Give a CVE identifier and automatically get a running Docker container with the vulnerable software version.
Verify that a spun-up environment actually matches the affected version with automated checks.
Study a known vulnerability hands-on without manually hunting for the right software version.
Run security research in an isolated container with restricted privileges and local-only ports.
| gadievron/cve-env | 13127905/deep-learning-based-air-gesture-text-recognition- | 6xvl/paralives-plugins-index | |
|---|---|---|---|
| Stars | 15 | 15 | 15 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 4/5 | 3/5 | 2/5 |
| Audience | developer | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Runs inside an existing Claude Code session as its AI engine and requires Docker, no separate API key needed.
This project is a tool for security researchers that automates the process of setting up a vulnerable software environment to study a known security flaw. In the security field, known vulnerabilities are tracked with identifiers called CVEs (Common Vulnerabilities and Exposures). To study how a vulnerability works, a researcher needs to run the specific software version that contained the flaw, which can be tedious to set up manually. cve-env does this automatically. You give it a CVE identifier, and an AI agent takes over from there. The agent looks up details about the vulnerability from public databases, figures out which software product and version was affected, finds or builds a Docker container image with that exact vulnerable version, starts the container, and then runs automated checks to confirm the environment is actually running the right version and functioning correctly. Docker is a technology that creates isolated software environments on your computer, so the vulnerable software runs in a contained sandbox rather than on your main system. The agent follows a five-stage process: research, resolve (find a pre-built container image), acquire (build one from source if no pre-built image fits), launch, and verify. For verification, it does not just check if the container started. It checks the specific version of the binaries inside the container, runs functional tests appropriate to the software type (web requests for web apps, database queries for databases, protocol probes for network services), and records whether the result is a full success or only a partial verification. The project is honest about partial results rather than claiming success when evidence is incomplete. All containers run with security restrictions applied: no elevated privileges, no extra system capabilities, and ports bound to the local machine only so the vulnerable software cannot be reached from the network. The tool runs with an existing Claude Code session as its AI engine and does not require a separate API key. The project is aimed at security researchers and vulnerability analysts who need reproducible environments for studying CVEs. It works without credentials by default (using public database rate limits) but accepts optional API tokens for NVD, GitHub, and Docker Hub to raise those limits. The README is detailed and covers the verification logic, outcome status codes, and configuration options thoroughly.
An AI-driven tool that automatically builds and verifies a vulnerable Docker environment for studying a given CVE.
Mainly Python. The stack also includes Python, Docker.
No license information is stated in the source material.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.