Repositories list

• pharos

  Public

  CERTCC/pharos’s past year of commit activity
  Automated static analysis tools for binary programs. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: ht…

  C++

  •

  Other

  •209209 forks•88 stars•00 issues•11 pull request•Updated Apr 20, 2026Apr 20, 2026

• SSVC

  Public

  CERTCC/SSVC’s past year of commit activity
  Stakeholder-Specific Vulnerability Categorization

  vulnerabilityvulnerabilitiesdecision-trees+ 3

  vulnerabilityvulnerabilitiesdecision-treesvulnerability-managementdecision-supportprioritization

  Python

  •

  Other

  •4343 forks•178178 stars•107107 issues•1010 pull requests•Updated Apr 20, 2026Apr 20, 2026

• VINCE

  Public

  CERTCC/VINCE’s past year of commit activity
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disc…

  pythonapidjango+ 7

  pythonapidjangocoordinationcertcsirtvulnerabilityvulnerability-managementvulnerability-identificationpsirt

  Python

  •

  Other

  •2828 forks•9898 stars•3131 issues•11 pull request•Updated Apr 20, 2026Apr 20, 2026

• metasploit-framework

  Public

  CERTCC/metasploit-framework’s past year of commit activity
  CERT/CC's fork of Metasploit Framework in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for…

  cvevulnerability-identificationcve-searchsploit+ 3

  cvevulnerability-identificationcve-searchsploitcve-searchcvesvulnerability-intelligence

  Ruby

  •

  Other

  •15k15k forks•33 stars•00 issues•00 pull requests•Updated Apr 20, 2026Apr 20, 2026

• Vultron

  Public

  CERTCC/Vultron’s past year of commit activity
  Vultron is a protocol for Coordinated Vulnerability Disclosure

  prototypeprotocolvulnerability+ 8

  prototypeprotocolvulnerabilityactivitypubcvdvulnerability-reportsactivitystreams-vocabularyvulnerability-disclosurevulnerability-responsevulnerability-disclosure-policies+ 1

  Python

  •

  Other

  •55 forks•1818 stars•1111 issues•11 pull request•Updated Apr 17, 2026Apr 17, 2026

• cveClient

  Public

  CERTCC/cveClient’s past year of commit activity
  A client and library to cve-services 2.x to provide CVE management for CNA and CERTs

  JavaScript

  •

  Other

  •1010 forks•3030 stars•00 issues•00 pull requests•Updated Apr 17, 2026Apr 17, 2026

• luminous-badger

  Public

  CERTCC/luminous-badger’s past year of commit activity
  testing repo!

  Python

  •00 forks•00 stars•00 issues•77 pull requests•Updated Apr 15, 2026Apr 15, 2026

• exploitdb

  Public

  CERTCC/exploitdb’s past year of commit activity
  CERT/CC's fork of the official Exploit Database repository in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recogn…

  cvevulnerability-identificationcve-searchsploit+ 3

  cvevulnerability-identificationcve-searchsploitcve-searchcvesvulnerability-intelligence

  C

  •

  GNU General Public License v2.0

  •1.9k1.9k forks•1212 stars•00 issues•00 pull requests•Updated Apr 13, 2026Apr 13, 2026

• CERT-Guide-to-CVD

  Public

  CERTCC/CERT-Guide-to-CVD’s past year of commit activity
  Content for the CERT Guide to Coordinated Vulnerability Disclosure

  vulnerabilityvulnerability-managementvulnerability-analysis+ 6

  vulnerabilityvulnerability-managementvulnerability-analysiscvdvulnerability-reportsvulnerability-disclosurevulnerability-responsevulnerability-disclosure-policiesvulnerability-disclosure-program

  HTML

  •

  Other

  •1111 forks•1414 stars•1616 issues•00 pull requests•Updated Apr 2, 2026Apr 2, 2026

• kaiju

  Public

  CERTCC/kaiju’s past year of commit activity
  CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for …

  reverse-engineeringbinary-analysisghidra

  reverse-engineeringbinary-analysisghidra

  Java

  •

  Other

  •3838 forks•321321 stars•77 issues•00 pull requests•Updated Mar 9, 2026Mar 9, 2026

• harbor

  Public

  CERTCC/harbor’s past year of commit activity
  An open source trusted cloud native registry project that stores, signs, and scans content.

  Go

  •

  Apache License 2.0

  •5.2k5.2k forks•00 stars•00 issues•11 pull request•Updated Jan 22, 2026Jan 22, 2026

• cert-uefi-parser

  Public

  CERTCC/cert-uefi-parser’s past year of commit activity
  CERT UEFI Parser for pypi

  Python

  •

  Other

  •22 forks•00 stars•00 issues•00 pull requests•Updated Jan 8, 2026Jan 8, 2026

• cert-uefi-support

  Public

  CERTCC/cert-uefi-support’s past year of commit activity
  CERT/CC Fork of UEFI Support for release and lifecycle

  C

  •

  Other

  •11 fork•00 stars•00 issues•00 pull requests•Updated Dec 23, 2025Dec 23, 2025

• certfuzz

  Public archive
  This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

  certfuzzingfuzz-testing+ 2

  certfuzzingfuzz-testingfoebff

  Python

  •

  Other

  •5555 forks•273273 stars•00 issues•00 pull requests•Updated Jul 30, 2025Jul 30, 2025

• .github

  Public
  00 forks•00 stars•00 issues•00 pull requests•Updated Jun 13, 2025Jun 13, 2025

• labyrinth

  Public
  Come inside, and have a nice cup of tea.

