Changelog — CVE Analysis Tool

v1.6 — Current

Global environmental requirements · Env score badges · NVD pre-filled link

Current 14/05/2026

Added

🧮CVSS calculator — CIA Requirements added in the options panelplus a 🧮 button that opens a modal displaying all available CVSS change metrics.
🏷️Env score sub-badge — a compact Env X.X badge appears below each applicable CVSS base score badge (preceded by a ↳ arrow), colour-coded by severity, and sized to its content.

Improvement

🔗FIRST calculator pre-filled link — clicking the Env X.X or CVSS X.Xbadge opens the FIRST reference CVSS calculator (v3.x and v4.0) or the NVD calculator (v2.0) in a new tab, with the base vector and environmental changes or requirements.

Fix

🩹LibreOffice link fix — CAT now tries the main LibreOffice website first and switches to a mirror automatically if the page doesn't load correctly.

v1.5

Landing curtain cache · Storage simplification · CAPECs

Feature 30/04/2026

Added

📰Dynamic banner — a curtain displays relevant CVEs: high‑EPSS CVEs, recent KEV entries, newest and last cricital CVEs.
🧩CAPEC associations added under CWE entries — each CWE now displays its related CAPEC attack patterns directly within the CWE section.
📈EPSS evolution indicator — the EPSS score now includes a month‑over‑month evolution indicator.
📁CWE download — the CWE are now downloaded and formated in data folder, before being used.

Improvement

💾Session curtain caching — statistics are now saved in sessionStorage
🗄️Unified CVE storage — CVE data is now stored exclusively in localStorage (no longer duplicated in sessionStorage)
🏷️Provider name added from CVE list data — if available, each CVE entry now includes its data provider label for improved transparency.

v1.4

Shareable permalink · Source chip collapse · Filter groups · Description alignment

Feature 05/04/2026

Added

🔗Shareable permalink — A share button (🔗) next to each CVE title copies a direct URL (?cves=CVE-XXXX-XXXXX) to the clipboard. Opening that URL loads the CVE instantly, bypassing the session cache restore.
🗂️Source filter groups — The "Visible sources" panel is now split into two sub-groups: Databases (CVEList, NVD, ENISA) and Editors (all vendor sources). All sources are now fully toggleable.

Improvement

🔵Source chip collapse — Source chips that did not respond (red, amber, or network error) are automatically hidden behind a compact +N ▾ toggle button. Only green (confirmed) sources remain visible by default, reducing visual clutter on cards with many sources.
↕️Description column alignment — Source badges in the left column and description text in the right column are now vertically centered relative to each other, regardless of row height.

v1.3

Multiple fixes · EPSS score · ENISA source

Feature 01/04/2026

Added

💯EPSS score — Add the probability of an exploit under 30 days for concerned CVE.
📦Source ENISA EUVD — REST API search → Description, CVSS score & vector, References

Improvement

🧩Multiple fixes (CVSSv4 duplication, Debian references, CVEList CWE retrieval).

v1.2

CVE navigator · Field visibility · Persistent preferences · Smart refresh · Bug fixes

Feature 28/03/2026

Added

🧭CVE navigator — a compact dropdown embedded in the search bar (left of the search field) lists all active CVE cards with a CVSS severity dot. Clicking any entry scrolls smoothly to the card and highlights it with a blue glow. Closes automatically on outside click. Hidden when no cards are present.
👁Field visibility — new Visible fields section in the ⚙ Options panel. Toggle Description, CVSS v3, CVSS v4, CVSS v2, CWE, and References on/off across all cards at once. Preference persisted in localStorage.

Improvement

💾Persistent preferences — Sort and Source filter are now saved to localStorage and restored on every page load.
📐Full-width cards — CVE cards now stretch to the full page.
🖥️Correction of a few details in all documentation pages
📃Improvement of the CVElist retrieval, which now reads in a second field to retrieve data (containers.cna and containers.adp)

v1.1

Card management · Sort · Session persistence

Feature 22/03/2026

Added

💾CVE persistence — searched CVEs are stored in localStorage and automatically restored when navigating back to the search page, so results survive page changes within the same browser session.
⚡Session cache — all fetched source data is saved in sessionStorage (TTL: 4 hours). When a CVE is restored from localStorage, no new network requests are made — the card is rebuilt instantly from the cached data. Cache is cleared when the browser tab is closed.
🔄Refresh button per card — a ↻ button in the top-right corner of each card re-queries only the sources that previously returned a red (not found) or black/white (network error) dot, without touching already-successful sources.
🗑️Delete button per card — a trash icon next to the refresh button removes a single CVE card and clears it from localStorage and the session cache.
⚙️Options panel — the search bar now has a single ⚙ Options button that opens a unified panel containing: Sort, Visible sources (filter), and Remove all cards. This replaces the previous standalone Filter button.
⇅Sort — CVE cards can be sorted by CVSS score (ascending / descending), publication date, or CVE ID. The sort updates live as new CVSS scores arrive from Phase-2 sources.

