A personal threat intelligence aggregator for developers, researchers, students, builders, and the curious from reputable, industry leading security sources, in real time. NVD CVE data. MITRE ATT&CK mapping. Encrypted local database. No cloud, no account, no noise — available to anyone who can run Python.
Author: SudoCode by (@sudochef / commit-issues)
Most security tools are built for teams that already know what they are doing. The dashboards are complex, the documentation assumes expertise, and the barrier to entry is high enough that the people who need security awareness most — individual developers, small teams, early-stage builders — end up skipping it entirely.
That gap is not a knowledge problem. It is an access problem.
Security failures at scale — across companies of every size, with budgets far exceeding what most developers will ever touch — share a consistent pattern: not that people did not care, but that security was treated as something to add later, after the product worked. After the launch. After the funding round. The result is reactive spending to fix problems that cost a fraction as much to prevent.
This tool exists to change that equation at the individual level. Not by simplifying security into a false sense of safety, but by making real threat intelligence — the same data that enterprise teams pay for — available to anyone who can run a Python script. And by building it in a way that teaches how to think about security across the full lifecycle of a project: not just "did it work today" but "is it still safe tomorrow."
The goal is not to make you dependent on a tool. The goal is to make you harder to catch off guard.
- What is This?
- Features
- Screenshots
- Quick Start
- Detailed Installation
- Usage
- Clicking Links in the Terminal
- Project Structure
- Security & Responsible Use
- Contributing
- License
The CVE Security Intelligence Monitor is a command-line security intelligence tool that works on Windows, macOS, and Linux. It pulls from 17 threat intelligence sources and stores everything locally in an encrypted database that only you can open.
- 📥 Fetches CVE data from the National Vulnerability Database (NVD)
- 📡 Aggregates breaking security news from 17 curated threat intelligence sources
- 🗄️ Stores everything locally in an encrypted SQLite database — no cloud, no shared servers
- 📊 Analyzes CVE severity, affected vendors, exploit availability, and MITRE ATT&CK mappings
- 🎨 Displays color-coded reports directly in your terminal
- 🔔 Tracks critical and high-severity vulnerabilities that need immediate attention
- ✅ Your data stays yours — local encrypted database, no account required, nothing leaves your machine
- ✅ 17 threat intel sources — BleepingComputer, The Hacker News, SANS ISC, Unit 42, Schneier on Security, CISA advisories, and more
- ✅ Stay ahead of exploits — CISA KEV integration flags vulnerabilities that are actively being exploited right now
- ✅ Understand the full picture — MITRE ATT&CK mapping shows how a CVE translates to real-world attacker behavior
- ✅ Works on any OS — Windows, macOS, and Linux with the same setup process
Most security tools tell you about vulnerabilities in the software you're protecting.
This one also protects itself.
Tools like Nessus, Qualys, and OpenVAS are powerful — but they're designed for enterprise infrastructure scanning. They don't:
- 🚫 Monitor their own dependencies for CVEs in real time
- 🚫 Cross-reference breaking security news against their own codebase
- 🚫 Alert you when the scanner itself needs a security patch
- 🚫 Run silently in the background, catching threats while you sleep
- 🚫 Work without a $15,000/year enterprise license
The CVE Security Intelligence Monitor includes a self-monitoring engine that watches its own Python dependencies against the NVD database and 17 live security news sources — simultaneously.
In its first run, it caught 21 dependency vulnerability alerts including CVE-2026-5271 against pytest. Not against some external target. Against itself.
That's not a bug. That's the point.
| Feature | This Tool | Nessus | Qualys |
|---|---|---|---|
| CVE monitoring | ✅ | ✅ | ✅ |
| Self-dependency monitoring | ✅ | ❌ | ❌ |
| Live news feed cross-reference | ✅ | ❌ | ❌ |
| Runs on your local machine | ✅ | ❌ | ❌ |
| Encrypted local database | ✅ | ❌ | ❌ |
| Free and open source | ✅ | ❌ | ❌ |
| Beginner accessible | ✅ | ❌ | ❌ |
| Auto-scheduler (no manual runs) | ✅ | ✅ | ✅ |
| Supply chain attack detection | ✅ | ❌ | ❌ |
This tool was built for security practitioners, developers, researchers, students, and content creators who need real intelligence — not enterprise bloat.
- You don't need a corporate budget
- You don't need a DevSecOps team
- You need to know what's vulnerable, when it becomes vulnerable, and why it matters
Built by @sudochef — making cybersecurity accessible, one CVE at a time.
