Initial commit of CVE decoder application

.github/workflows/sync-to-hf.yml

@@ -0,0 +1,26 @@
+name: Sync to Hugging Face hub
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  sync-to-hub:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          lfs: true
+      
+      - name: Push to hub
+        env:
+          HF_TOKEN: ${{ secrets.HF_TOKEN }}
+          HF_USERNAME: MMADS
+          SPACE_NAME: cve-decoder
+        run: |
+          # Add HuggingFace Space as remote
+          git remote add space https://${HF_USERNAME}:${HF_TOKEN}@huggingface.co/spaces/${HF_USERNAME}/${SPACE_NAME}
+          
+          # Force push to space
+          git push --force space main

app.py

@@ -0,0 +1,615 @@
+import json
+import logging
+import os
+from collections import OrderedDict
+from datetime import datetime, timedelta
+from typing import Dict, Optional, Tuple
+from threading import Lock
+import time
+
+import gradio as gr
+import pandas as pd
+import plotly.express as px
+import requests
+from requests.adapters import HTTPAdapter
+from urllib3.util.retry import Retry
+
+# Configure logging for the application
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
+)
+logger = logging.getLogger(__name__)
+
+# --- Constants and Global Variables ---
+
+CURRENT_YEAR = datetime.now().year
+# --- REFACTORED: Use NVD API v2.0 endpoint ---
+NVD_API_V2_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0"
+RESULTS_PER_PAGE = 2000 # Max allowed by the API
+
+# Thread-safe cache with lock
+CACHE_MAX_SIZE = 5
+DATAFRAME_CACHE: Dict[int, Tuple[pd.DataFrame, float]] = OrderedDict()
+CACHE_LOCK = Lock()
+CACHE_TTL = 3600  # Cache TTL in seconds (1 hour)
+
+# HTTP session with retry strategy
+SESSION = requests.Session()
+retry_strategy = Retry(
+    total=5, # Increased retries for API robustness
+    backoff_factor=1,
+    status_forcelist=[429, 500, 502, 503, 504],
+)
+adapter = HTTPAdapter(max_retries=retry_strategy)
+SESSION.mount("http://", adapter)
+SESSION.mount("https://", adapter)
+
+# NVD API Key from environment variables
+NVD_API_KEY = os.environ.get("NVD_API_KEY")
+if NVD_API_KEY:
+    logger.info("NVD API key found and will be used.")
+    SESSION.headers.update({"apiKey": NVD_API_KEY})
+else:
+    logger.warning("NVD_API_KEY environment variable not set. Using public, rate-limited access.")
+
+# Profiles for tailoring LLM-generated summaries to different audiences
+AUDIENCE_PROFILES = {
+    "Cybersecurity Professional": {
+        "focus": "threat assessment, attack vectors, mitigation strategies, and security controls",
+        "tone": "technical and precise",
+        "priorities": ["exploitation methods", "defensive measures", "risk assessment", "compliance implications"]
+    },
+    "Data Scientist": {
+        "focus": "data exposure risks, model vulnerabilities, and statistical analysis implications",
+        "tone": "analytical and research-oriented",
+        "priorities": ["data integrity", "model security", "pipeline vulnerabilities", "privacy concerns"]
+    },
+    "Data Engineer": {
+        "focus": "infrastructure vulnerabilities, data pipeline security, and system architecture impacts",
+        "tone": "technical with infrastructure emphasis",
+        "priorities": ["database security", "ETL vulnerabilities", "infrastructure risks", "data flow security"]
+    },
+    "Full-Stack Developer": {
+        "focus": "code vulnerabilities, dependency risks, and implementation fixes",
+        "tone": "practical and code-oriented",
+        "priorities": ["code examples", "library updates", "patch implementation", "secure coding practices"]
+    },
+    "Product Owner": {
+        "focus": "business impact, user experience, and prioritization for backlog",
+        "tone": "business-oriented with technical context",
+        "priorities": ["user impact", "feature implications", "timeline considerations", "resource requirements"]
+    },
+    "Manager": {
+        "focus": "business risk, resource allocation, and strategic implications",
+        "tone": "executive summary style",
+        "priorities": ["business impact", "cost implications", "team requirements", "timeline urgency"]
+    }
+}
+
+# Valid year range for NVD feeds
+MIN_YEAR = 2002
+MAX_YEAR = CURRENT_YEAR
+
+
+# --- Utility Functions ---
+
+def validate_year(year: int) -> bool:
+    """Validates if the year is within the acceptable range."""
+    return MIN_YEAR <= year <= MAX_YEAR
+
+
+def clean_cache() -> None:
+    """Removes expired entries from the cache."""
+    current_time = time.time()
+    with CACHE_LOCK:
+        expired_keys = [
+            key for key, (_, timestamp) in DATAFRAME_CACHE.items()
+            if current_time - timestamp > CACHE_TTL
+        ]
+        for key in expired_keys:
+            if key in DATAFRAME_CACHE:
+                del DATAFRAME_CACHE[key]
+                logger.info(f"Removed expired cache entry for year {key}")
+
+
+# --- Data Fetching and Parsing (REFACTORED for API v2.0) ---
+
+def get_cve_dataframe(year: int) -> pd.DataFrame:
+    """
+    Fetches, parses, and caches CVE data for a specific year from the NVD API 2.0.
