Our Mission
Make vulnerability intelligence accessible to everyone.
The security industry has a knowledge gap problem. Thousands of CVEs are published every month. The tools to understand them were built by security experts, for security experts. Everyone else, the IT manager, the developer, the compliance officer, is left trying to interpret raw CVSS scores and dense NVD descriptions without a security degree.
NullCVE exists to close that gap. We believe that knowing what to patch, and why, shouldn't require years of security training. It should be as simple as opening a dashboard.
335k+
CVEs indexed across all sources
7
Data sources fused into one feed
<1hr
Average CISA KEV update latency
$0
Cost to get started, forever
The Problem We're Solving
300 CVEs a day. 8 that actually matter to you.
The average organization gets 300+ new CVEs published against software they might run every single day. No team can triage all of them. So they either ignore most of it and hope for the best, or they drown a specialist in work that a better tool should be doing automatically.
The existing tools, NVD, CVEDetails, CISA's website, are incredible resources. But they're databases, not decision engines. They tell you what exists. They don't tell you what to do first.
NullScore™ does. It takes five signals, CVSS severity, EPSS exploitation probability, CISA KEV status, live PoC availability, and whether it hits your specific stack, and fuses them into one number. Higher score means act sooner. That's it.
What We Stand For
Our values.
🎯
Clarity over complexity
Every design decision prioritizes understanding. If a non-security professional can't act on the information, it's not good enough.
🔍
Transparency in methodology
NullScore™ is a published, versioned formula. You know exactly how we calculate risk. No black boxes, no mystery scores.
⚡
Speed over perfection
A vulnerability that's been exploited for three weeks while you waited for perfect data is worse than imperfect data in real time.
🛡️
Honest about limitations
We tell you when data is stale, when a source is lagging, and when our confidence is lower. Trust requires honesty.
🌐
Accessible to all roles
Analyst, developer, IT manager, CISO, every person in the security chain deserves tools that work for them, not just the specialist.
💰
Free to start, always
The core intelligence, NullScore, KEV tracking, basic stack filter, stays free. We grow when our users grow.
How We Got Here
The timeline.
The frustration begins
Working in enterprise software deployment, dealing with CVE triage as part of release management. Existing tools require too much security expertise to be useful to the full team.
First pipeline built
A Python script pulling from NVD, CISA KEV, and EPSS to produce a daily ranked list. Shared internally. People actually used it.
NullScore™ formula developed
After months of testing different weightings, the composite scoring model stabilized. CVSS 35%, EPSS 25%, KEV 20%, PoC 15%, Stack Match 5%.
NullCVE launches publicly
The pipeline became a product. 7 data sources, a full dashboard, role-based views for every type of user, and a free tier that stays free.
The Team
Built by practitioners.
NullCVE is built by people who work in security and IT, not just people who read about it. Every feature exists because someone on the team needed it.
👤
Tom Z.
Founder · Platform Lead
Deployment Lead at a major enterprise SaaS firm. Background in release engineering, Azure DevOps, and ServiceNow. Active on HackTheBox and TraceLabs OSINT. Built NullCVE because no existing tool worked for his whole team, only the security specialists.
+
You?
Open roles
We're early and growing. If you're a security researcher, frontend developer, or data engineer who wants to build something useful, reach out.
Ready to see it for yourself?
Free to start. No credit card. Your stack filtered and ranked in under 60 seconds.