A premium, zero-server vulnerability intelligence dashboard that aggregates security advisories from CISA KEV, Red Hat, major Linux distributions, databases, and package ecosystems into a stunning, interactive interface with optional asset exposure scanning.
Onyx is a next-generation vulnerability intelligence platform that provides:
- โ Complete OSV.dev Integration - Multi-ecosystem vulnerability data
- โ Asset Exposure Scanning - IP & domain security assessment (API-enabled)
- โ Premium UI/UX - Glassmorphism design with light/dark themes
- โ Zero-Server Architecture - Fully static, GitHub Pages deployment
- โ Automated Updates - GitHub Actions refresh every 6 hours
- โ Advanced Analytics - Interactive charts and severity distributions
- โ Smart Filtering - Search, filter by severity, time ranges
- โ 100% Private - No tracking, no cookies, client-side only
- CISA KEV - Known Exploited Vulnerabilities (U.S. Cybersecurity)
- Red Hat Enterprise Linux - Enterprise security advisories
- AlmaLinux - RHEL-compatible distribution
- Rocky Linux - Enterprise-grade alternative
- Debian - Stable and testing security
- Ubuntu - Canonical security updates
- SUSE Linux - Enterprise and openSUSE
- Alpine Linux - Container-focused security
- Amazon Linux - AWS-optimized distribution
- Arch Linux - Rolling release security
- Fedora - Community-driven updates
- Oracle Linux - Enterprise compatibility
- MySQL - World's most popular open-source database
- PostgreSQL - Advanced open-source database
- Redis - In-memory data structure store
- MongoDB - NoSQL document database
- npm - Node.js packages
- PyPI - Python packages
- Maven - Java/JVM packages
- NuGet - .NET packages
- RubyGems - Ruby packages
- Go Modules - Go packages
- Cargo - Rust packages (crates.io)
- Composer - PHP packages (Packagist)
- Glassmorphism Design - Modern backdrop blur effects
- Light/Dark Themes - Seamless theme switching with localStorage persistence
- Smooth Animations - Micro-interactions and hover effects
- Responsive Layout - Perfect on desktop, tablet, and mobile
- Interactive Charts - Chart.js visualizations for severity and source distribution
- Advanced Search - Real-time filtering across CVE IDs, packages, descriptions
- Pagination - Efficient browsing of large datasets
Scan IP addresses and domains for:
- Exposed Services - Port scanning and service detection
- Certificate Enumeration - SSL/TLS certificate analysis
- Risk Scoring - Automated security risk assessment
- Export Capabilities - JSON and CSV export
Supported APIs:
- Censys Search API - Primary option (free tier available)
- Shodan API - Alternative option (free tier available)
Security: API keys stored as GitHub Secrets, injected at build time, never exposed in frontend.
๐ View Live Dashboard
No installation required - just open and explore!
Click the Fork button at the top of this page.
- Go to Settings โ Actions โ General
- Set Workflow permissions to "Read and write permissions"
- Check "Allow GitHub Actions to create and approve pull requests"
- Go to Settings โ Pages
- Set Source to "GitHub Actions"
- Go to Settings โ Secrets and variables โ Actions
- Add the following secrets:
CENSYS_API_ID- Your Censys API IDCENSYS_API_SECRET- Your Censys API SecretSHODAN_API_KEY- Your Shodan API Key (alternative)
- Go to Actions โ "๐ Onyx OSV Intelligence Feed"
- Click "Run workflow" โ "Run workflow"
- Visit
https://yourusername.github.io/repository-name/
- Schedule: Every 6 hours (configurable in
.github/workflows/osv-feed-update.yml) - Manual Trigger: Available via GitHub Actions workflow dispatch
- Data Freshness: Typically less than 6 hours old
All data is fetched from authoritative sources:
- OSV.dev - Open Source Vulnerabilities database
- CISA - Known Exploited Vulnerabilities catalog
- Red Hat Security - Enterprise security advisories
- Linux Distribution Security Teams - Official security feeds
- Light Mode - Clean, professional white theme (default)
- Dark Mode - Sleek, modern dark theme
- Auto-persistence - Theme preference saved in localStorage
- Smooth transitions - Animated theme switching
- Gradient Backgrounds - Dynamic color gradients
- Glassmorphism Cards - Backdrop blur with transparency
- Micro-animations - Hover effects and transitions
- Color-coded Severity - Instant visual threat assessment
- Responsive Grid - Adaptive layouts for all screen sizes
- Real-time Search - Instant filtering as you type
- Multi-filter Support - Combine search, severity, and time filters
- Modal Details - Rich vulnerability information popups
- Chart Visualizations - Severity and source distribution
- Pagination - Efficient navigation through large datasets
- Keyboard Shortcuts - ESC to close modals, / to focus search
- โ No Backend - Everything runs in your browser
- โ No Data Collection - Zero tracking or analytics
