Skip to content

syrex1013/cve-disclosure-site

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

LOGO

πŸ”’ CVE Disclosure Portal

A modern, serverless CVE disclosure platform built for security researchers, bug bounty hunters, and responsible disclosure programs. Compliant with GCVE.EU standards.

Deploy to Cloudflare

πŸš€ Overview

This project provides a lightweight, edge-optimized CVE disclosure portal powered by Cloudflare Pages and Workers KV. Perfect for hackathons, security teams, and organizations wanting to establish a transparent vulnerability disclosure process.

✨ Key Features

  • πŸ” JWT-based Authentication - Secure admin access control
  • πŸ“ Full CRUD Operations - Create, read, update, and delete CVE entries
  • ⚑ Edge Computing - Deployed on Cloudflare's global network
  • πŸ’Ύ Serverless Persistence - Workers KV for fast, distributed storage
  • 🎨 Clean Static UI - Simple, responsive frontend
  • 🌐 GCVE.EU Compatible - Follows European CVE disclosure standards
  • πŸ”Œ API-First Design - RESTful endpoints for integration

πŸ—οΈ Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Static Frontend β”‚ (Cloudflare Pages)
β”‚  (public/)       β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
         β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  API Layer       β”‚ (Pages Functions)
β”‚  (functions/)    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
         β”‚
β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  Workers KV      β”‚ (Distributed Storage)
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ“‹ Prerequisites

Before you begin, ensure you have:

  • Node.js 18.x or higher
  • Wrangler CLI (npm install -g wrangler)
  • Cloudflare Account (free tier works!)
  • Basic knowledge of REST APIs and JavaScript

⚑ Quick Start (Hackathon Ready!)

1️⃣ Clone & Install

git clone https://github.com/syrex1013/cve-disclosure-site.git
cd cve-disclosure-site
npm install

2️⃣ Configure Secrets

Generate your admin credentials:

# Generate admin password hash
node -e "console.log(require('crypto').createHash('sha256').update('YourStrongPassword').digest('hex'))"

# Generate JWT secret
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

3️⃣ Local Development

Create .dev.vars file:

cat > .dev.vars <<'EOF'
ADMIN_PASSWORD_HASH=<your-sha256-hash>
JWT_SECRET=<your-random-hex>
EOF

Start the dev server:

npm run dev

Visit http://localhost:8788 πŸŽ‰

4️⃣ Deploy to Production

# Deploy to Cloudflare Pages
npm run deploy

# Set production secrets
wrangler pages secret put ADMIN_PASSWORD_HASH --project-name=cve-disclosure-site
wrangler pages secret put JWT_SECRET --project-name=cve-disclosure-site

πŸ“‘ API Endpoints

Public Endpoints

Method Endpoint Description
GET /api/cves List all disclosed CVEs
GET /api/cves/:id Get specific CVE details

Protected Endpoints (Require Authentication)

Method Endpoint Description
POST /api/login Admin authentication
GET /api/verify Validate JWT token
POST /api/cves Submit new CVE disclosure
PUT /api/cves/:id Update existing CVE
DELETE /api/cves/:id Remove CVE entry

Example Requests

Get all CVEs:

curl https://your-site.pages.dev/api/cves

Login:

curl -X POST https://your-site.pages.dev/api/login \
  -H "Content-Type: application/json" \
  -d '{"password": "YourStrongPassword"}'

Create CVE (authenticated):

curl -X POST https://your-site.pages.dev/api/cves \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-jwt-token>" \
  -d '{
    "id": "CVE-2024-12345",
    "title": "SQL Injection in Example App",
    "description": "...",
    "severity": "HIGH"
  }'

πŸ‡ͺπŸ‡Ί GCVE.EU Integration

This platform is designed to be compatible with GCVE.EU (Global CVE Europe) standards.

GCVE API Endpoints Reference

If you're integrating with the official GCVE.EU database, reference these endpoints:

  • Search CVEs: GET https://api.gcve.eu/v1/cves?q={query}
  • Get CVE Details: GET https://api.gcve.eu/v1/cves/{cve-id}
  • List Recent: GET https://api.gcve.eu/v1/cves/recent
  • Filter by Severity: GET https://api.gcve.eu/v1/cves?severity={CRITICAL|HIGH|MEDIUM|LOW}

Note: This project provides a self-hosted disclosure portal. For official CVE validation and assignment, coordinate with MITRE or GCVE.EU authorities.

πŸ“‚ Project Structure

cve-disclosure-site/
β”œβ”€β”€ functions/              # Serverless API endpoints
β”‚   └── api/
β”‚       β”œβ”€β”€ login.js        # Authentication
β”‚       β”œβ”€β”€ verify.js       # Token validation
β”‚       └── cves/           # CVE CRUD operations
β”œβ”€β”€ public/                 # Static frontend assets
β”‚   β”œβ”€β”€ index.html          # Homepage
β”‚   β”œβ”€β”€ admin.html          # Admin dashboard
β”‚   └── styles.css          # Styling
β”œβ”€β”€ docs/                   # Documentation & screenshots
β”œβ”€β”€ wrangler.toml           # Cloudflare configuration
β”œβ”€β”€ package.json            # Dependencies
└── README.md               # This file

πŸ”’ Security Best Practices

  • βœ… Never commit secrets - .dev.vars and CREDENTIALS.md are gitignored
  • βœ… Use strong passwords - Minimum 16 characters, mixed case, symbols
  • βœ… Rotate credentials - Change JWT_SECRET and ADMIN_PASSWORD_HASH regularly
  • βœ… Enable HTTPS only - Cloudflare provides free SSL certificates
  • βœ… Rate limiting - Consider adding Cloudflare rate limiting rules
  • βœ… Input validation - Sanitize all user inputs (implement in your API)

🎯 Hackathon Tips

Speed up your workflow:

  1. Use the template - Click "Use this template" on GitHub
  2. Environment variables - Keep them in password manager
  3. Test locally first - npm run dev catches issues early
  4. Deploy often - Cloudflare deploys are instant
  5. Add features - Email notifications, webhooks, Slack integration

Potential Extensions:

  • πŸ€– Auto-severity detection with AI
  • πŸ“§ Email notifications for new CVEs
  • πŸ”— Webhook integrations (Discord, Slack, Teams)
  • πŸ“Š Analytics dashboard
  • πŸ” Advanced search with filters
  • πŸ“„ Export to JSON/CSV/PDF
  • 🌍 Multi-language support

πŸ“š Additional Documentation

πŸ“Έ Screenshots

Homepage

Homepage

Admin Dashboard

Admin login

🀝 Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

πŸ“„ License

This project is open source and available under the MIT License.

πŸ†˜ Support

πŸ† Built With


Made with ❀️ for the security research community

Compliant with GCVE.EU standards | Perfect for hackathons and rapid deployment

About

platform for publishing and tracking security vulnerability disclosures (CVEs).

Topics

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors