# AutoCVE - One-Click CVE Discovery: Select Projects, Audit Source Code, Verify Vulnerabilities, Generate Reports, Fully Automated

[](https://www.gnu.org/licenses/agpl-3.0)
[](https://www.python.org/)
[](https://fastapi.tiangolo.com/)
[](https://react.dev/)
[](https://www.postgresql.org/)
[๐ Project Documentation](#-project-documentation) ยท
[โจ Core Capabilities](#-core-capabilities) ยท
[๐ Quick Start](#-quick-start) ยท
[๐ CVE Results](#-cve-discovery-results)
็ฎไฝไธญๆ | English
---
## ๐ Project Documentation
### ๐ [User Guide](./docs/USER_GUIDE_EN.md)
Covers complete usage instructions for environment deployment, model configuration, project import, Agent auditing, one-click CVE, vulnerability management, and Skills management, and provides previews of each feature interface.
### ๐๏ธ [Architecture Design Document](./docs/ARCHITECTURE_DESIGN_EN.md)
Introduces AutoCVE's overall architecture, Agent workflow, tool orchestration, permission protection, Agent Runtime, and ReAct Loop state-machine design.
### ๐ [API Documentation](./docs/API_DOCUMENTATION_EN.md)
Provides backend API, data structure, request parameter, and API debugging instructions.
---
## โจ Core Capabilities
### ๐ Complete CVE Discovery in One Click
Automates the full workflow from project selection, repository import, audit task creation, and Agent vulnerability discovery to CVE submission report generation. Users only need to copy the report content and submit it to complete the subsequent CVE application.
### ๐ค Multi-Agent Collaborative Auditing
The Orchestrator centrally schedules Agents such as Recon, Scan, Triage, Finding, and Verification to collaboratively complete information collection, tool scanning, false-positive filtering, deep vulnerability discovery, and dynamic verification.
```mermaid
flowchart LR
O["Orchestrator"] --> R["Recon"]
R --> S["Scan"]
S --> T["Triage"]
R --> F["Finding"]
T --> V["Verification"]
F --> V
V --> M["Merge / Finalize"]
```
### ๐งฉ Three Audit Modes
Choose enhanced scanning, intelligent auditing, or comprehensive auditing flexibly according to different audit goals, balancing scanning efficiency, discovery depth, and audit coverage.
| Audit Mode | Core Agent | Applicable Scenario |
| :---------: | :---------------------: | :-------------------------- |
| โก **Enhanced Scan** | Scan โ Triage | Quickly analyze tool scan results and filter false positives |
| ๐ง **Intelligent Audit** | Finding | Deeply discover high-value vulnerabilities; suitable for CVE and 0Day research |
| ๐ **Comprehensive Audit** | Scan โ Triage + Finding | Combine tool scanning with source-code analysis for full-scale auditing |
### ๐ฏ Dedicated Agent for CVE Discovery
Finding Agent is AutoCVE's core audit capability and is designed specifically for CVE discovery scenarios. It can directly analyze project source code and, together with the ReAct Loop, specialized tool calls, Nudge correction, and the structured `FinalizeFinding` termination mechanism, ultimately produce high-value vulnerabilities that meet CVE submission requirements.