-
✅ First-Run Setup Wizard
- Launches automatically the very first time you run the tool
- Guides you through Python check, dependencies, API key, database setup, data fetch, and preferences
- Re-accessible anytime via option
[7] Setup Refresh & System Preferences
-
✅ Encrypted Local Database
- Your CVE database is encrypted at rest using SQLCipher (256-bit AES)
- Only opens with your encryption key — stored in your
.envfile, never transmitted anywhere - 8 normalized tables for CVEs, news, vendors, MITRE mappings, audit log, and more
- 3 pre-built views for fast critical/exploit/news queries
- If you lose your encryption key, the database cannot be recovered — store it in a password manager
-
✅ NVD API Integration
- Fetches real CVE data from official NVD sources over HTTPS only
- Supports API key for enhanced rate limits (100 requests/30sec with key)
- Falls back gracefully without an API key (5 requests/30sec)
- Smart refresh — only fetches CVEs newer than what you already have
-
✅ Intelligent CVE Scraper
- Automatic CVSS scoring (v3.1, v3.0, v2.0 fallback)
- Severity classification (Critical / High / Medium / Low)
- Vendor and product extraction from CPE data
- Duplicate detection and prevention
- Full pagination — fetches all available CVEs, not just the first page
- Proper rate-limit handling with auto-retry on HTTP 403
-
✅ Security News Scraper — 17 Sources All sources fetched over HTTPS only. Per-source isolation — one failure never breaks the others.
Source Type BleepingComputer Breaking news The Hacker News Threat research Krebs on Security Investigative Dark Reading Industry news SecurityWeek Industry news The Register Tech security Ars Technica Tech security SANS ISC Daily threat briefings Cisco Talos Threat intelligence Unit 42 (Palo Alto) Threat research Microsoft Security Vendor advisories Schneier on Security Analysis The Record Recorded Future news Google Security Blog Google threat intel CISA Advisories Government advisories CISA KEV Known exploited vulnerabilities SudoChef (Medium) Tool updates & content -
✅ Interactive Terminal Viewer
- Beginner-friendly numbered menu
- Color-coded severity levels (🔴 Critical, 🟠 High, 🟡 Medium, 🟢 Low)
- Database summary with statistics
- Recent CVE listings with full details
- Critical/High unpatched CVE spotlight
- Top affected vendors with bar charts
- Exploit maturity tracker (URGENT → HIGH → MEDIUM → LOW)
- Breaking security news (last 24h)
- Keyword search — type a vendor, CVE ID, or term and see matching results instantly
-
✅ MITRE ATT&CK Integration — Live Data
- 691+ live techniques pulled directly from the official MITRE STIX feed over HTTPS
- Auto-refreshes weekly — always current, never stale
- Maps any CVE to real ATT&CK techniques with Technique ID, Tactic, Description, Mitigation, and direct ATT&CK URL
- Works offline after first download
-
✅ Automated Scheduler
- Runs full scans automatically at 08:00 and 20:00 daily
- Nightly cleanup at 03:00 — removes old news, optimizes database
- Daily backup at 02:00 — encrypted database snapshot
- Lock file prevents overlapping runs
- Fully silent when running via cron — no terminal noise
-
✅ Export Engine
- Export your CVE intelligence to CSV, JSON, or PDF
- PDF reports available in dark theme (navy/purple) or light theme (editorial white)
- 7-section report: cover stats, critical/high CVEs, exploit maturity, top vendors, CISA KEV, tool alerts, and metadata
- A4 international format
- Exports saved to a secure local folder (never uploaded anywhere)
-
✅ Self-Monitor — Dependency Intelligence
- Watches the tool's own dependencies against NVD and all 17 news sources
- Caught 21 real CVE alerts on first run
- Deduplicates alerts — no spam
- Opens a GitHub issue automatically when a dependency CVE is found
- Stores all hits in a dedicated
tool_alertstable
-
✅ Auto-Updater
- Reads active dependency CVE alerts from the database
- Checks PyPI for the latest safe version of each vulnerable package
- Manual mode: shows what's vulnerable, asks confirmation before patching
- Cron mode: patches silently, logs everything
- Runs pip-audit after every patch to verify the fix
- Auto-commits patched
requirements.txtwith a signed, structured commit message - Full audit trail in
logs/updater.log
-
✅ Desktop Notifications
- Fires a system notification when new Critical or High CVEs are found
- Configurable alert threshold (Critical / High / Medium / Low)
- Set your preference via the setup wizard
- Fails gracefully if notifications aren't available on your system
================================================================================
🔒 CVE SECURITY INTELLIGENCE MONITOR 🔒
================================================================================
SudoCode by SudoChef (commit-issues)
Friday, March 06 2026 10:00 PM
What would you like to do?
