A system for storing and managing vulnerability information links with rich metadata. Each CVE has a corresponding YAML file containing curated links to advisories, proof-of-concepts (PoCs), analyses, and patches.
- 🔍 Automated link collection using AI services (Claude WebSearch + Gemini CLI)
- 🏷️ Rich metadata for each link (source type, credibility, PoC details)
- 📝 YAML-based storage with JSON Schema validation
- 🤖 Automated classification of content types
- 🎯 Issue-driven workflow with Claude Code integration
- 🔗 Related vulnerability tracking with
related_tofield - 🧪 Comprehensive test coverage
vulnerability-links/
├── data/ # CVE YAML files (1 CVE = 1 file)
│ └── CVE-YYYY-NNNN.yaml
├── src/
│ ├── lib/ # Core libraries
│ └── cmd/ # CLI commands
├── schemas/ # JSON Schema for validation
├── mcp-server/ # MCP Server for Claude Code integration
│ ├── src/tools/ # PR management and data update tools
│ └── mcp.json # Tool definitions
├── .github/
│ ├── workflows/ # GitHub Actions automation
│ └── ISSUE_TEMPLATE/ # Issue templates for Claude Code
- Install Deno (v1.x or higher)
- Clone this repository
- Set up API keys (see Configuration section)
-
GitHub Issueを作成
- 「New issue」→「脆弱性リンク記録」テンプレートを選択
- 記録したいURLを入力
- 関連情報検索が必要ならチェックボックスをオン
-
Claude Codeが自動処理
- @claudeメンションでClaude Codeが起動
- URLの内容を取得・解析
- 脆弱性IDを抽出
- PRを作成(
enrichment/{CVE-ID}ブランチ) - YAMLファイルを更新
deno run --allow-net --allow-env src/cmd/collect_links.ts CVE-2024-1234Options:
--since: Time range for search (default: 24h)--max: Maximum number of results (default: 50)--out: Output file (default: stdout)
# From command line
deno run --allow-net --allow-read=data --allow-write=data --allow-env \
src/cmd/enrich_links.ts https://example.com/cve-2024-1234
# From stdin
cat urls.txt | deno run --allow-net --allow-read=data --allow-write=data --allow-env \
src/cmd/enrich_links.ts
# Dry run (preview changes)
deno run --allow-net --allow-read=data --allow-write=data --allow-env \
src/cmd/enrich_links.ts --dry-run https://example.com/pocdeno run -A src/cmd/update_links.ts CVE-2024-1234 --since 7d --max 100deno task testdeno task lintANTHROPIC_API_KEY: Required for Claude Code SDK integrationGEMINI_API_KEY: Required for Gemini CLI integration
Defined in deno.json:
deno task lint: Run linterdeno task test: Run testsdeno task collect: Run collect_links commanddeno task enrich: Run enrich_links commanddeno task update: Run update_links command
Each CVE file follows this structure:
links:
- url: https://github.com/researcher/cve-2024-1234-poc
source_type: poc # poc|advisory|blog|analysis|patch|other
language: en
retrieved: 2025-07-26T12:00:00Z
credibility: 0.85 # 0-1 score
poc: # Only for source_type: poc
code_type: [python, http-request]
privilege: unauthenticated # unauthenticated|user|admin|n/a
network: # Only for remote PoCs
protocol: [http, https]
port: [80, 443]The workflow runs nightly to update vulnerability links:
- Scheduled at 2 AM UTC daily
- Can be manually triggered with custom parameters
- Processes a configurable list of CVEs
- Commits changes automatically
- Creates issues on failure
- Update the JSON Schema in
schemas/links-v1.schema.json - Modify the
source_typeenum - Update the classifier in
src/lib/poc_classifier.ts
- Add fields to the
LinkEntryinterface insrc/lib/yaml_io.ts - Update the JSON Schema
- Modify the enrichment logic in
src/cmd/enrich_links.ts
[Your License Here]
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request