Post

Discover My OpenCVE Instance

Posted
cve.wilck.io Preview
cve.wilck.io Preview
By Kevin Wilck
2 min read

Hi there! I’m thrilled to walk you through my self-hosted OpenCVE instance at cve.wilck.io. It’s a handy tool for managing vulnerabilities without the hassle of API limits from sources like NVD. Let’s dive into what it’s all about and how it can help you stay on top of CVEs.

What’s OpenCVE?

OpenCVE is an open-source platform that lets you track and manage Common Vulnerabilities and Exposures (CVEs) locally. My instance at cve.wilck.io pulls CVE data from trusted sources like NVD, MITRE, RedHat, and Vulnrichment, storing it in a local PostgreSQL database. Think of it as your personal CVE hub, free from the slowdowns of external APIs.

What Can You Do With It?

With my OpenCVE setup, you can:

  • Search and Filter CVEs: Find vulnerabilities by vendor, product, CVSS score, CWE, or keywords. Checking CVEs for “microsoft:windows_10”? Super easy.
  • Get Alerts: Subscribe to email or webhook notifications for new or updated CVEs affecting your chosen vendors or products.
  • Manage Projects: Organize subscriptions into projects (e.g., for different clients or teams) with custom dashboards and reports.
  • Use the API: Query CVEs programmatically via the REST API at https://cve.wilck.io/api (beta), great for scripting or tool integration.
  • Tag and Organize: Add custom tags like “critical” or “to-fix” to sort CVEs your way.

It’s perfect for security researchers, sysadmins, or anyone who needs quick, reliable CVE data.

Why I Host It Myself

I set up cve.wilck.io to sidestep the API rate limits of public CVE databases like NVD. Those limits can really bog you down if you’re pulling lots of data or running scripts. By hosting OpenCVE with Docker, I get:

  • Unlimited Queries: No more hitting a quota wall.
  • Speedy Access: Local database means fast searches and filters.
  • Privacy: My queries and subscriptions stay private.
  • Flexibility: I can tweak the setup, like adding webhook alerts now and maybe Slack notifications later.

OpenCVE syncs with NVD’s JSON feed every 15 minutes, so the data’s always up to date without relying on throttled APIs.

Wrapping It Up

My OpenCVE instance at cve.wilck.io makes CVE management fast, flexible, and free from API headaches. Anyone can sign up and use it—whether you’re a seasoned pro or just curious about vulnerabilities. Best of all, there’s no API rate limit for now, so you can query to your heart’s content! Want to chat about it or share ideas? Join our Discord server to connect with other security fans. Check out the GitHub repo for more, give it a star if you like it, and let me know your thoughts.

Stay secure,
Kevin

security
Cybersecurity Vulnerability Management OpenCVE API
This post is licensed under CC BY 4.0 by the author.