- โ No Cookies - Only localStorage for theme preference
- โ No External Requests - All data loaded from static files
- โ Open Source - Fully auditable code
- โ GitHub Secrets - API keys never in code
- โ Build-time Injection - Keys injected during deployment
- โ Input Validation - Regex validation for IPs and domains
- โ CSP Headers - Content Security Policy enabled
- Dashboard - Overview with statistics and charts
- Source Tabs - Individual vulnerability feeds
- Asset Scanner - IP/domain exposure scanning
- Search Box - Enter CVE ID, package name, or keywords
- Severity Filter - Filter by Critical, High, Medium, Low
- Time Filter - Show vulnerabilities from last 7, 30, or 90 days
- Reset Button - Clear all filters
- Click any vulnerability card to open detailed modal
- View full description, CVSS scores, references, affected packages
- Click reference links to visit official sources
- Navigate to Asset Scanner tab
- Enter IP address or domain name
- Click Scan Asset
- View results and export as JSON or CSV
| Component | Technology |
|---|---|
| Frontend | HTML5, CSS3, Vanilla JavaScript |
| Styling | Custom CSS with Glassmorphism |
| Charts | Chart.js 4.4.0 |
| Fonts | Google Fonts (Inter) |
| Automation | GitHub Actions, Python 3.11 |
| Data Processing | Python (requests, zipfile) |
| Hosting | GitHub Pages |
| Data Sources | OSV.dev, CISA, Red Hat Security |
VulnFeed-main/
โโโ .github/
โ โโโ workflows/
โ โโโ osv-feed-update.yml # Automated data fetching
โโโ data/ # Vulnerability JSON files
โ โโโ cisa-kev.json
โ โโโ redhat-cves.json
โ โโโ almalinux.json
โ โโโ debian.json
โ โโโ ... (other ecosystems)
โโโ scripts/
โ โโโ fetch_osv_data.py # Data fetching script
โ โโโ generate_stats.py # Statistics generation
โโโ index.html # Main dashboard
โโโ app.js # Application logic
โโโ favicon.ico # Site icon
โโโ README.md # This file
โโโ LICENSE # Apache 2.0 License
Edit .github/workflows/osv-feed-update.yml:
schedule:
- cron: '0 */6 * * *' # Every 6 hours
# Change to:
- cron: '0 */12 * * *' # Every 12 hours
# Or:
- cron: '0 0 * * *' # Daily at midnightEdit scripts/fetch_osv_data.py:
OSV_ECOSYSTEMS = [
'AlmaLinux',
'Debian',
# Add your ecosystem:
'YourEcosystem',
]Edit CSS variables in index.html:
:root[data-theme="light"] {
--accent: #6366f1; /* Primary color */
--accent-hover: #4f46e5; /* Hover color */
/* ... other variables */
}We welcome contributions! Here's how you can help:
- Found a bug? Open an issue
- Have a feature idea? Share your suggestions!
- Improve UI/UX design
- Add new data sources
- Optimize performance
- Enhance mobile experience
- Add new features
- Star โญ the repository
- Share with your security team
- Write blog posts or tutorials
- Provide feedback and suggestions
Licensed under the Apache 2.0 License - see LICENSE file.
- CISA KEV - Public domain (U.S. Government data)
- Red Hat Data - Used under appropriate licenses
- OSV.dev Data - Open Source Vulnerabilities database
- Linux Distribution Data - Respective distribution security feeds
- CISA - For maintaining the Known Exploited Vulnerabilities catalog
- Red Hat - For enterprise security advisories and transparency
- OSV.dev - For comprehensive open source vulnerability data
- Linux Distributions - For their security teams and public advisories
- GitHub - For Pages and Actions infrastructure
- Security Community - For contributions and feedback
Project: Onyx Vuln Intelligence Dashboard
Repository: GitHub
Issues: Report a Bug
Discussions: Join the Conversation
- Threat prioritization and tracking
- Patch management workflows
- Incident response planning
- CISA BOD 22-01 compliance
- Multi-OS environment monitoring
- Database security tracking
- Package ecosystem vulnerability management
- Asset exposure assessment
- Vulnerability trend analysis
- Threat intelligence gathering
- Cross-ecosystem research
- Exploit tracking
- Patch prioritization
- Vendor-specific monitoring
- Compliance reporting
- Security posture assessment
If you find Onyx Intelligence useful for your security workflow, please give it a โญ!
Your support helps others discover the project and contributes to its development.
Helping professionals stay ahead of threats across enterprise environments, Linux distributions, databases, and package ecosystems.
Live Demo โข Report Bug โข Request Feature โข View Source
- SBOM Upload - Upload and analyze Software Bill of Materials
- Local Agent - Offline scanning script for air-gapped environments
- MITRE ATT&CK Mapping - Link vulnerabilities to attack techniques
- Email/Webhook Notifications - Automated risk alerts
- Custom Dashboards - User-configurable views
- Historical Trends - Vulnerability timeline analysis
- API Endpoint - RESTful API for integration
- Browser Extension - Quick vulnerability lookup
Last Updated: 2025-12-04
Version: 2.0.0 - Onyx Intelligence Edition