VulnCheck Demo Dashboard

Comprehensive vulnerability intelligence with AI-powered analysis, financial risk quantification, and advanced visualization

v2.5.4 - Visual Polish & Documentation
Test/demo showcase only. This independent sample-data dashboard is not an official VulnCheck product, is not endorsed by VulnCheck, and should not be used for production security decisions. For official vulnerability intelligence and API access, visit VulnCheck.com.

Table of Contents

Getting Started

Prerequisites

  • Python 3.8+ installed and available in PATH
  • VulnCheck API Token (free at vulncheck.com)
  • AI API Key (optional) - OpenAI, Anthropic, or Google for AI summaries

Quick Start Guide

  1. Run the build script

    This sets up the Python virtual environment and installs all dependencies.

    # Windows
    build.bat
    
    # Linux/macOS
    chmod +x build.sh && ./build.sh
  2. Start the server

    Launch the dashboard server. It will automatically open in your default browser.

    # Windows
    run.bat
    
    # Linux/macOS
    ./run.sh
  3. Enter your API token

    Click the settings icon (gear) in the top right and enter your VulnCheck API token. It will be securely encrypted.

  4. Start searching!

    Enter a CVE ID, CPE string, or vendor:product format to begin exploring vulnerabilities.

Tip The server runs on port 8500 by default. If that port is busy, it will automatically try the next available port.

Filtering & Analysis

Available Filters

Severity Filters

Filter by severity level with multi-select support using OR logic:

Critical High Medium Low

Exploit Maturity

Filter by exploit availability and maturity level:

Weaponized PoC Available No Known Exploit

KEV Status

Show only CVEs in known exploited vulnerability catalogs:

CISA KEV VulnCheck KEV

Threat Intelligence

Filter by threat actor associations, ransomware, or botnet involvement.

Quick Filters

Click any highlighted badge in the CVE detail modal to instantly apply a filter. The filter bar shows all active filters with one-click removal.

Filter Logic Multiple filters within the same category use OR logic (e.g., Critical OR High). Different filter types use AND logic (e.g., Critical AND Weaponized).

Charts & Visualization

Severity Distribution

Interactive stacked bar chart showing Exploitable vs Not Exploitable CVEs per severity level. Click any segment to filter results.

Timeline Analysis

View CVEs by Published Date or Last Modified Date. Toggle between year and month groupings for detailed analysis.

Exploit Maturity Pyramid

3-tier pyramid visualization showing Weaponized, PoC, and No Exploit counts. Hover for preview, click to filter.

Custom Pivots

Create your own pivot charts on any field. Supports Bar, Doughnut, Pie, and Polar Area chart types.

Creating Custom Pivots

  1. Click the + button in the charts section
  2. Select a field to pivot on (Vendor, Product, Version, etc.)
  3. Choose your preferred chart type
  4. Click Create - your pivot is saved automatically

Custom pivots persist across sessions. Click the chart type icon to rotate through different visualizations.

AI-Powered Summaries

Supported AI Providers

  • OpenAI - GPT-4o-mini (fast, cost-effective)
  • Anthropic - Claude Sonnet (balanced quality)
  • Google - Gemini 1.5 Flash (fast)
  • Custom - Any OpenAI-compatible endpoint

Detail Levels

Level Audience Style
Executive C-suite, board members 3-4 sentences, business risk focus, no jargon
Balanced IT professionals, managers 5-6 sentences, severity + remediation priority
Technical Detail Security engineers, analysts 8-10 sentences, attack vectors, IOCs, specific fixes

Using AI Summary

  1. Configure your AI provider in Settings > Advanced > AI Agent
  2. Open any CVE detail modal
  3. Click the "Smart Summary" button
  4. Adjust detail level and language using the controls
  5. Click "Regenerate" for a fresh summary
Caching AI summaries are cached on the server by CVE ID + language + level. Use "Regenerate" to force a new summary.

Risk Burn Rate Model

The dashboard includes a sophisticated financial risk quantification model that calculates potential loss from unpatched vulnerabilities and tracks risk accumulation over time.

Key Metrics

Potential Loss (L)

Estimated maximum financial impact if the vulnerability is exploited. Calculated from breach cost, exposure ratio, and threat factors.

