# Vulnerability & Security Intel Aggregator (`parseforge/vulnerability-security-intel-scraper`) Actor Pull live security intel from GitHub Advisories, MITRE ATT\&CK, Exploit DB, OpenSSF Scorecard and URLhaus in one feed. Get CVE IDs, severity, affected packages, threat techniques and active malware URLs. Built for SecOps, threat intel and DevSecOps. - **URL**: https://apify.com/parseforge/vulnerability-security-intel-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Other - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing Pay per usage This Actor is paid per platform usage. The Actor is free to use, and you only pay for the Apify platform usage, which gets cheaper the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-usage ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/ad35ccc13ddd068b9d6cba33f323962e39aed5b2/banner.jpg?raw=true) ## ๐Ÿ›ก๏ธ Vulnerability & Security Intel Aggregator > ๐Ÿš€ **Query 5 authoritative security feeds in one run.** GitHub GHSA advisories, MITRE ATT&CK techniques, Exploit-DB exploits, OpenSSF Scorecard projects and URLhaus malware URLs - aggregated, normalized, exported. > ๐Ÿ•’ **Last updated:** 2026-05-27 ยท **๐Ÿ“Š 10 fields** per record ยท **5 sources** ยท **global vulnerability, exploit, malware and supply-chain intelligence** The Vulnerability & Security Intel Aggregator queries five independent security data sources in parallel and returns a unified stream of records. Each record is tagged with its source so you can filter, dedupe or split by platform downstream. The combination spans coordinated disclosures (GHSA), adversary tradecraft (MITRE ATT&CK), proof-of-concept exploits (Exploit-DB), open-source supply-chain hygiene (OpenSSF Scorecard) and active malware infrastructure (URLhaus). | ๐ŸŽฏ Target Audience | ๐Ÿ’ก Primary Use Cases | |---|---| | SOC / DFIR / threat intel teams | Daily intel feed | | AppSec / DevSecOps | Dependency risk scoring | | Red teams / pentesters | Exploit and TTP lookup | | CTI vendors and researchers | Cross-source enrichment | ### ๐Ÿ“‹ What the Vulnerability & Security Intel Aggregator does - Queries up to 5 distinct security APIs and feeds in parallel (`Promise.allSettled`) - Applies a unified keyword across every source that exposes search - Normalizes every record to the same 10-field shape - Returns one tagged stream - `source: ghsa | mitre | exploitdb | openssf | urlhaus` - Continues with the remaining sources if one fails > ๐Ÿ’ก **Why it matters:** one input, one dataset, five authoritative security feeds. ### ๐ŸŽฌ Full Demo (_๐Ÿšง Coming soon_) ### โš™๏ธ Input
FieldTypeRequiredDescription
querystringnoKeyword applied to GHSA, MITRE, Exploit-DB
sourcesarray of enumnoSubset of ghsa, mitre, exploitdb, openssf, urlhaus
maxItemsintegernoFree 10 / Paid up to 1,000,000
openssfReposarraynoRepos to score against OpenSSF Scorecard
proxyConfigurationobjectnoApify Proxy (recommended for Exploit-DB)
```json { "maxItems": 20, "sources": ["ghsa", "mitre", "exploitdb", "openssf", "urlhaus"] } ```` ```json { "query": "rce", "maxItems": 30, "sources": ["ghsa", "exploitdb"] } ``` > โš ๏ธ **Good to Know:** OpenSSF Scorecard needs an explicit list of repos. URLhaus and MITRE are public bulk feeds - the keyword is matched client-side. ### ๐Ÿ“Š Output
FieldTypeDescription
๐Ÿ“ก sourcestringghsa / mitre / exploitdb / openssf / urlhaus
๐Ÿ“Œ titlestringAdvisory summary, technique name, exploit title, repo name, malware host
๐Ÿ”— urlstringCanonical URL on the source site
๐Ÿ†” idstringGHSA ID / Txxxx / EDB ID / repo / URLhaus ID
โš ๏ธ severitystringcritical/high/etc. (GHSA), verified flag (Exploit-DB), URL status (URLhaus)
๐Ÿท๏ธ categorystringCWE / technique vs. sub-technique / exploit type / threat type
๐Ÿ•’ datestringPublished / disclosed date
๐Ÿ“ summarystringSource-specific summary
+ source-specific fieldsvariescveId, platform, score, checks, host, tags, etc.