  Other

  •4040 forks•110110 stars•1313 issues•11 pull request•Updated May 13, 2025May 13, 2025

• git_vul_driller

  Public
  Drills through git commit histories to find vulnerability IDs in change logs.

  Jupyter Notebook

  •

  MIT License

  •33 forks•55 stars•11 issue•00 pull requests•Updated Apr 16, 2025Apr 16, 2025

• PKfail

  Public
  Mitigations & detection tools for VU#455367

  uefivulnerability

  uefivulnerability

  PowerShell

  •

  BSD 2-Clause "Simplified" License

  •00 forks•55 stars•11 issue•00 pull requests•Updated Dec 20, 2024Dec 20, 2024

• PoC-Exploits

  Public archive
  Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

  exploitspocvulnerabilities

  exploitspocvulnerabilities

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •4848 forks•193193 stars•00 issues•00 pull requests•Updated May 15, 2024May 15, 2024

• tapioca

  Public archive
  CERT Tapioca for MITM network analysis

  mitmhttp-proxytapioca+ 5

  mitmhttp-proxytapiocawiresharkmitmproxytransparent-proxyssl-inspectionssl-interception

  Python

  •

  Other

  •2525 forks•186186 stars•00 issues•00 pull requests•Updated May 15, 2024May 15, 2024

• metasploit_json_parser

  Public archive
  Parser for the JSON database included in metasploit-framework that emits a CSV file of modules keyed by vulnerability IDs and references. NOTE: Superseded by gi…

  metadatathreatintelmetasploit-framework+ 6

  metadatathreatintelmetasploit-frameworkvulnerability-assessmentmetasploitthreat-intelligencemetasploit-framework-databasevulnerability-researchmetasploit-automation

  Python

  •

  MIT License

  •00 forks•22 stars•00 issues•22 pull requests•Updated May 15, 2024May 15, 2024

• Vulnerability-Data-Archive-Tools

  Public archive
  Tools for working with the CERT Vulnerability Data Archive. See also https://github.com/CERTCC/Vulnerability-Data-Archive

  pythonvulnerability-data

  pythonvulnerability-data

  Python

  •

  Other

  •1212 forks•2121 stars•00 issues•00 pull requests•Updated May 14, 2024May 14, 2024

• Vulnerability-Data-Archive

  Public archive
  With the hope that someone finds the data useful, we used to periodically publish an archive of almost all of the non-sensitive vulnerability information in our…

  threatcertvulnerability+ 7

  threatcertvulnerabilitythreatintelcvethreat-analysisthreat-intelligencevulnerability-reportvulnerability-datavulnerability-notes

  Other

  •2121 forks•9696 stars•00 issues•00 pull requests•Updated May 14, 2024May 14, 2024

• vulnerability_disclosure_policy_templates

  Public archive
  A collection of templates for generating vulnerability disclosure policies. (NOTE: As of 2024, these templates are now part of the CERT Guide to Coordinated Vul…

  vulnerabilitydisclosurecvd-policy+ 3

  vulnerabilitydisclosurecvd-policyvulnerability-disclosuredisclosure-policyvulnerability-disclosure-policies

  MIT License

  •33 forks•99 stars•00 issues•00 pull requests•Updated Apr 25, 2024Apr 25, 2024

• SBOM

  Public
  Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

  bill-of-materialssbomsbom-generator

  bill-of-materialssbomsbom-generator

  JavaScript

  •

  MIT License

  •1818 forks•6767 stars•22 issues•00 pull requests•Updated Apr 8, 2024Apr 8, 2024

• keyfinder

  Public archive
  A tool for finding and analyzing private (and public) key files, including support for Android APK files.

  Python

  •4949 forks•277277 stars•00 issues•00 pull requests•Updated Nov 7, 2022Nov 7, 2022

• CVE-2021-44228_scanner

  Public archive
  Scanners for Jar files that may be vulnerable to CVE-2021-44228

  PowerShell

  •

  BSD 2-Clause "Simplified" License

  •8585 forks•350350 stars•00 issues•00 pull requests•Updated Mar 23, 2022Mar 23, 2022

• Linux-Kernel-Analysis-Environment

  Public archive
  Container-based environment for debugging and analyzing Linux kernels using QEMU and GDB

  Shell

  •

  MIT License

  •33 forks•55 stars•00 issues•00 pull requests•Updated Nov 4, 2021Nov 4, 2021

• Syzbot-Repro-Runner

  Public archive
  Automatically build and run a custom kernel and crasher from a syzbot report

  Python

  •

  MIT License

  •11 fork•11 star•00 issues•00 pull requests•Updated Nov 4, 2021Nov 4, 2021

• UEFI-Analysis-Resources

  Public archive
  Documentation, examples, and other resources regarding analyzing EDK2 based UEFI firmware

  PHP

  •

  MIT License

  •11 fork•66 stars•00 issues•00 pull requests•Updated Nov 4, 2021Nov 4, 2021