Burn Rate (B)

Rate at which risk accumulates per hour until remediation. Displayed as $/hour countdown in the Risk Odometer.

Calculation Factors

Factor Weight Description
EPSS Score████Exploitation Prediction Scoring System probability
CVSS Score███Common Vulnerability Scoring System severity
Exploit Maturity██Weaponized / PoC / None status
Time ExposureDays since publication (capped at 180)

Risk Multipliers

Industry Presets

Select your industry in Settings > Advanced > Risk Model Assumptions to auto-fill appropriate breach costs and SLA windows:

Finance Healthcare Critical Infrastructure Technology Retail

CSV Import & Host View

Importing CSV Files

  1. Click the CSV section or drag a file onto the upload area
  2. The dashboard auto-detects column types (CVE, CPE, IP, hostname)
  3. Select which columns to use for searching and host identification
  4. Click Confirm to begin processing

Column Auto-Detection

Type Pattern Example
CVECVE-YYYY-NNNNNCVE-2024-21762
CPEcpe:2.3:...cpe:2.3:a:apache:*
IP AddressN.N.N.N192.168.1.100
HostnameFQDN patternsserver.example.com

Host-Centric View

After importing a CSV with host data:

Large Imports For imports with 100+ CVEs, a pause/resume feature appears. You can pause processing and resume later from where you left off.

Export Options

Export JSON

Full API response data including all fields and metadata. Best for programmatic use or re-import into other tools.

Export CSV

Respects visible columns from table settings. Smart row expansion for CVEs with multiple associated hosts.

Export PDF

Professional CVE or Host reports with AI analysis, risk metrics, charts, and all relevant details.

Dashboard PDF

Summary view with severity chart, maturity pyramid, timeline, and top CVE table. Great for executive reporting.

Settings & Configuration

Main Settings

Custom Brand Skins

Create personalized themes that match your organization's branding:

Creating a Skin from URL
  1. Go to Settings → Appearance
  2. Click Create New in the Custom Skins section
  3. Enter your company's website URL (e.g., https://www.company.com)
  4. Click Extract to discover logos and brand colors
  5. Select your preferred logo from the discovered options
  6. Review the extracted colors (click to select/deselect)
  7. Choose Dark or Light theme mode
  8. Click Preview Theme to see the result
  9. Click Apply to use the theme
Manual Theme Creation

Switch to the Manual tab to pick colors directly:

  • Primary Color: Main UI accent color
  • Background: Base background color
  • Text Color: Primary text color
  • Accent Color: Highlight color for buttons/links
  • Logo: Upload your company logo (optional)
Brand Logo in PDFs

When a brand logo is set, it automatically appears in:

  • Dashboard header (top-left corner)
  • CVE vulnerability PDF exports
  • Host assessment PDF exports
  • Dashboard summary PDF exports
Managing Custom Skins
  • Apply: Click the checkmark to apply a saved skin
  • Export: Download the skin as a JSON file for backup or sharing
  • Delete: Remove the skin from your saved list
  • Import: Load a skin from a previously exported JSON file

Advanced Settings

Fetch Speed

Control how aggressively API requests are batched:

  • Gentle (1): Slow, minimal server load
  • Light (2): Conservative speed
  • Normal (3): Balanced (default)
  • Eager (4): Faster fetching
  • Hungry (5): Maximum speed
AI Agent
  • Provider: OpenAI, Anthropic, Google, or Custom endpoint
  • Endpoint: API URL (auto-filled for known providers)
  • API Key: Your provider's API key (encrypted)

Use the Validate button to test your API key connection.

Risk Model Assumptions
  • Industry: Select for preset values
  • Annual Revenue: Your organization's revenue ($)
  • Avg Breach Cost: Industry average data breach cost ($)
  • SLA Hours: Remediation windows by severity (KEV, Critical, High)
Prompt Templates

Customize AI prompts for CVE and Host summaries. Available template variables:

{cve_id} {severity} {cvss} {epss} {description} {products} {kev_status} {exploits} {threat_actors}

Click Reset to Default to restore the original prompt.