+    Returns a pandas DataFrame with thread-safe caching.
+    """
+    if not validate_year(year):
+        raise gr.Error(f"Invalid year: {year}. Please select a year between {MIN_YEAR} and {MAX_YEAR}.")
+
+    # Clean cache before checking
+    clean_cache()
+
+    with CACHE_LOCK:
+        if year in DATAFRAME_CACHE:
+            logger.info(f"Cache hit for year {year}.")
+            DATAFRAME_CACHE.move_to_end(year)  # Mark as recently used
+            return DATAFRAME_CACHE[year][0].copy() # Return a copy to prevent mutations
+
+    logger.info(f"Cache miss. Fetching NVD data for year {year} from API v2.0.")
+
+    # Define date range for the selected year
+    start_date = datetime(year, 1, 1, 0, 0, 0).isoformat()
+    end_date = datetime(year + 1, 1, 1, 0, 0, 0).isoformat()
+    
+    all_vulnerabilities = []
+    start_index = 0
+
+    try:
+        while True:
+            params = {
+                'pubStartDate': start_date,
+                'pubEndDate': end_date,
+                'resultsPerPage': RESULTS_PER_PAGE,
+                'startIndex': start_index
+            }
+            
+            logger.info(f"Requesting CVEs from index {start_index}...")
+            response = SESSION.get(NVD_API_V2_URL, params=params, timeout=60)
+            response.raise_for_status()
+            
+            data = response.json()
+            vulnerabilities = data.get("vulnerabilities", [])
+            all_vulnerabilities.extend(vulnerabilities)
+
+            total_results = data.get("totalResults", 0)
+            start_index += len(vulnerabilities)
+
+            if start_index >= total_results:
+                break
+            
+            # --- Respect NVD rate limits ---
+            # Sleep for 6 seconds with API key, 10 without, to be safe
+            time.sleep(6 if NVD_API_KEY else 10)
+
+        if not all_vulnerabilities:
+            logger.warning(f"No CVE data found for year {year}")
+            raise gr.Error(f"No CVE data available for year {year}.")
+
+        df = parse_cve_items(all_vulnerabilities)
+
+        with CACHE_LOCK:
+            if len(DATAFRAME_CACHE) >= CACHE_MAX_SIZE:
+                DATAFRAME_CACHE.popitem(last=False)
+            DATAFRAME_CACHE[year] = (df, time.time())
+        
+        return df.copy()
+
+    except requests.exceptions.Timeout:
+        logger.error(f"Timeout while fetching data for {year}")
+        raise gr.Error("Request timed out. The NVD API might be busy. Please try again.")
+    except requests.exceptions.HTTPError as e:
+        logger.error(f"HTTP Error for {year}: {e}")
+        raise gr.Error(f"Failed to fetch data for {year}. HTTP Error: {e.response.status_code}")
+    except json.JSONDecodeError as e:
+        logger.error(f"Failed to parse JSON for {year}: {e}")
+        raise gr.Error(f"Data for {year} is corrupted or invalid.")
+    except Exception as e:
+        logger.error(f"Unexpected error processing feed for {year}: {e}", exc_info=True)
+        raise gr.Error(f"An unexpected error occurred: {str(e)}")
+
+
+def parse_cve_items(vulnerabilities: list) -> pd.DataFrame:
+    """
+    Extracts vulnerability details from the NVD API v2.0 JSON data.
