GCVE - Software
Open-source GCVE ecosystem
Software for GCVE
Tools, libraries, validators, and integrations that implement GCVE Best Current Practices and help teams publish, curate, enrich, and consume vulnerability information.
BCP-aligned building blocks for distributed vulnerability publication.
GCVE BCP defines standards implemented in open-source software to support GCVE publication processes and operations. The projects below are organized around the same polished, card-based style as the main page so implementers can quickly find production platforms, curation tools, validators, and integration helpers.
Reference Software Implementation of the GCVE Standard
Start here if you want a complete open-source platform for vulnerability publication and GCVE Numbering Authority operations.
Reference implementation
vulnerability-lookup
The Vulnerability-Lookup software is a powerful open-source sharing platform that assists security teams, researchers, and system administrators in identifying, tracking, and publishing vulnerabilities. Vulnerability-Lookup implements the required GCVE BCP standards to operate a GNA.
- GCVE-compatible vulnerability publication workflows.
- Designed for vulnerability intelligence sharing and lookup.
- Suitable as a complete GNA operational platform.
Software Supporting the GCVE BCP Standards
Composable tools for curation, validation, conversion, AI provenance, and client-side integration across GCVE-compatible systems.
CPE and product curation
cpe-editor
A collaborative CPE editor for browsing, curating, and publishing Common Platform Enumeration data with moderation workflows, API access, and portable datasets.
- Browse vendors, products, CPE records, and relationships.
- Review structured public proposals through moderation workflows.
- Import NVD, PURL-to-CPE, and GCVE enriched CVE data.
AI-assisted annotation
AI-Assisted Vulnerability Information Annotation
A Python utility that fetches vulnerability records from db.gcve.eu, generates analyst-oriented summaries and recommendations with a configurable local Ollama model, and records GCVE AI provenance metadata.
- Accepts CVE IDs and GCVE IDs from db.gcve.eu.
- Adds local AI enrichment and BCP-05-X-01 provenance annotations.
- Outputs enriched JSON for review and downstream processing.
BCP-07 KEV assertions
gcve-eu-kev
Python tooling that downloads Known Exploited Vulnerability feeds and converts entries into GCVE-BCP-07 KEV Assertion JSON objects.
- Transforms list-based KEV feeds into attributable assertions.
- Supports ingestion into GCVE-compatible systems and pipelines.
- Helps operational teams preserve structured exploitation context.
Schemas and validation
bcp-validator
Validators and JSON Schemas for GCVE Best Current Practices, built to help producers, consumers, and integrators validate GCVE-related data structures consistently.
- Implementation-oriented validation for BCP data structures.
- Reusable JSON Schemas for automated checks.
- Interoperability support for GCVE producers and consumers.
Python client
gcve
A Python client for the Global CVE Allocation System that can be integrated into software such as Vulnerability-Lookup and used from the command line to query the GCVE GNA directory.
- Provides core GCVE client functionality for applications.
- Follows GCVE Best Current Practices.
- Includes command-line access to the GNA directory.