vulnerability-lookup/VulnTrain
15
1
Fork 0
mirror of https://github.com/vulnerability-lookup/VulnTrain.git synced 2026-03-04 10:23:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
A tool to generate datasets and models based on vulnerabilities descriptions from @vulnerability-lookup.
277 commits 5 branches 16 tags 6.8 MiB
  • Python 100%
Find a file
Exact
Cédric Bonhomme 5e54736a69
 chg: [dependencies] Updated dependencies.
2026-02-28 19:25:51 +01:00
.github/workflows chg: disable training command 2025-02-19 16:22:24 +01:00
docs chg: [documentation] Added instruction to run VulnTrain on HPC with torchrun. 2026-02-19 10:39:59 +01:00
vulntrain new: [training] Add --no-codecarbon, --no-push, and --no-cache options to severity trainer 2026-02-19 10:02:17 +01:00
.gitignore chg: [added] added validator for severity prediction 2025-02-25 10:39:21 +01:00
AUTHORS chg: [RELEASE] Updated CHANGELOG, README, and dependencies. Bumped release number. 2025-07-01 10:40:26 +02:00
CHANGELOG.md new: [release] Release 2.2.0 2026-02-19 10:03:29 +01:00
CITATION.cff chg: updated changelog 2025-07-23 09:14:35 +02:00
CLAUDE.md new: [documentation] Add CLAUDE.md for Claude Code guidance 2026-02-19 09:47:18 +01:00
COPYING chg: [documentation] Updated README and COPYING. 2025-02-24 10:54:47 +01:00
poetry.lock chg: [dependencies] Updated dependencies. 2026-02-28 19:25:51 +01:00
pyproject.toml new: [release] Release 2.2.0 2026-02-19 10:03:29 +01:00
README.md chg: [dependencies] Updated dependencies. 2026-01-09 10:21:47 +01:00

README.md

VulnTrain

Latest release License PyPi version

VulnTrain offers a suite of commands to generate diverse AI datasets and train models using comprehensive vulnerability data from Vulnerability-Lookup. It harnesses over one million JSON records from all supported advisory sources to build high-quality, domain-specific models.

Additionally, data from the vulnerability-lookup:meta container, including enrichment sources such as vulnrichment and Fraunhofer FKIE, is incorporated to enhance model quality.

Check out the datasets and models on Hugging Face:

Model on HF

For more information about the use of AI in Vulnerability-Lookup, please refer to the user manual.

Usage

Install VulnTrain:

$ pipx install VulnTrain

Three types of commands are available:

  • Dataset generation: Create and prepare datasets.
  • Model training: Train models using the prepared datasets.
    • Train a model to classify vulnerabilities by severity. Model on HF
    • Train a model for text generation to assist in writing vulnerability descriptions Model on HF
  • Model validation: Assess the performance of trained models (validations, benchmarks, etc.).

Check out the documentation for more information.

How to cite

Bonhomme, C., & Dulaunoy, A. (2025). VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification (Version 1.4.0) [Computer software]. https://doi.org/10.48550/arXiv.2507.03607

@misc{bonhomme2025vlai,
    title={VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification},
    author={Cédric Bonhomme and Alexandre Dulaunoy},
    year={2025},
    eprint={2507.03607},
    archivePrefix={arXiv},
    primaryClass={cs.CR}
}

License

VulnTrain is licensed under GNU General Public License version 3

Copyright (c) 2025-2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2025-2026 Cédric Bonhomme - https://github.com/cedricbonhomme
Copyright (C) 2025 Léa Ulusan - https://github.com/3LS3-1F