Welcome to VulnTrack
VulnTrack is an open-source vulnerability management platform designed for security teams who value precision and improved workflows. Unlike traditional CVE trackers, VulnTrack integrates multiple risk scoring frameworks into a unified remediation workflow, empowering teams to make data-driven security decisions.Quick Start
Get up and running in minutes with your first vulnerability entry and risk assessment
Installation Guide
Complete setup instructions for local development and production deployment
API Reference
Explore server actions and data models for custom integrations
Deployment Guide
Deploy VulnTrack with Docker or in production environments
Why VulnTrack?
VulnTrack addresses the limitations of scattered vulnerability tracking tools by providing a comprehensive platform that combines:Unified Risk Scoring
Make informed remediation decisions with multiple risk assessment frameworks:- DREAD - Quantitative internal triage scoring across 5 dimensions (Damage, Reproducibility, Exploitability, Affected Users, Discoverability)
- STRIDE - Threat modeling classification (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege)
- CVSS v3.1 - Industry-standard scoring for external compliance and reporting
Automated CVE Import
Seamlessly fetch vulnerability data from multiple sources:- VulnCheck API - Primary source with real-time updates
- NIST NVD - Fallback to official National Vulnerability Database
- KEV Detection - Automatic flagging of Known Exploited Vulnerabilities
- Auto-populated fields - CVE descriptions, CVSS scores, affected systems, and references
Team Collaboration
Built for security teams with multi-user workflows:- Team-based workspaces with strict data isolation
- Role-based access control (Admin, Analyst, Viewer)
- Invitation-only registration for controlled access
- Assignment system with email notifications
- Approval workflow for vulnerability submissions
- Collaborative commenting on vulnerability entries
Reporting & Compliance
Generate professional reports for stakeholders:- PDF exports with executive summaries
- CSV exports for data analysis
- Audit logging for compliance tracking
- Activity timelines for each vulnerability
Developer Experience
Modern stack optimized for extensibility:- Next.js 14 with App Router and Server Actions
- TypeScript for type safety
- PostgreSQL with Prisma ORM
- Dark-mode first UI built with Radix UI and Tailwind CSS
- Professional blog system (VulnTrack Research) with MDX support
Key Features at a Glance
Vulnerability Management
Vulnerability Management
- Create, update, and track vulnerabilities
- Import CVEs automatically from NIST/VulnCheck
- Assign vulnerabilities to team members
- Status tracking (Open, In Progress, Remediated, Accepted)
- Rich metadata including affected systems, mitigations, and references
Risk Scoring
Risk Scoring
- DREAD calculator with interactive sliders
- STRIDE threat classification checkboxes
- Automatic CVSS v3.1 import from CVE databases
- Visual risk indicators and severity badges
Team Features
Team Features
- Multi-tenant architecture with team isolation
- Invitation-based user management
- Role-based permissions (Admin, Analyst, Viewer)
- Real-time notifications for assignments and updates
- Comment threads on vulnerabilities
Security & Compliance
Security & Compliance
- Approval workflow for vulnerability submissions
- Comprehensive audit logging
- Secure authentication with NextAuth.js
- Data isolation between teams
- Password recovery system
What You’ll Build With VulnTrack
Whether you’re managing vulnerabilities for a small team or an enterprise, VulnTrack scales to your needs:Security Teams
Centralized vulnerability tracking with team collaboration
Compliance Officers
Audit trails and executive reports for regulatory requirements
Penetration Testers
Document findings with DREAD/STRIDE scoring and evidence
Next Steps
Start the Quickstart
Create your first vulnerability and apply risk scoring
Install Locally
Set up VulnTrack on your development environment
VulnTrack is MIT licensed and actively maintained on GitHub. Contributions welcome!