Pricing
$21.00 / 1,000 result items
Vulnerability & Security Intel Aggregator
Pull live security intel from GitHub Advisories, MITRE ATT&CK, Exploit DB, OpenSSF Scorecard and URLhaus in one feed. Get CVE IDs, severity, affected packages, threat techniques and active malware URLs. Built for SecOps, threat intel and DevSecOps.
Pricing
$21.00 / 1,000 result items
Rating
0.0
(0)
Developer
Actor stats
0
Bookmarked
2
Total users
1
Monthly active users
23 days ago
Last modified
Categories
Share
๐ก๏ธ Vulnerability & Security Intel Aggregator
๐ Query 5 authoritative security feeds in one run. GitHub GHSA advisories, MITRE ATT&CK techniques, Exploit-DB exploits, OpenSSF Scorecard projects and URLhaus malware URLs - aggregated, normalized, exported.
๐ Last updated: 2026-05-27 ยท ๐ 10 fields per record ยท 5 sources ยท global vulnerability, exploit, malware and supply-chain intelligence
The Vulnerability & Security Intel Aggregator queries five independent security data sources in parallel and returns a unified stream of records. Each record is tagged with its source so you can filter, dedupe or split by platform downstream.
The combination spans coordinated disclosures (GHSA), adversary tradecraft (MITRE ATT&CK), proof-of-concept exploits (Exploit-DB), open-source supply-chain hygiene (OpenSSF Scorecard) and active malware infrastructure (URLhaus).
| ๐ฏ Target Audience | ๐ก Primary Use Cases |
|---|---|
| SOC / DFIR / threat intel teams | Daily intel feed |
| AppSec / DevSecOps | Dependency risk scoring |
| Red teams / pentesters | Exploit and TTP lookup |
| CTI vendors and researchers | Cross-source enrichment |
๐ What the Vulnerability & Security Intel Aggregator does
- Queries up to 5 distinct security APIs and feeds in parallel (
Promise.allSettled) - Applies a unified keyword across every source that exposes search
- Normalizes every record to the same 10-field shape
- Returns one tagged stream -
source: ghsa | mitre | exploitdb | openssf | urlhaus - Continues with the remaining sources if one fails
๐ก Why it matters: one input, one dataset, five authoritative security feeds.
๐ฌ Full Demo (๐ง Coming soon)
โ๏ธ Input
| Field | Type | Required | Description |
|---|---|---|---|
| query | string | no | Keyword applied to GHSA, MITRE, Exploit-DB |
| sources | array of enum | no | Subset of ghsa, mitre, exploitdb, openssf, urlhaus |
| maxItems | integer | no | Free 10 / Paid up to 1,000,000 |
| openssfRepos | array | no | Repos to score against OpenSSF Scorecard |
| proxyConfiguration | object | no | Apify Proxy (recommended for Exploit-DB) |
โ ๏ธ Good to Know: OpenSSF Scorecard needs an explicit list of repos. URLhaus and MITRE are public bulk feeds - the keyword is matched client-side.
