🛡️ Vulnerability & Security Intel Aggregator

🚀 Query 5 authoritative security feeds in one run. GitHub GHSA advisories, MITRE ATT&CK techniques, Exploit-DB exploits, OpenSSF Scorecard projects and URLhaus malware URLs - aggregated, normalized, exported.

🕒 Last updated: 2026-05-27 · 📊 10 fields per record · 5 sources · global vulnerability, exploit, malware and supply-chain intelligence

The Vulnerability & Security Intel Aggregator queries five independent security data sources in parallel and returns a unified stream of records. Each record is tagged with its source so you can filter, dedupe or split by platform downstream.

The combination spans coordinated disclosures (GHSA), adversary tradecraft (MITRE ATT&CK), proof-of-concept exploits (Exploit-DB), open-source supply-chain hygiene (OpenSSF Scorecard) and active malware infrastructure (URLhaus).

🎯 Target Audience	💡 Primary Use Cases
SOC / DFIR / threat intel teams	Daily intel feed
AppSec / DevSecOps	Dependency risk scoring
Red teams / pentesters	Exploit and TTP lookup
CTI vendors and researchers	Cross-source enrichment

📋 What the Vulnerability & Security Intel Aggregator does

• Queries up to 5 distinct security APIs and feeds in parallel (Promise.allSettled)
• Applies a unified keyword across every source that exposes search
• Normalizes every record to the same 10-field shape
• Returns one tagged stream - source: ghsa | mitre | exploitdb | openssf | urlhaus
• Continues with the remaining sources if one fails

💡 Why it matters: one input, one dataset, five authoritative security feeds.

🎬 Full Demo (🚧 Coming soon)

⚙️ Input

Field	Type	Required	Description
query	string	no	Keyword applied to GHSA, MITRE, Exploit-DB
sources	array of enum	no	Subset of ghsa, mitre, exploitdb, openssf, urlhaus
maxItems	integer	no	Free 10 / Paid up to 1,000,000
openssfRepos	array	no	Repos to score against OpenSSF Scorecard
proxyConfiguration	object	no	Apify Proxy (recommended for Exploit-DB)

{
    "maxItems": 20,
    "sources": ["ghsa", "mitre", "exploitdb", "openssf", "urlhaus"]
}

{
    "query": "rce",
    "maxItems": 30,
    "sources": ["ghsa", "exploitdb"]
}

⚠️ Good to Know: OpenSSF Scorecard needs an explicit list of repos. URLhaus and MITRE are public bulk feeds - the keyword is matched client-side.

📊 Output

Field	Type	Description
📡 source	string	ghsa / mitre / exploitdb / openssf / urlhaus
📌 title	string	Advisory summary, technique name, exploit title, repo name, malware host
🔗 url	string	Canonical URL on the source site
🆔 id	string	GHSA ID / Txxxx / EDB ID / repo / URLhaus ID
⚠️ severity	string	critical/high/etc. (GHSA), verified flag (Exploit-DB), URL status (URLhaus)
🏷️ category	string	CWE / technique vs. sub-technique / exploit type / threat type
🕒 date	string	Published / disclosed date
📝 summary	string	Source-specific summary
+ source-specific fields	varies	cveId, platform, score, checks, host, tags, etc.
🕒 scrapedAt	string	ISO timestamp
❌ error	string	Per-source error record (rare)

✨ Why choose this Actor

Differentiator	Detail
🌐 Five sources, one run	Save engineering and credits
🛡️ Resilient	One source failure does not stop the others
⚡ Parallel fetch	Concurrent fetchers
🧩 Unified schema	Same shape for every source
📦 Pay-per-event	Pay only for records collected

📈 How it compares to alternatives

Alternative	This Aggregator
Buy a CTI feed	No subscription, public sources only
Run 5 separate scrapers	Single run, single dataset
Build CVE-correlator yourself	Schema already normalized

🚀 How to use

1. Create a free account w/ $5 credit
2. Open the actor on Apify console
3. Pick sources (default = all 5)
4. Set query, openssfRepos, maxItems
5. Run

💼 Business use cases

SOC and DFIR

Need	How
Daily threat intel feed	Schedule daily, ingest into SIEM
IOC enrichment	Cross URLhaus with internal proxy logs

AppSec / DevSecOps

Need	How
SCA pre-screen	GHSA + OpenSSF for every release
Dependency hygiene	OpenSSF scores on every direct dependency

Red team / pentest

Need	How
TTP lookup	MITRE ATT&CK by keyword
Exploit research	Exploit-DB filtered by CVE / platform

CTI / research

Need	How
Cross-source enrichment	Join GHSA + MITRE + Exploit-DB on CVE
Supply-chain risk model	OpenSSF Scorecard portfolio scoring

🔌 Automating Vulnerability & Security Intel

• Make / Zapier - push every new record to Slack, Jira, ServiceNow
• Slack - daily critical-CVE digest
• Airbyte / Fivetran - sync to your warehouse
• GitHub Actions - fail builds on new high-severity advisory
• Webhooks - push to your SOAR/SIEM

🌟 Beyond business use cases

Research

• Cross-source CVE coverage analysis
• Adversary TTP evolution studies

Personal

• Track CVEs in your stack
• Monitor your favourite OSS projects

Non-profit

• Public-sector vulnerability tracking
• Election-infrastructure monitoring

Experimentation

• LLM-powered advisory triage
• Knowledge graphs across vuln, exploit and TTP

🤖 Ask an AI assistant about this scraper

• Ask ChatGPT
• Ask Claude
• Ask Perplexity
• Ask Microsoft Copilot

❓ Frequently Asked Questions

❓ Which sources? GHSA (GitHub Advisories), MITRE ATT&CK (Enterprise techniques), Exploit-DB, OpenSSF Scorecard, URLhaus.

❓ Can I pick a subset? Yes via the sources array.

❓ Do I need API keys? No. All sources expose public, unauthenticated endpoints.

❓ What if one source fails? Others keep going. The failing source emits an error record.

❓ How do I look up an exploit for a CVE? Pass the CVE as query and limit sources to ["ghsa","exploitdb"].

❓ Why OpenSSF Scorecard? Adds supply-chain hygiene scoring on top of pure vulnerability data.

❓ Is URLhaus output verified? Yes - abuse.ch maintains an active malware URL list.

❓ How fresh is the data? Real-time. Each source is queried live per run.

❓ Pricing model? Pay-per-event: billed per record actually pushed.

❓ Can I schedule it? Yes - use Apify Schedules.

🔌 Integrate with any app

• Make, Zapier, n8n, Pipedream
• Airbyte, Fivetran, Stitch
• Slack, Discord, Microsoft Teams
• Jira, ServiceNow, PagerDuty
• Splunk, Elastic, Datadog
• GitHub Actions, GitLab CI
• Webhooks, REST API, S3, GCS

🔗 Recommended Actors

Actor	Why
MITRE ATT&CK Techniques Scraper	Standalone ATT&CK
Exploit-DB Exploits Scraper	Standalone Exploit-DB
OpenSSF Scorecard Projects Scraper	Standalone OpenSSF
URLhaus Malware URLs Scraper	Standalone URLhaus

💡 Pro Tip: browse the complete ParseForge collection.

🆘 Need Help? Open our contact form

⚠️ Disclaimer: independent tool, not affiliated with GitHub, MITRE, Offensive Security, OpenSSF or abuse.ch. Only publicly available data is collected.