๐Ÿ•’ scrapedAtstringISO timestamp
โŒ errorstringPer-source error record (rare)
### โœจ Why choose this Actor | Differentiator | Detail | |---|---| | ๐ŸŒ Five sources, one run | Save engineering and credits | | ๐Ÿ›ก๏ธ Resilient | One source failure does not stop the others | | โšก Parallel fetch | Concurrent fetchers | | ๐Ÿงฉ Unified schema | Same shape for every source | | ๐Ÿ“ฆ Pay-per-event | Pay only for records collected | ### ๐Ÿ“ˆ How it compares to alternatives | Alternative | This Aggregator | |---|---| | Buy a CTI feed | No subscription, public sources only | | Run 5 separate scrapers | Single run, single dataset | | Build CVE-correlator yourself | Schema already normalized | ### ๐Ÿš€ How to use 1. [Create a free account w/ $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) 2. Open the actor on Apify console 3. Pick `sources` (default = all 5) 4. Set `query`, `openssfRepos`, `maxItems` 5. Run ### ๐Ÿ’ผ Business use cases **SOC and DFIR** | Need | How | |---|---| | Daily threat intel feed | Schedule daily, ingest into SIEM | | IOC enrichment | Cross URLhaus with internal proxy logs | **AppSec / DevSecOps** | Need | How | |---|---| | SCA pre-screen | GHSA + OpenSSF for every release | | Dependency hygiene | OpenSSF scores on every direct dependency | **Red team / pentest** | Need | How | |---|---| | TTP lookup | MITRE ATT\&CK by keyword | | Exploit research | Exploit-DB filtered by CVE / platform | **CTI / research** | Need | How | |---|---| | Cross-source enrichment | Join GHSA + MITRE + Exploit-DB on CVE | | Supply-chain risk model | OpenSSF Scorecard portfolio scoring | ### ๐Ÿ”Œ Automating Vulnerability & Security Intel - **Make / Zapier** - push every new record to Slack, Jira, ServiceNow - **Slack** - daily critical-CVE digest - **Airbyte / Fivetran** - sync to your warehouse - **GitHub Actions** - fail builds on new high-severity advisory - **Webhooks** - push to your SOAR/SIEM ### ๐ŸŒŸ Beyond business use cases **Research** - Cross-source CVE coverage analysis - Adversary TTP evolution studies **Personal** - Track CVEs in your stack - Monitor your favourite OSS projects **Non-profit** - Public-sector vulnerability tracking - Election-infrastructure monitoring **Experimentation** - LLM-powered advisory triage - Knowledge graphs across vuln, exploit and TTP ### ๐Ÿค– Ask an AI assistant about this scraper - [Ask ChatGPT](https://chat.openai.com) - [Ask Claude](https://claude.ai) - [Ask Perplexity](https://perplexity.ai) - [Ask Microsoft Copilot](https://copilot.microsoft.com) ### โ“ Frequently Asked Questions **โ“ Which sources?** GHSA (GitHub Advisories), MITRE ATT\&CK (Enterprise techniques), Exploit-DB, OpenSSF Scorecard, URLhaus. **โ“ Can I pick a subset?** Yes via the `sources` array. **โ“ Do I need API keys?** No. All sources expose public, unauthenticated endpoints. **โ“ What if one source fails?** Others keep going. The failing source emits an error record. **โ“ How do I look up an exploit for a CVE?** Pass the CVE as `query` and limit `sources` to `["ghsa","exploitdb"]`. **โ“ Why OpenSSF Scorecard?** Adds supply-chain hygiene scoring on top of pure vulnerability data. **โ“ Is URLhaus output verified?** Yes - abuse.ch maintains an active malware URL list. **โ“ How fresh is the data?** Real-time. Each source is queried live per run. **โ“ Pricing model?** Pay-per-event: billed per record actually pushed. **โ“ Can I schedule it?** Yes - use Apify Schedules. ### ๐Ÿ”Œ Integrate with any app - Make, Zapier, n8n, Pipedream - Airbyte, Fivetran, Stitch - Slack, Discord, Microsoft Teams - Jira, ServiceNow, PagerDuty - Splunk, Elastic, Datadog - GitHub Actions, GitLab CI - Webhooks, REST API, S3, GCS ### ๐Ÿ”— Recommended Actors | Actor | Why | |---|---| | [MITRE ATT\&CK Techniques Scraper](https://apify.com/parseforge/mitre-attack-techniques-scraper) | Standalone ATT\&CK | | [Exploit-DB Exploits Scraper](https://apify.com/parseforge/exploit-db-exploits-scraper) | Standalone Exploit-DB | | [OpenSSF Scorecard Projects Scraper](https://apify.com/parseforge/openssf-scorecard-projects-scraper) | Standalone OpenSSF | | [URLhaus Malware URLs Scraper](https://apify.com/parseforge/urlhaus-malware-urls-scraper) | Standalone URLhaus | > ๐Ÿ’ก **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge). **๐Ÿ†˜ Need Help?