Jerry GamblinFinding CVEs that technically "don't exist" yet. 🕵️♂️
Ghost CVEs are live. A "Ghost CVE" is a vulnerability identifier that’s already popped up in the wild—think GitHub commits or security advisories—but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE.
It catches the threats that are already out there, even if the paperwork says they aren't. 📝💨
Admittedly, there are a lot more sources to add—this was just a quick weekend POV—but I plan on extending it soon.
Check out the latest ghost report here: https://github.com/RogoLabs/GhostCVEs/blob/main/reports/ghost_report.md