๐ Output
| Field | Type | Description |
|---|---|---|
| ๐ก source | string | ghsa / mitre / exploitdb / openssf / urlhaus |
| ๐ title | string | Advisory summary, technique name, exploit title, repo name, malware host |
| ๐ url | string | Canonical URL on the source site |
| ๐ id | string | GHSA ID / Txxxx / EDB ID / repo / URLhaus ID |
| โ ๏ธ severity | string | critical/high/etc. (GHSA), verified flag (Exploit-DB), URL status (URLhaus) |
| ๐ท๏ธ category | string | CWE / technique vs. sub-technique / exploit type / threat type |
| ๐ date | string | Published / disclosed date |
| ๐ summary | string | Source-specific summary |
| + source-specific fields | varies | cveId, platform, score, checks, host, tags, etc. |
| ๐ scrapedAt | string | ISO timestamp |
| โ error | string | Per-source error record (rare) |
โจ Why choose this Actor
| Differentiator | Detail |
|---|---|
| ๐ Five sources, one run | Save engineering and credits |
| ๐ก๏ธ Resilient | One source failure does not stop the others |
| โก Parallel fetch | Concurrent fetchers |
| ๐งฉ Unified schema | Same shape for every source |
| ๐ฆ Pay-per-event | Pay only for records collected |
๐ How it compares to alternatives
| Alternative | This Aggregator |
|---|---|
| Buy a CTI feed | No subscription, public sources only |
| Run 5 separate scrapers | Single run, single dataset |
| Build CVE-correlator yourself | Schema already normalized |
๐ How to use
- Create a free account w/ $5 credit
- Open the actor on Apify console
- Pick
sources(default = all 5) - Set
query,openssfRepos,maxItems - Run
๐ผ Business use cases
SOC and DFIR
| Need | How |
|---|---|
| Daily threat intel feed | Schedule daily, ingest into SIEM |
| IOC enrichment | Cross URLhaus with internal proxy logs |
AppSec / DevSecOps
| Need | How |
|---|---|
| SCA pre-screen | GHSA + OpenSSF for every release |
| Dependency hygiene | OpenSSF scores on every direct dependency |
Red team / pentest
| Need | How |
|---|---|
| TTP lookup | MITRE ATT&CK by keyword |
| Exploit research | Exploit-DB filtered by CVE / platform |
CTI / research
| Need | How |
|---|---|
| Cross-source enrichment | Join GHSA + MITRE + Exploit-DB on CVE |
| Supply-chain risk model | OpenSSF Scorecard portfolio scoring |
๐ Automating Vulnerability & Security Intel
- Make / Zapier - push every new record to Slack, Jira, ServiceNow
- Slack - daily critical-CVE digest
- Airbyte / Fivetran - sync to your warehouse
- GitHub Actions - fail builds on new high-severity advisory
- Webhooks - push to your SOAR/SIEM
๐ Beyond business use cases
Research
- Cross-source CVE coverage analysis
- Adversary TTP evolution studies
Personal
- Track CVEs in your stack
- Monitor your favourite OSS projects
Non-profit
- Public-sector vulnerability tracking
- Election-infrastructure monitoring
Experimentation
- LLM-powered advisory triage
- Knowledge graphs across vuln, exploit and TTP
๐ค Ask an AI assistant about this scraper
โ Frequently Asked Questions
โ Which sources? GHSA (GitHub Advisories), MITRE ATT&CK (Enterprise techniques), Exploit-DB, OpenSSF Scorecard, URLhaus.
โ Can I pick a subset? Yes via the sources array.
โ Do I need API keys? No. All sources expose public, unauthenticated endpoints.
โ What if one source fails? Others keep going. The failing source emits an error record.
โ How do I look up an exploit for a CVE? Pass the CVE as query and limit sources to ["ghsa","exploitdb"].
โ Why OpenSSF Scorecard? Adds supply-chain hygiene scoring on top of pure vulnerability data.
โ Is URLhaus output verified? Yes - abuse.ch maintains an active malware URL list.
โ How fresh is the data? Real-time. Each source is queried live per run.
โ Pricing model? Pay-per-event: billed per record actually pushed.
โ Can I schedule it? Yes - use Apify Schedules.
๐ Integrate with any app
- Make, Zapier, n8n, Pipedream
- Airbyte, Fivetran, Stitch
- Slack, Discord, Microsoft Teams
- Jira, ServiceNow, PagerDuty
- Splunk, Elastic, Datadog
- GitHub Actions, GitLab CI
- Webhooks, REST API, S3, GCS
๐ Recommended Actors
| Actor | Why |
|---|---|
| MITRE ATT&CK Techniques Scraper | Standalone ATT&CK |
| Exploit-DB Exploits Scraper | Standalone Exploit-DB |
| OpenSSF Scorecard Projects Scraper | Standalone OpenSSF |
| URLhaus Malware URLs Scraper | Standalone URLhaus |
๐ก Pro Tip: browse the complete ParseForge collection.
๐ Need Help? Open our contact form
โ ๏ธ Disclaimer: independent tool, not affiliated with GitHub, MITRE, Offensive Security, OpenSSF or abuse.ch. Only publicly available data is collected.
