Summary

OpenThreat is a free, open-source platform designed to democratize threat intelligence by aggregating and presenting CVE and security threat data. It targets security professionals, small businesses, and non-profits, offering a clear, actionable interface to manage vulnerability information from trusted public sources.

How It Works

The platform features a modern architecture with a Next.js 14 frontend and a FastAPI backend, communicating via a REST API. Background tasks are managed by Celery, and an LLM service provides enhanced CVE descriptions. Data is persisted in PostgreSQL, with Redis used for caching and task queues. It aggregates data from NVD, CISA KEV, and BSI CERT-Bund, employing a priority scoring algorithm that considers exploitation, CVSS, and recency.

Quick Start & Requirements

Prerequisites include Docker Desktop, Python 3.13+, Node.js 18+, and PostgreSQL 16. Setup involves cloning the repository, starting infrastructure with docker-compose up -d, and then configuring the backend (pip install, alembic upgrade head) and frontend (npm install). Data population can be done via API endpoints or CLI scripts, with an optional NVD API key significantly speeding up the process. Official documentation is available via links to QUICK_START.md, docs/ARCHITECTURE.md, and nginx/README.md.

Highlighted Details

• Aggregates over 314,000 CVEs from NVD, CISA KEV, and BSI CERT-Bund.
• Features a priority scoring algorithm combining exploitation, CVSS, and recency.
• Includes LLM-powered descriptions for CVEs and German advisories.
• Provides a REST API with over 20 endpoints and RSS/Atom feeds for monitoring.
• Modern web interface built with Next.js 14 and TailwindCSS.

Maintenance & Community

Contributions are guided by CONTRIBUTING.md. Contact is available via email (hoodinformatik@gmail.com) and GitHub (@hoodinformatik). While no explicit community channels like Discord or Slack are listed, GitHub issues serve as a primary point for bug reports and feature requests.

Licensing & Compatibility

The project is licensed under the Apache License 2.0. This license is permissive and generally compatible with commercial use and linking within closed-source projects.

Limitations & Caveats

The initial setup for populating the CVE database can be time-consuming, potentially taking hours without an NVD API key. There's a minor discrepancy between the Python version badge (3.11+) and the Quick Start prerequisite (3.13+). Local development with Nginx is optional but recommended for replicating the production environment.