Triage VEX vulnerabilities.
In your browser.
Nothing leaves your machine.

A free, zero-dependency vulnerability analysis editor. Upload a VEX file, set statuses and justifications for each CVE, and save — all client-side. Not a full VEX authoring tool; a focused interface for the analysis that matters most.

Start Triage How We Keep Your Data Safe

All Major VEX Formats

Auto-detected on upload. Edit vulnerability analysis fields and save in the original format with zero data loss.

CSAF VEX
Versions 2.0, 2.1
OpenVEX
Version 0.2.0
CycloneDX
Versions 1.4 – 1.7
SPDX
Versions 3.0, 3.0.1

How It Works

Upload

Drag and drop or select your VEX file. The format is automatically detected.

Triage

Set vulnerability statuses, justifications, and impact statements. Smart field guidance helps you complete the right fields for each status.

Save

Download your edited file locally. The original format and all untouched fields are preserved.

Built for Security Professionals

We built this tool the way we'd want to receive it — fully transparent, fully auditable.

Zero Dependencies

No npm packages. No CDN imports. Every line of code is first-party and auditable.

Client-Side Only

All parsing, editing, and serialization happens in your browser. No data is transmitted anywhere.

No Tracking

No analytics. No cookies. No telemetry. No localStorage of your document content.

Fully Auditable

No build step. Source files are what ships. Open DevTools and verify everything yourself.

Built by

Regusoft helps medical device companies navigate cybersecurity and regulatory compliance — from FDA submissions to post-market vulnerability management.

Learn more at regusoft.com →