** [Open our contact form](https://tally.so/r/BzdKgA) > **โš ๏ธ Disclaimer:** independent tool, not affiliated with GitHub, MITRE, Offensive Security, OpenSSF or abuse.ch. Only publicly available data is collected. # Actor input Schema ## `query` (type: `string`): Keyword applied to sources that support search (GHSA, MITRE, Exploit-DB). ## `sources` (type: `array`): Which security intel sources to query in parallel. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## `openssfRepos` (type: `array`): Repos to query against OpenSSF Scorecard (e.g. github.com/expressjs/express). ## `proxyConfiguration` (type: `object`): Use Apify Proxy (recommended for Exploit-DB). ## Actor input object example ```json { "query": "", "sources": [ "ghsa", "mitre", "exploitdb", "openssf", "urlhaus" ], "maxItems": 10, "openssfRepos": [ "github.com/expressjs/express", "github.com/facebook/react", "github.com/nodejs/node" ], "proxyConfiguration": { "useApifyProxy": true } } ``` # Actor output Schema ## `results` (type: `string`): Aggregated vulnerability and security intelligence from 5 sources. # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "maxItems": 10, "proxyConfiguration": { "useApifyProxy": true } }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/vulnerability-security-intel-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "maxItems": 10, "proxyConfiguration": { "useApifyProxy": True }, } # Run the Actor and wait for it to finish run = client.actor("parseforge/vulnerability-security-intel-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "maxItems": 10, "proxyConfiguration": { "useApifyProxy": true } }' | apify call parseforge/vulnerability-security-intel-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/vulnerability-security-intel-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "Vulnerability & Security Intel Aggregator", "description": "Pull live security intel from GitHub Advisories, MITRE ATT&CK, Exploit DB, OpenSSF Scorecard and URLhaus in one feed. Get CVE IDs, severity, affected packages, threat techniques and active malware URLs. Built for SecOps, threat intel and DevSecOps.", "version": "0.1", "x-build-id": "A9gTnZlRarihgkrXs" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~vulnerability-security-intel-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-vulnerability-security-intel-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~vulnerability-security-intel-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-vulnerability-security-intel-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~vulnerability-security-intel-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-vulnerability-security-intel-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "query": { "title": "Search query", "type": "string", "description": "Keyword applied to sources that support search (GHSA, MITRE, Exploit-DB).", "default": "" }, "sources": { "title": "Sources", "uniqueItems": true, "type": "array", "description": "Which security intel sources to query in parallel.", "items": { "type": "string", "enum": [ "ghsa", "mitre", "exploitdb", "openssf", "urlhaus" ] }, "default": [ "ghsa", "mitre", "exploitdb", "openssf", "urlhaus" ] }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" }, "openssfRepos": { "title": "OpenSSF Repos", "type": "array", "description": "Repos to query against OpenSSF Scorecard (e.g. github.com/expressjs/express).", "default": [ "github.com/expressjs/express", "github.com/facebook/react", "github.com/nodejs/node" ], "items": { "type": "string" } }, "proxyConfiguration": { "title": "Proxy configuration", "type": "object", "description": "Use Apify Proxy (recommended for Exploit-DB)." } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```