About OpenThreat

Democratizing threat intelligence for everyone - from security professionals to small businesses and non-profits.

Our Mission

Security information shouldn't be locked behind expensive subscriptions or complex technical jargon. OpenThreat makes threat intelligence accessible to everyone by:

  • Aggregating public data sources - We collect vulnerability information from CISA, NVD, and other trusted public sources
  • Explaining in plain language - No security degree required. We translate technical details into actionable advice
  • Prioritizing what matters - Our scoring system helps you focus on the most critical threats first
  • Staying free and open-source - Security is a right, not a privilege. Our code and data are always free

Security Professionals

  • • Comprehensive CVE database
  • • Priority scoring for triage
  • • REST API for integration
  • • RSS feeds for monitoring
  • • Advanced search & filtering

Small Businesses & NGOs

  • • Free and easy to use
  • • Plain-language explanations
  • • Clear action recommendations
  • • No security expertise needed
  • • Self-hosted option available

Developers

  • • Open-source codebase
  • • Well-documented API
  • • Extensible architecture
  • • Multiple data connectors
  • • Docker deployment

Data Sources

We aggregate data from trusted public sources

CISA Known Exploited Vulnerabilities (KEV)

The U.S. Cybersecurity and Infrastructure Security Agency maintains a catalog of vulnerabilities actively exploited in the wild.

National Vulnerability Database (NVD)

NIST's comprehensive database of CVEs with CVSS scores, CWE classifications, and affected products.

CVE Search (CIRCL)

European CVE search engine providing additional vulnerability metadata and cross-references.

MITRE ATT&CK Framework

Knowledge base of adversary tactics and techniques based on real-world observations.

How It Works

1

Data Collection

We automatically collect vulnerability data from multiple public sources every few hours.

2

Deduplication & Enrichment

We merge data from different sources, remove duplicates, and enrich with additional context.

3

Priority Scoring

Our algorithm calculates priority scores based on exploitation status (50%), CVSS score (40%), and recency (10%).

4

Plain-Language Translation

We generate easy-to-understand explanations and action recommendations for each vulnerability.

5

Accessible Interface

Everything is presented through our web interface, API, and RSS feeds - choose what works best for you.

Get Involved

OpenThreat is open-source and community-driven. We welcome contributions!

View on GitHubContact Us

License & Legal

Open Source License

OpenThreat is licensed under the Apache License 2.0. You're free to use, modify, and distribute this software, even for commercial purposes.

Data Sources

All vulnerability data comes from public sources. We do not store or distribute any proprietary or confidential information.

Disclaimer

While we strive for accuracy, this information is provided "as is" without warranty. Always verify critical security information with official sources.