[1] 🗞 Fetch Security News
BleepingComputer, Hacker News, CISA, Krebs + 13 more sources
[2] 🛡 Fetch Latest CVEs
Pull new vulnerabilities from NVD (last 7 days)
[3] 📊 View Reports & Search
Browse CVEs, news, exploits, search by keyword
[4] 🗓 Fetch CVEs — Custom Range
Choose how many days back to pull (e.g. 30)
[5] 🎯 MITRE ATT&CK Lookup
Map a CVE to ATT&CK techniques & mitigations
[6] 🔄 Force Refresh ATT&CK Data
Pull latest techniques from MITRE immediately
[7] ⚙️ Setup Refresh & System Preferences
Re-run setup, update API key, preferences
[0] ❌ Exit
Enter your choice (0-7):
================================================================================
📊 CVE DATABASE SUMMARY
================================================================================
Total Records:
📋 CVEs in database: 1,910
📰 News articles: 145
⭐ Bookmarks: 3
Severity Breakdown:
🔴 Critical: 8
🟠 High: 41
🟡 Medium: 89
🟢 Low: 24
⚪ None (awaiting CVSS score): 85
Exploit Status:
💣 Actively exploited: 5
⚠️ Weaponized/In-the-wild: 3
▶ 🔥 RECENT CVEs (Last 7 Days)
────────────────────────────────────────────────────────────────────────────────
1. CVE-2026-5281 — Critical (9.8)
📅 Published: 2026-04-01
🏢 Vendor: google
💣 Exploit: In-The-Wild
📝 Google Chrome Dawn Use-After-Free Vulnerability under active exploitation...
2. CVE-2026-3055 — High (9.3)
📅 Published: 2026-03-28
🏢 Vendor: citrix
💣 Exploit: In-The-Wild
📝 Citrix NetScaler Out-of-Bounds Read Vulnerability under active recon...
=================================================================
CVE-2026-5281 — MITRE ATT&CK Mapping
=================================================================
Severity: Critical (9.8)
ATT&CK Data: MITRE STIX feed (live) | Last updated: 2026-04-02 | 691 techniques
Mapped ATT&CK Technique(s):
[1] T1068 — Exploitation for Privilege Escalation
Tactic: Privilege Escalation
Description: Adversaries may exploit software vulnerabilities to elevate privileges...
Mitigation: Apply patches promptly, use least-privilege principles, enable exploit protection...
ATT&CK URL: https://attack.mitre.org/techniques/T1068
This project ships with a Security Posture & Threat Awareness Guide — required reading before deploying, forking, or distributing this tool.
📄 Read the Security Posture Guide →
Topics covered include: credential management, input validation, dependency security, scheduler and cron hardening, AI-assisted attack vectors against open source projects, GitHub Actions supply chain security, forking responsibilities, and your ongoing maintenance responsibilities as a user.
- Your CVE database is encrypted locally with a key only you hold
- No data is sent to any external server beyond the official NVD, MITRE, and news source APIs
- No account, no registration, no telemetry
- The CI/CD pipeline uses a completely separate throwaway encryption key that cannot open any user's local database
Every external connection this tool makes uses HTTPS. No http:// connections are made at any point — not for CVE data, not for news feeds, not for ATT&CK data. URLs are validated before storage. If you fork or extend this tool, maintain this standard. Pull requests containing http:// data sources will not be accepted.
This tool, like any software, requires active maintenance to stay secure. Dependencies are updated regularly and security patches are published when vulnerabilities are found. You are responsible for keeping your installation current.
# Check for updates before each use, or at minimum monthly
git pull origin main
pip3 install -r requirements.txt --break-system-packages
pytestIf a dependency in this tool receives a CVE, a patch will be published. The tool will not notify you automatically unless you have configured notifications — which is why checking for updates on a regular schedule matters.
Your CVE database is encrypted and stored locally. Back it up regularly — if your drive fails or your encryption key is lost, the database cannot be recovered.