Improvement

🔗GitHub link in footer — a GitHub icon has been added to the footer of all pages, linking to the project repository.
🩹Correction of a few details in all pages

v1.0

Full multi-source aggregator - First version publishing

Feature 18/03/2026

Feature

📦CISA KEV — JSON feed, fetched once per session and shared across all cards -> Description, CWE
📦Oracle — HTML scraping of oracle.com security-alerts -> Description
📦Xen — HTML scraping and Json search -> Description
🖥️Creation of the "Changelog" and "Contact" pages

Improvement

🖌️Separate page "About" in "Technical Docs" and "User Guide"
🩹Correction of a few bugs in search method
💨File HTML split in multiple files (.js, .css ...)

v0.9

Source filter · New sources

Feature 12/03/2026

Added

🔲Source filter panel — toggle any of the optional sources on/off; NVD and CVEList always visible
📦Amazon Linux — HTML scraping -> Description, Score CVSS
📦LibreOffice — HTML scraping -> Description
📦PostgreSQL — HTML scraping -> Description, Score CVSS

Screenshot

v0.8

References · CWE · Footer

Feature 21/02/2026

Added

🏷CWE chips section — aggregated from CVEList, NVD, CSAF sources; live name fetch from cwe.mitre.org when not provided
➕References section — collapsible panel listing all unique reference URLs
➕Not-affected domain suppression in references — URLs from a source's own domain hidden when that source reports non-affectedness
🔗References section — deduplicated, with self-referential and CSAF/VEX URLs excluded
👇Creation of a footer

Improvement

⟳Loading spinner on references that disappears once all Phase-2 sources have settled
🖥️Improvement of the interface

Screenshot

v0.7

CVE batch search · Amber dot · Phase 1 / Phase 2

Feature 02/02/2026

Added

🔎Single and batch CVE search — paste any text containing CVE-YYYY-NNNNN patterns
⚡Phase-1 / Phase-2 parallel fetch architecture — card renders immediately with CVEList + NVD, other sources fill the card independently

Improvement

🟠Amber dot (not affected) works for Ubuntu, debian, Redhat and Suse
🖥️Improvement of the interface
🔧Improved CVSS vector normalisation — strips environmental/temporal metrics for clean deduplication across all new sources

v0.6

CVSS badge · Microsoft triple-source · About page

Feature 14/01/2026

Added

📊CVSS v2.0, v3.0, v3.1, v4.0 support with colour-coded severity badges
⚠️"Not in CVEList" warning card for newly reserved but unpublished CVEs
📦Microsoft triple-source cascade — CSAF VEX + SUG API + CIRCL fallback queried in parallel; description and CVSS taken from the first successful source

Improvement

➕Creation of the "About" page containing information on the functioning of the tool
🔧Improvement of the interface

v0.5

Badge sources · State link · Proxy

Feature 16/09/2025

Added

📝Source description badge added on the left
🔧Cloudflare Worker CORS proxy to bypass browser Same-Origin Policy restrictions
🟢5-state animated source dots: waiting (grey), ok (green), not-affected (amber), not-found (red), network-error (black/white)

Screenshot

v0.4

Descriptions · CVSS deduplication

Feature 06/06/2025

Added

📦NVD — NIST REST API v2 -> description, CVSS v2/v3/v4
📦Red Hat — CSAF VEX (primary) + Hydra legacy API (fallback CVSS) -> description, CVSS
📦SUSE — CSAF VEX via public FTP -> description, CVSS
📦Debian — HTML scraping of security-tracker.debian.org -> description
📦Ubuntu — Canonical JSON API with dual endpoint fallback + Ubuntu-specific description

Improvement

➕CVSS deduplication — scores grouped by (version, score, vector) triplet; multiple sources sharing the same score merged into one badge with combined source labels
🔧Improvement of the interface

Screenshot

v0.3

CVSS score · Template card · Description deduplication

Feature 18/02/2025

Added

📦CVEList — MITRE CVEProject/cvelistV5 GitHub repo (assigner, date, description, CVSS)
🔧CVSS v2.0, v3.0, v3.1 support; assigner + publication date from CVEList metadata
♦️The sources are now in the top right as clickable pill
📝Description deduplication — identical descriptions from multiple sources merged into a single row
🔎Single CVE search with skeleton loading card

Removed

➖References fields set aside to focus on scores and description

Improvement

🔧Improvement of the interface (redesign of the HTML/CSS graphic charter)

Screenshot

v0.2

Data · Link state · Style

Feature 07/09/2024

Added

📦Primary source information: Retrieval of the description and references from the NVD
🟢2-state source status dots : reachable/unreachable (green/red)
🌗Dark / Light mode with localStorage persistence

Improvement

🔧Improvement of the interface (redesign of the HTML/CSS graphic charter)

Screenshot

v0.1

Initial release

Initial 05/07/2024

Foundation

🎉First working version — single CVE search
⛓️‍Show redirecting links for sources identified

Screenshot