Keyboard Shortcuts

Shortcut Action
Escape Close modal / Clear search
Enter Execute search
Navigate previous/next CVE in modal

Troubleshooting

"Virtual environment not found"

Run the build script first to set up the Python environment:

# Windows
build.bat

# Linux/macOS
./build.sh
"Port in use"

The server will automatically try the next available port. Or stop any existing instance:

run.bat --stop
"Proxy Offline" in dashboard
  1. Make sure the server is running (run.bat)
  2. Check server.log for error messages
  3. Verify no firewall is blocking port 8500
"Invalid API token"
  1. Verify your VulnCheck API token is correct
  2. Check token permissions at vulncheck.com
  3. Try regenerating a new token
Filters not working
  1. Clear browser localStorage: localStorage.clear() in browser console
  2. Refresh the page
  3. Try applying filters again
AI Summary not working
  1. Verify AI API key is configured in Advanced Settings
  2. Check that the selected provider endpoint is reachable
  3. Use the Validate button to test your API key
  4. Check the browser console (F12) for error messages
Host view not showing

Ensure your CSV import includes hostname or IP address columns. The dashboard auto-detects these based on column content patterns. Check the column selection modal to verify the correct columns are identified.

Version History

Release history and key feature highlights for VulnCheck Dashboard.

v2.5.4 — Visual Polish & Documentation (Feb 2026)

  • Chart color harmonization across all visualizations (pyramid, pivots, viz tiles)
  • Breathing animation on CVE timeline dots and main page mini dots
  • Horizontal wave line effect in sample data timeline section
  • Version info in settings panel with link to help page
  • Print-friendly help documentation with professional PDF layout

v2.5.3 — Breach Cost & Timeline Enhancements (Feb 2026)

  • CVE Timeline V2 with individual event dots, even spacing, and smart clustering
  • Breach cost counter with real-time roller animation and YoY comparison
  • Compact PDF export with inline severity/CVSS/EPSS header
  • KEV multi-highlight for both CISA and VulnCheck KEV dates
  • Threat intelligence timeline events (threat actors, ransomware, botnets)

v2.5.2 — UI Polish (Feb 2026)

  • Column settings merged into Table Settings modal
  • Copy summary button in CVE modal header
  • EPSS score and percentile merged into single badge
  • Light theme font visibility fixes for colored badges

v2.5 — CVE Timeline Enhancement (Feb 2026)

  • Clustered timeline design with hover popup above dots
  • Bidirectional highlighting between timeline dots and info badges
  • NVD, KEV, Exploit, Threat, Canary, and EPSS event categories
  • View toggle between Timeline and Classic views
  • Full light theme compatibility

v2.4 — UX Polish (Feb 2026)

  • Host view expand/collapse functionality
  • Host smart summary with level and language controls
  • Compact multi-column PDF layout for host exports
  • Auto-scroll to generated AI summary

v2.3 — Risk Burn Rate Model (Feb 2026)

  • Financial risk quantification with configurable assumptions
  • Real-time burn rate meter and cost projections
  • Risk reduction tracking as vulnerabilities are remediated
  • Exportable risk reports for executive stakeholders

v2.2 — AI Integration (Feb 2026)

  • AI-powered smart summaries with multi-provider support
  • Configurable summary detail levels and languages
  • Executive, technical, and remediation summary modes

v2.1 — MITRE ATT&CK Integration (Jan 2026)

  • MITRE ATT&CK tactic and technique mapping per CVE
  • Custom pivot charts for ATT&CK data visualization
  • Filter by ATT&CK tactics and techniques

v2.0 — Host-Centric View (Jan 2026)

  • Host-grouped vulnerability view from CSV imports
  • Per-host risk scoring and severity breakdown
  • Host detail modal with vulnerability table
  • Batch PDF export for host reports

v1.5 — Visualization & Filtering (Jan 2026)

  • Interactive severity distribution and timeline charts
  • Exploit maturity pyramid visualization
  • Custom pivot charts with click-to-filter
  • Multi-criteria filtering with AND/OR logic

v1.0 — Core Features (Jan 2026)

  • CVE and CPE search with VulnCheck API integration
  • CSV batch processing with progress tracking
  • Sortable results table with severity indicators
  • CVE detail modal with exploit intelligence
  • PDF export for individual CVEs
  • Dark and light theme support