Run a manual backup anytime:
# macOS / Linux
python3 db_backup.py
# Windows
python db_backup.pyBackups are saved to the backups/ folder. The tool keeps up to 30 backups and removes older ones automatically.
Automated backups run every night at 02:00 if you have the scheduler enabled — no action required.
🔑 Your backup files are encrypted with the same key as your live database. Store your
DB_ENCRYPTION_KEYin a password manager — without it, neither your live database nor your backups can be opened.
For experienced users:
# Clone the repository
git clone https://github.com/commit-issues/cve-security-monitor.git
cd cve-security-monitor
# Create a virtual environment (recommended)
python3 -m venv venv
source venv/bin/activate # macOS / Linux
venv\Scripts\activate # Windows
# Install dependencies
pip3 install -r requirements.txt
# Run the tool — setup wizard launches automatically on first run
python3 run.pyThe setup wizard handles database creation, encryption key setup, and initial data fetch automatically.
🔒 Your data stays yours. The database is created locally on your machine, encrypted with a key you set. Nothing is sent to any server. Every user gets their own isolated, encrypted local database.
For beginners: See the Detailed Installation Guide below.
This tool works on:
- ✅ Windows (10/11)
- ✅ macOS (10.15+)
- ✅ Linux (Ubuntu, Debian, Fedora, etc.)
You'll need:
- Python 3.8 or higher
- Internet connection (for fetching CVE and news data)
- A terminal or command prompt
Don't have Python?
- Windows: Download from python.org — check "Add Python to PATH" during installation
- macOS: Pre-installed, or
brew install python3 - Linux: Usually pre-installed, or
sudo apt install python3 python3-pip
- Windows: Press
Windowskey → typecmd→ press Enter - macOS: Press
Cmd + Space→ typeterminal→ press Enter - Linux: Press
Ctrl + Alt + T
git clone https://github.com/commit-issues/cve-security-monitor.git
cd cve-security-monitorNo Git? Download the ZIP from GitHub → click the green Code button → Download ZIP → extract it → navigate to the folder in your terminal.
A virtual environment keeps this tool's dependencies isolated from the rest of your system. Recommended for every Python project.
# macOS / Linux
python3 -m venv venv
source venv/bin/activate
# Windows
python -m venv venv
venv\Scripts\activateYou'll see (venv) in your terminal prompt when it's active. Always activate it before running the tool.
# macOS / Linux
pip3 install -r requirements.txt
# Windows
pip install -r requirements.txtAn NVD API key gives you 100 requests per 30 seconds instead of 5 — dramatically faster fetching.
- Go to https://nvd.nist.gov/developers/request-an-api-key
- Fill in your email and a brief reason (e.g.
Educational security monitoring) - Check your email for a verification link — click it
- Your key appears on screen — copy it and store it in a password manager immediately
⚠️ Treat your API key like a password. Never paste it into GitHub, a public chat, or anywhere visible to others.
macOS / Linux:
nano .envWindows:
notepad .envAdd these two lines — replace the placeholders with your actual values:
NVD_API_KEY=your-nvd-api-key-here
DB_ENCRYPTION_KEY=your-strong-passphrase-here
Your DB_ENCRYPTION_KEY is a passphrase you create. Make it at least 16 characters with mixed letters, numbers, and symbols. Example: x9#mK2@pLqR7$wNv. Store it in your password manager — if you lose it, your database cannot be recovered.
Save and close the file. Verify it saved:
# macOS / Linux
cat .env
# Windows
type .env🔒
.envis already in.gitignore— it will never be accidentally committed to GitHub.
# macOS / Linux
python3 run.py
# Windows
python run.pyThe setup wizard launches automatically on first run and handles everything from here.
| What you want to do | macOS / Linux | Windows |
|---|---|---|
| Launch main menu | python3 run.py |
python run.py |
| Fetch latest CVEs (last 7 days) | python3 src/cve_scraper.py |
python src/cve_scraper.py |
| Fetch CVEs from last 30 days | python3 src/cve_scraper.py 30 |
python src/cve_scraper.py 30 |
| Fetch security news (last 48h) | python3 src/news_scraper.py 48 |
python src/news_scraper.py 48 |
| Open interactive viewer | python3 view_cves.py |
python view_cves.py |
| Full report (no menu) | python3 view_cves.py full |
python view_cves.py full |
| Re-run setup wizard | Select [7] from main menu |
Select [7] from main menu |
| Force refresh ATT&CK data | Select [6] from main menu |
Select [6] from main menu |
Option [8] in the viewer opens search. You can look up by:
- CVE ID —
CVE-2026-5281or just2026-5281 - Vendor —
microsoft,apple,cisco,citrix - Keyword —
remote code execution,privilege escalation,zero-day
Results are sorted by severity — most critical matches first.
