Aggregates vulnerabilities from 31 security feeds, deduplicates, filters by rule, and pushes Discord notifications.
Zero cost — runs on HostingGuru Free + Turso free tier.
| Group | Interval | Sources |
|---|---|---|
| Fast | 15 min | NVD, CISA KEV, GitHub Advisory, CERT/CC, MITRE, Fortinet, Project Zero, Hacker News, Bleeping Computer, AssureStart |
| Medium | 1 hour | MSRC, Red Hat, Ubuntu, Debian, Cisco PSIRT, Kubernetes, Mozilla, OpenSSL, Juniper, Linux Kernel, WordPress, GitLab, PHP |
| Slow | 24 hours | Oracle CPU, Adobe, Apple, SUSE, Apache, VMware, Docker, Exploit-DB |
- Turso database
npm install -g turso
turso db create vuln-aggregator
turso db show vuln-aggregator --url
turso db tokens create vuln-aggregator- Discord webhook
Create a webhook in your Discord server → copy URL.
- Environment
cp .env.example .envFill in:
TURSO_DB_URLfrom step 1TURSO_DB_TOKENfrom step 1DISCORD_WEBHOOK_URLfrom step 2ADMIN_API_KEY— runopenssl rand -hex 32
- Run
npm install
npm run dev # development with hot reload
npm run build # production build
npm start # run production- Push this repo to GitHub
- Sign up at hostingguru.io (free)
- Connect repo → set env vars → deploy
All endpoints except /health require X-API-Key header.
| Method | Path | Description |
|---|---|---|
| GET | /health |
Liveness probe |
| GET | /api/v1/vulns?severity=&vendor=&source=&page=&limit= |
List vulns |
| GET | /api/v1/vulns/:id |
Vuln detail |
| GET | /api/v1/stats |
Dashboard stats |
| GET | /api/v1/filters |
List filter rules |
| POST | /api/v1/filters |
Create filter rule |
| PUT | /api/v1/filters/:id |
Update filter |
| DELETE | /api/v1/filters/:id |
Delete filter |
| GET | /api/v1/sources |
Source health |
| POST | /api/v1/webhooks/test |
Test Discord |
Each vulnerability is evaluated against enabled rules (AND within rule, OR across rules).
{
"name": "Critical CVEs",
"severityFilter": ["CRITICAL", "HIGH"],
"vendorFilter": ["Microsoft", "Google"],
"keywordFilter": ["remote", "rce"],
"minCvss": 9.0,
"cisaKevOnly": true,
"enabled": true
}MIT