Gather and update all available and newest CVEs with their PoC.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Asset inventory of over 800 public bug bounty programs.

Integrates Dependency-Check reports into SonarQube

《macOS软件安全与逆向分析》随书源码

Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Monitoring exploits & references for CVEs

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Find CVE PoCs on GitHub

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.

Trickest Workflow for discovering log4j vulnerabilities and gathering the newest community payloads.

A Java library for parsing and programmatically using threat models

Integrates OWASP Zed Attack Proxy reports into SonarQube

A collection of cyber security books

A simple Java command-line utility to mirror the entire contents of VulnDB.

The official repository of "GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics". The paper will appear in the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023.

A Github repository I created while studying the Software Security course on Coursera. I made the repository public to discuss solutions with like-minded developers.

Vendor-Neutral Security Tool Automation Controller (over REST)