Option [5] maps any CVE to real ATT&CK techniques. Enter a CVE ID and see the mapped technique, tactic, description, recommended mitigation, and a direct link to the ATT&CK entry. The lookup shows data source and last refresh date so you always know how current your data is.
Option [E] in the viewer opens the export menu. Three formats available:
| Format | Best For |
|---|---|
| CSV | Spreadsheets, Excel, data analysis |
| JSON | Developers, scripting, integrations |
| Reports, sharing, presentations |
PDF reports come in two themes:
- Dark — navy/purple, terminal aesthetic
- Light — clean editorial white, professional reports
Every PDF includes 7 sections: cover stats, critical/high CVEs, exploit maturity, top vendors, CISA KEV alerts, tool dependency alerts, and report metadata.
Exports are saved to the exports/ folder on your machine — never uploaded anywhere.
| OS | How to open a link |
|---|---|
| Windows | Direct click in Windows Terminal or PowerShell |
| macOS | CMD + Click |
| Linux | Ctrl + Click in most terminals |
macOS note: The built-in Terminal app requires
CMD + Click. For single-click links, use iTerm2 (free).
cve-security-monitor/
│
├── 📄 README.md # This file
├── 📄 LICENSE # MIT License
├── 📄 requirements.txt # Pinned Python dependencies
├── 📄 .gitignore # Files Git will never commit
├── 📄 .env # Your keys (never commit this)
├── 📄 pytest.ini # Test configuration
│
├── 🗄️ schema.sql # Database schema (no FK on news table)
├── 🐍 init_db.py # Database initialization
├── 🐍 setup_wizard.py # First-run setup wizard
├── 🐍 db_utils.py # Database helper functions
├── 🐍 run.py # Main launcher ⭐
├── 🐍 view_cves.py # Interactive CVE viewer
├── 🐍 migrate_remove_news_fk.py # One-time migration script
│
├── 📁 src/
│ ├── 🐍 cve_scraper.py # NVD CVE fetcher (HTTPS only)
│ ├── 🐍 news_scraper.py # 17-source threat intel scraper (HTTPS only)
│ └── 🐍 mitre_attack.py # MITRE ATT&CK live STIX mapping
│
├── 📁 tests/
│ └── 🐍 test_database_pytest.py # 15 automated tests
│
├── 📁 data/ # Cached MITRE STIX data (auto-managed, gitignored)
│
└── 📁 docs/
├── 📄 security_posture.md # Security guide — read before forking
├── 📄 SCHEMA.md # Database structure details
└── 📄 QUICK_REFERENCE.md # Quick command reference
This project is currently in active development. Contributions are welcome with the following requirements:
- All data sources and API calls must use HTTPS — no exceptions
- New dependencies must be pinned to exact versions in
requirements.txt - All tests must pass before submitting a PR (
pytest) pip auditmust return no critical vulnerabilities- Read the Security Posture Guide before contributing
To contribute:
- Fork the repository
- Create a feature branch (
git checkout -b feature/your-feature) - Commit your changes with a descriptive message
- Push and open a Pull Request
🔒 Pull requests containing
http://data source URLs, hardcoded credentials, or unpinned dependencies will not be accepted.
MIT License — see LICENSE for details.
- ✅ Free to use, modify, and distribute
- ✅ Credit the original author: SudoChef / commit-issues
- ✅ Keep the original license notice
- ❌ No warranty or liability
- National Vulnerability Database (NVD) — Free, comprehensive CVE data
- MITRE Corporation — CVE standard and ATT&CK framework
- CISA — Known Exploited Vulnerabilities catalog and advisories
- The InfoSec Community — For the research, transparency, and shared knowledge that makes tools like this possible
- OwlSec — For inspiring creativity and creating opportunities
- Anthropic's Claude — For development assistance
SudoCode by SudoChef (commit-issues)
- 🐙 GitHub: @commit-issues
- 📸 Instagram: @sudochef
- 🎵 TikTok: @sudochef
Questions or issues? Open a GitHub issue or reach out on Instagram or TikTok.
SudoCode — Built with 💜 by SudoChef
Making security intelligence accessible to everyone building things.