Skip to main content

Cve/researcher

@swamp/cve/researcherv2026.06.25.1· 11d agoMODELSWORKFLOWSREPORTS
01README

Daily CVE research pipeline — queries NVD, GitHub Advisory DB, and CISA KEV for HIGH/CRITICAL vulnerabilities, classifies them by real-world impact (supply-chain, infrastructure, open-source library, vendor product), and scores each for actionability to identify which CVEs warrant a dedicated swamp scanner extension.

Methods

  • research — query all three CVE sources, filter by lookback window and severity, deduplicate, classify, score, and persist results with state tracking for idempotent alerting

Report

Generates a markdown report grouped by actionability:

  • Extension Candidates (score 7+) — detailed with scoring breakdown
  • Monitor (score 4–6) — worth tracking
  • Patch Only (<4) — summary counts by classification

Workflow

Bundled cve-research workflow runs the research method and posts a rich Discord embed summary via @keeb/discord. Designed to run daily in a GitHub Action on a cron schedule.

Environment Variables

  • NVD_API_KEY — NVD API key for higher rate limits (optional)
  • DISCORD_WEBHOOK_URL — Discord webhook URL for notifications (required by workflow)
02Models1
@swamp/cve/researcherv2026.06.25.1cve_research.ts
fn research()
Query NVD, GitHub Advisory DB, and CISA KEV for HIGH/CRITICAL CVEs. Reports all CVEs published within the lookback window (default: last 24h). Tracks seen IDs to flag which ones are new.

Resources

results(infinite)— CVE research results with all CVEs in the lookback window
03Workflows1
@swamp/cve/researcher610db2a0-b1cf-482b-869f-6ed73f4b350e

Daily CVE research — queries NVD, GitHub Advisory DB, and CISA KEV for new HIGH/CRITICAL vulnerabilities

researchQuery CVE sources and generate report
1.scancve-watcher.research— Query NVD, GitHub Advisory DB, and CISA KEV for recent HIGH/CRITICAL CVEs
2.notify-discorddiscord-cve-alerts.sendFromEnv— Post summary to Discord
04Reports1
@swamp/cve/researcher-reportmethod
cve_research_report.ts

Markdown CVE research report with real-world classification and actionability scoring

securitycveresearch
05Stats
A
100 / 100
Downloads
1
Archive size
27.9 KB
Verified by Swamp
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types (deprecated)1/1earned
  • Dependencies pass trust audit2/2earned
  • Has description1/1earned
  • Platform support declared (or universal)2/2earned
  • License declared1/1earned
  • Verified public repository2/2earned
06Platforms
07Labels