Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

cwe_checker finds vulnerable patterns in binary executables

The Correlated CVE Vulnerability And Threat Intelligence Database API

OSINT tool - gets data from services like shodan, censys etc. in one app

VULNRΞPO - Free vulnerability report generator and repository end-to-end encrypted. Complete templates of issues, CWE, CVE, MITRE ATT&CK, PCI DSS, issues import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/PDF report, attachments, automatic changelog, statistics, vulnerability management, methodologies and much more!

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

The goal of this project is to provide additional features on top of the existing npm audit options

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions

Collection of CVEs from Sick Codes, or collaborations on https://sick.codes security research & advisories.

"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Open Source Tool - Cybersecurity Graph Database in Neo4j

Repository for "SecurityEval Dataset: Mining Vulnerability Examples to Evaluate Machine Learning-Based Code Generation Techniques" published in MSR4P&S'22.

Development of the NIST vulnerability data ontology (Vulntology).

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Daily archiver & triage issue creator for new releases of CISA's Known Exploited Vulnerabilities list

Sonarqube cloudformation plugin, IaC security supports cfn-nag/checkov

WebGoat.NETCore - port of original WebGoat.NET to .NET Core