Inspiration

Modern systems rely on countless third-party packages, yet many organizations lack visibility into known vulnerabilities within them. We wanted to simplify vulnerability intelligence and make it accessible, fast, and actionable using AI.

What it does

SecureScan analyzes software packages and their versions to identify known vulnerabilities (CVEs) using real-time data from the National Vulnerability Database. It enhances this data with Google Gemini to generate clear explanations, impact analysis, and remediation steps. It also supports bulk scanning via JSON input for full environment auditing.

How we built it

We developed a full-stack application using React (Vite) and Tailwind CSS for the frontend, and Node.js with Express for the backend. The backend integrates with the NVD API to fetch CVE data, while Gemini processes and summarizes vulnerabilities into human-readable insights.

Challenges we ran into

Handling inconsistent and complex CVE data formats from NVD Filtering vulnerabilities accurately based on software versions Managing API rate limits and response delays Ensuring AI responses remain relevant and not overly generic Accomplishments that we're proud of Successfully integrated real-time CVE data with AI-driven remediation Built a scalable bulk scanning feature using JSON input Created a clean, analyst-friendly interface for vulnerability review Reduced technical complexity of CVE data into understandable insights

What we learned

How vulnerability databases like NVD structure and expose CVE data The importance of version-specific vulnerability matching Practical integration of AI into cybersecurity workflows Trade-offs between automation and accuracy in security tools What's next for SecureScan Add CVSS-based risk scoring and prioritization Integrate SBOM tools like Syft Export detailed vulnerability reports (PDF/CSV) Implement authentication and role-based access control (RBAC) Integrate into CI/CD pipelines for continuous security scanning

Built With

and
api
backend
by
data
express.js
for
framer
handle
interactions.
is
motion
node.js
powered
requests
securescan-was-built-using-a-modern-full-stack-architecture.-the-frontend-is-developed-with-react-(vite)-and-styled-using-tailwind-css
the
to
ui
with

Submitted to

LionHacks

Created by

I designed and developed SecureScan end-to-end, including both the frontend and backend. I implemented the integration with the National Vulnerability Database API to fetch real-time CVE data and built logic to filter vulnerabilities based on software versions. I also integrated Google Gemini to generate clear summaries and remediation guidance from raw vulnerability data.

On the frontend, I created a responsive React interface with features such as real-time search, expandable CVE details, and JSON-based bulk scanning. Additionally, I handled API key management, structured data processing, and optimized the application for performance and usability.

Binary001 Shah

Updates

Binary001 Shah started this project — Apr 25, 2026 06:19 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.