d ago |
|
|
1.2k | — | Python | 7/10 | 11h ago |
|
|
1.3k | — | Python | 6/10 | 12h ago |
|
|
5.1k | — | Java | 6/10 | 2mo ago |
|
|
7.9k | — | — | 6/10 | 12h ago |
|
|
3.8k | — | Python | 6/10 | 6d ago |
Nearly identical star count (~7,847 vs 7,885), also automated and GitHub-focused. nomi-sec indexes GitHub PoC repos in JSON format whereas trickest/cve produces human-readable markdown with broader source coverage including HackerOne and CVE references. The two are complementary rather than strictly competing.
Manually curated, focused on Chinese-language security community, organized by vulnerability category. Higher curation quality per entry but much lower coverage breadth and update frequency compared to trickest/cve's automated daily updates.
Significantly lower star count (1,317). Appears to target a similar use case but with less adoption and likely less automation infrastructure. May overlap in content but trickest/cve has demonstrably larger reach.
Much broader scope (payloads, techniques, cheat sheets) with massive adoption (78k stars). Not a direct competitor — PayloadsAllTheThings is a technique reference while trickest/cve is a CVE-specific exploit index. Different use cases with occasional overlap.
Lower star count (1,173), also GitHub-search-based PoC aggregation. Similar concept but appears less actively maintained and less comprehensive in source coverage than trickest/cve.

