CVE Forecast is an enterprise-grade, self-improving forecasting platform that predicts Common Vulnerabilities and Exposures (CVEs) using advanced machine learning, statistical models, and automated hyperparameter optimization. The system provides actionable insights into future vulnerability disclosure trends through an intelligent, continuously-evolving pipeline with real-time accuracy tracking.
Version 0.10 "Phoenix" π₯π¦ (October 2025): Complete architectural rebirth with unified pipeline, historical backtest validation, forecast accuracy tracking, modular codebase, and production-ready automation. The system now features real-world performance metrics, automated monthly tuning, and comprehensive documentation.
- 13 Optimized Models: Statistical (Prophet, ARIMA, TBATS), ML (XGBoost, LightGBM, CatBoost), and baseline models
- Real-World Validation: Historical backtest on 2025 data (Jan-Sep) with actual vs. predicted comparisons
- Accuracy Metrics: MAPE ranging from 6.22% (LightGBM) to 21.65% (Croston) on real 2025 data
- 120+ CNA Forecasts: Individual predictions for CVE Numbering Authorities with per-organization model selection
- Dynamic Forecasting: Automatically forecasts current incomplete month through end of next year
- Unified Pipeline: Single command (
run_production_forecast.py) handles CVE + CNA forecasting - Daily Updates: Automated GitHub Actions workflow generates fresh forecasts at midnight UTC
- Monthly Tuning: Separate workflow optimizes hyperparameters on the 1st of each month
- Forecast Tracking: Historical snapshot system tracks prediction evolution and accuracy over time
- Zero Downtime: Continuous deployment to GitHub Pages with automatic rollback on failure
- Forecast vs Published Table: Month-by-month comparison of predictions against actual CVE counts
- Model Rankings: Real-time performance leaderboard based on backtest MAPE
- Historical Tracking:
forecast_history.jsonaccumulates prediction snapshots for long-term analysis - Performance Badges: Visual indicators (Excellent < 5%, Good < 10%, Fair < 20%, Poor > 20%)
- Detailed Metrics: MAE, MAPE, error percentages, and performance ratings for every model
- Modular Design: Clean separation between data loading, training, forecasting, and validation
- Base Classes:
BaseForecasterandValidationMixinprovide extensible framework - Adapters Pattern:
CVEForecasterandCNAForecasterimplement domain-specific logic - Configuration-Driven: Centralized
config.jsonwith optimized hyperparameters - Comprehensive Logging: Detailed execution logs with progress tracking and error reporting
Experience the full power of CVE Forecast on the live dashboard:
For a comprehensive understanding of the project's architecture, data processing pipeline, forecasting models, and deployment strategy, please refer to our detailed technical documentation:
- Python 3.10+
- 8GB+ RAM recommended
- CVE data repository (auto-cloned by pipeline)
-
Clone the repository:
git clone https://github.com/[your-username]/CVEForecast.git cd CVEForecast -
Install dependencies:
pip install -r requirements.txt
-
Clone CVE data (required for forecasting):
git clone --depth 1 https://github.com/CVEProject/cvelistV5.git
Option 1: Full Production Pipeline (Recommended)
python code/run_production_forecast.pyGenerates:
web/data.json- CVE forecasts and metricsweb/cna_data.json- CNA forecastsweb/forecast_history.json- Historical trackingweb/pipeline_results.json- Execution summary
Option 2: CVE Forecasts Only
python code/adapters/cve_adapter.pyOption 3: CNA Forecasts Only
python code/adapters/cna_adapter.pyLocal Dashboard:
# Simple HTTP server
python -m http.server 8000 --directory web
# Open browser to http://localhost:8000Production: Visit cveforecast.org
Comprehensive documentation is available in the docs/ directory:
- Architecture Guide - System design, components, and data flow
- API Reference - Classes, methods, and configuration options
- Deployment Guide - GitHub Actions, hosting, and CI/CD
- Development Guide - Contributing, testing, and best practices
- Tuning Guide - Hyperparameter optimization workflows
Real-world accuracy on Jan-Sep 2025 data:
| Rank | Model | MAPE | MAE | Performance |
|---|---|---|---|---|
| 1 | LightGBM | 6.22% | 257.44 | π₯ Excellent |
| 2 | KalmanFilter | 6.26% | 244.33 | π₯ Excellent |
| 3 | TBATS | 7.21% | 293.67 | π₯ Excellent |
| 4 | RandomForest | 9.16% | 374.11 | Good |
| 5 | AutoARIMA | 9.70% | 395.78 | Good |
| 6 | ExponentialSmoothing | 9.83% | 400.00 | Good |
| 7 | Prophet | 10.13% | 412.78 | Good |
| 8 | XGBoost | 10.39% | 420.67 | Good |
Full rankings available in the dashboard's "Model Performance Rankings" section.
Edit code/config.json to enable/disable models:
{
"models": {
"Prophet": {
"enabled": true,
"hyperparameters": { ... }
}
}
}Forecast Horizon
< 8000 /div>Automatically forecasts from current month through December of next year. Override in config:
{
"forecast_end_year": 2026
}- Daily Forecast:
.github/workflows/main.yml(midnight UTC) - Monthly Tuning:
.github/workflows/monthly_tuning.yml(1st of month, 2 AM UTC)
See Deployment Guide for details.
"No CVE data found"
# Clone CVE data repository
git clone --depth 1 https://github.com/CVEProject/cvelistV5.git"Model training failed"
# Check logs for specific model errors
# Disable problematic models in config.json"Out of memory"
# Reduce number of enabled models
# Use CPU-only models (disable deep learning models)See Development Guide for more troubleshooting tips.
- β¨ Unified Pipeline: Single command for CVE + CNA forecasting
- π Historical Backtest: Real-world validation on 2025 data
- π Forecast Tracking: Accuracy monitoring over time
- ποΈ Modular Architecture: Clean, extensible codebase
- π Comprehensive Docs: Complete documentation suite
- π Automated Tuning: Monthly hyperparameter optimization
- π― Performance Metrics: Transparent accuracy reporting
code/main.pyreplaced bycode/run_production_forecast.py- New data structure in
web/data.json(includesforecast_vs_published) - Configuration moved to
code/config.json(from multiple files)
# Update to v0.10
git pull origin main
# Install new dependencies
pip install -r requirements.txt
# Run new pipeline
python code/run_production_forecast.pyWe welcome contributions! Please see our Development Guide for:
- Code style guidelines
- Testing requirements
- Pull request process
- Issue reporting
This project is licensed under the MIT License. See the LICENSE file for details.
- CVE Project for maintaining the cvelistV5 repository
- Darts library for time series forecasting framework
- Contributors who helped shape this release
Version: 0.10 "Phoenix" π₯π¦
Release Date: October 2025
Status: Production Ready
Website: cveforecast.org