RepoRadar
Leave a Tip
Item detail

larlarua/AutoCVE

larlarua/AutoCVE is an AGPL-licensed full-stack security-audit platform that chains repo intake, multi-agent recon and triage, vulnerability verification, and CVE-report generation into one workflow instead of leaving researchers to stitch scanners, notes, and proof artifacts together by hand.

Open source Back to radar
Score8.4
Popularity7.1
Riskhigh
TierSilver
Score breakdown
Usefulness8.0
Novelty8.0
Momentum7.0
Maturity6.2
Open-source/build8.4
Evidence7.2
Workflow potential9.2
Setup ease4.2

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for security engineers and advanced open-source maintainers who want a more structured path from code audit to reproducible finding, especially when manual CVE packaging is the bottleneck.

Who should use it

security teams auditing open-source applicationsresearchers who want a tighter loop from finding to reportmaintainers triaging likely vulnerability hotspotsadvanced users building repeatable AI-assisted code-audit pipelines

Who should skip it

Skip or sandbox it if you cannot review permissions, data access, and failure modes before use.

Risk explanation

It automates offensive-style vulnerability discovery and verification workflows that need careful authorization and scope control; Running the stack means trusting agents, scanners, and containers with source code and vulnerability data.

Evidence links

Closest alternatives / related signals

securitycvemulti-agentcode-auditself-hosted