A modern, serverless CVE disclosure platform built for security researchers, bug bounty hunters, and responsible disclosure programs. Compliant with GCVE.EU standards.
This project provides a lightweight, edge-optimized CVE disclosure portal powered by Cloudflare Pages and Workers KV. Perfect for hackathons, security teams, and organizations wanting to establish a transparent vulnerability disclosure process.
- π JWT-based Authentication - Secure admin access control
- π Full CRUD Operations - Create, read, update, and delete CVE entries
- β‘ Edge Computing - Deployed on Cloudflare's global network
- πΎ Serverless Persistence - Workers KV for fast, distributed storage
- π¨ Clean Static UI - Simple, responsive frontend
- π GCVE.EU Compatible - Follows European CVE disclosure standards
- π API-First Design - RESTful endpoints for integration
βββββββββββββββββββ
β Static Frontend β (Cloudflare Pages)
β (public/) β
ββββββββββ¬ββββββββββ
β
ββββββββββΌββββββββββ
β API Layer β (Pages Functions)
β (functions/) β
ββββββββββ¬ββββββββββ
β
ββββββββββΌββββββββββ
β Workers KV β (Distributed Storage)
ββββββββββββββββββββ
Before you begin, ensure you have:
- Node.js 18.x or higher
- Wrangler CLI (
npm install -g wrangler) - Cloudflare Account (free tier works!)
- Basic knowledge of REST APIs and JavaScript
git clone https://github.com/syrex1013/cve-disclosure-site.git
cd cve-disclosure-site
npm installGenerate your admin credentials:
# Generate admin password hash
node -e "console.log(require('crypto').createHash('sha256').update('YourStrongPassword').digest('hex'))"
# Generate JWT secret
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"Create .dev.vars file:
cat > .dev.vars <<'EOF'
ADMIN_PASSWORD_HASH=<your-sha256-hash>
JWT_SECRET=<your-random-hex>
EOFStart the dev server:
npm run devVisit http://localhost:8788 π
# Deploy to Cloudflare Pages
npm run deploy
# Set production secrets
wrangler pages secret put ADMIN_PASSWORD_HASH --project-name=cve-disclosure-site
wrangler pages secret put JWT_SECRET --project-name=cve-disclosure-site| Method | Endpoint | Description |
|---|---|---|
GET |
/api/cves |
List all disclosed CVEs |
GET |
/api/cves/:id |
Get specific CVE details |
| Method | Endpoint | Description |
|---|---|---|
POST |
/api/login |
Admin authentication |
GET |
/api/verify |
Validate JWT token |
POST |
/api/cves |
Submit new CVE disclosure |
PUT |
/api/cves/:id |
Update existing CVE |
DELETE |
/api/cves/:id |
Remove CVE entry |
Get all CVEs:
curl https://your-site.pages.dev/api/cvesLogin:
curl -X POST https://your-site.pages.dev/api/login \
-H "Content-Type: application/json" \
-d '{"password": "YourStrongPassword"}'Create CVE (authenticated):
curl -X POST https://your-site.pages.dev/api/cves \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your-jwt-token>" \
-d '{
"id": "CVE-2024-12345",
"title": "SQL Injection in Example App",
"description": "...",
"severity": "HIGH"
}'This platform is designed to be compatible with GCVE.EU (Global CVE Europe) standards.
If you're integrating with the official GCVE.EU database, reference these endpoints:
- Search CVEs:
GET https://api.gcve.eu/v1/cves?q={query} - Get CVE Details:
GET https://api.gcve.eu/v1/cves/{cve-id} - List Recent:
GET https://api.gcve.eu/v1/cves/recent - Filter by Severity:
GET https://api.gcve.eu/v1/cves?severity={CRITICAL|HIGH|MEDIUM|LOW}
Note: This project provides a self-hosted disclosure portal. For official CVE validation and assignment, coordinate with MITRE or GCVE.EU authorities.
cve-disclosure-site/
βββ functions/ # Serverless API endpoints
β βββ api/
β βββ login.js # Authentication
β βββ verify.js # Token validation
β βββ cves/ # CVE CRUD operations
βββ public/ # Static frontend assets
β βββ index.html # Homepage
β βββ admin.html # Admin dashboard
β βββ styles.css # Styling
βββ docs/ # Documentation & screenshots
βββ wrangler.toml # Cloudflare configuration
βββ package.json # Dependencies
βββ README.md # This file
- β
Never commit secrets -
.dev.varsandCREDENTIALS.mdare gitignored - β Use strong passwords - Minimum 16 characters, mixed case, symbols
- β
Rotate credentials - Change
JWT_SECRETandADMIN_PASSWORD_HASHregularly - β Enable HTTPS only - Cloudflare provides free SSL certificates
- β Rate limiting - Consider adding Cloudflare rate limiting rules
- β Input validation - Sanitize all user inputs (implement in your API)
Speed up your workflow:
- Use the template - Click "Use this template" on GitHub
- Environment variables - Keep them in password manager
- Test locally first -
npm run devcatches issues early - Deploy often - Cloudflare deploys are instant
- Add features - Email notifications, webhooks, Slack integration
Potential Extensions:
- π€ Auto-severity detection with AI
- π§ Email notifications for new CVEs
- π Webhook integrations (Discord, Slack, Teams)
- π Analytics dashboard
- π Advanced search with filters
- π Export to JSON/CSV/PDF
- π Multi-language support
QUICKSTART.md- Fast setup guideSETUP.md- Detailed configuration & troubleshootingAPI.md- Complete API referenceCONTRIBUTING.md- Contribution guidelines
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is open source and available under the MIT License.
- π Documentation
- π¬ GitHub Discussions
- π Issue Tracker
- π GCVE.EU Official Site
- Cloudflare Pages - Static hosting
- Cloudflare Workers - Serverless functions
- Workers KV - Edge storage
- JWT - Authentication
Made with β€οΈ for the security research community
Compliant with GCVE.EU standards | Perfect for hackathons and rapid deployment