+    """
+    rows = []
+    
+    for item in vulnerabilities:
+        cve_data = item.get("cve", {})
+        if not cve_data:
+            continue
+
+        cve_id = cve_data.get("id", "N/A")
+        
+        # Get English description
+        description = "No description available"
+        for desc in cve_data.get("descriptions", []):
+            if desc.get("lang") == "en":
+                description = desc.get("value", description)
+                break
+        
+        published = cve_data.get("published", "N/A")
+
+        # --- REFACTORED: Extract CVSS metrics, prioritizing v3.1 -> v3.0 -> v2 ---
+        base_score, severity, attack_vector = None, "N/A", "N/A"
+        metrics = cve_data.get("metrics", {})
+        
+        if "cvssMetricV31" in metrics:
+            metric_data = metrics["cvssMetricV31"][0].get("cvssData", {})
+            base_score = metric_data.get("baseScore")
+            severity = metric_data.get("baseSeverity", "N/A")
+            attack_vector = metric_data.get("attackVector", "N/A")
+        elif "cvssMetricV30" in metrics:
+            metric_data = metrics["cvssMetricV30"][0].get("cvssData", {})
+            base_score = metric_data.get("baseScore")
+            severity = metric_data.get("baseSeverity", "N/A")
+            attack_vector = metric_data.get("attackVector", "N/A")
+        elif "cvssMetricV2" in metrics:
+            metric_data = metrics["cvssMetricV2"][0]
+            base_score = metric_data.get("cvssData", {}).get("baseScore")
+            severity = metric_data.get("baseSeverity", "N/A")
+            attack_vector = metric_data.get("accessVector", "N/A") # Note the different key for V2
+
+        # Extract CWE IDs
+        cwe_ids = []
+        for weakness in cve_data.get("weaknesses", []):
+            for desc in weakness.get("description", []):
+                if desc.get("lang") == "en":
+                    cwe_id = desc.get("value")
+                    if cwe_id and cwe_id.startswith("CWE-"):
+                        cwe_ids.append(cwe_id)
+        
+        rows.append({
+            "CVE_ID": cve_id,
+            "Description": description,
+            "Published": published[:10] if published else "N/A",
+            "Base_Score": base_score,
+            "Severity": severity.upper() if severity else "N/A",
+            "Attack_Vector": attack_vector.upper() if attack_vector else "N/A",
+            "CWE_IDs": ", ".join(cwe_ids) if cwe_ids else "N/A"
+        })
+
+    if not rows:
+        logger.warning("No valid CVE items could be parsed")
+        return pd.DataFrame()
+
+    df = pd.DataFrame(rows)
+    df["Base_Score"] = pd.to_numeric(df["Base_Score"], errors='coerce')
+    df = df.sort_values("Published", ascending=False, na_position='last').reset_index(drop=True)
+    
+    return df
+
+
+# --- LLM Integration ---
+
+def generate_tailored_summary(cve_description: str, audience: str, hf_token: str) -> str:
+    """
+    Generates a tailored CVE summary using the Hugging Face Inference API.
+    """
+    if not hf_token:
+        return "⚠️ Hugging Face API token is not configured. Please set the HF_TOKEN environment variable."
+    if not cve_description or cve_description == "":
+        return "Please select a CVE from the table first."
+    if audience not in AUDIENCE_PROFILES:
+        return "Invalid audience selected."
+
+    api_url = "https://api-inference.huggingface.co/models/mistralai/Mistral-7B-Instruct-v0.2"
+    headers = {"Authorization": f"Bearer {hf_token}"}
+    profile = AUDIENCE_PROFILES[audience]
+    
+    prompt = f"""<s>[INST] You are an expert cybersecurity analyst. Your task is to rewrite the following technical CVE description into a concise, actionable summary for a specific professional audience.
+
+**Target Audience:** {audience}
+- **Focus:** {profile.get('focus', 'N/A')}
+- **Key Priorities:** {', '.join(profile.get('priorities', []))}
+
+**Original CVE Description:**
+---
+{cve_description}
+---
+
+Provide a clear, concise summary (max 200 words) in a {profile.get('tone', 'professional')} tone, focusing on what matters most to this audience. Include actionable insights and recommendations. [/INST]"""
+
+    payload = {
+        "inputs": prompt,
+        "parameters": {
+            "max_new_tokens": 256,
+            "temperature": 0.7,
+            "top_p": 0.95,
+            "return_full_text": False
+        }
+    }
+
+    try:
+        response = SESSION.post(api_url, headers=headers, json=payload, timeout=60)
+        
+        if response.status_code == 503:
+            return "⏳ The model is currently loading. Please try again in a few moments."
+        elif response.status_code == 401:
+            return "❌ Invalid API token. Please check your Hugging Face token."
+        elif response.status_code != 200:
+            error_data = response.json()
+            error_message = error_data.get("error", "Unknown error")
+            logger.error(f"Inference API Error ({response.status_code}): {error_message}")
+            return f"⚠️ API Error: {error_message}"
+        
+        result = response.json()
+        if isinstance(result, list) and len(result) > 0:
+            generated_text = result[0].get('generated_text', '').strip()
+            if generated_text:
+                return f"### Tailored Summary for {audience}\n\n{generated_text}"
+            else:
+                return "⚠️ The model returned an empty response. Please try again."
+        else:
+            return "⚠️ Unexpected response format from the API."
+    except requests.exceptions.Timeout:
+        logger.error("Timeout while calling Inference API")
+        return "⏱️ Request timed out. The model might be overloaded. Please try again."
+    except Exception as e:
+        logger.error(f"Unexpected error in generate_tailored_summary: {e}")
+        return f"❌ An unexpected error occurred: {str(e)}"
+
+
+# --- Analysis and Visualization ---
+
+def analyze_and_visualize(
+    df: Optional[pd.DataFrame], 
+    severity: str, 
+    vector: str, 
+    search: str
+) -> Tuple[pd.DataFrame, Optional[px.bar], Optional[px.line], str]:
+    """
+    Filters the main DataFrame and generates all outputs.
+    """
+    if df is None or df.empty:
+        empty_df = pd.DataFrame(columns=["CVE_ID", "Severity", "Base_Score", "Description"])
+        return empty_df, None, None, "### No Data Loaded\n\nPlease select a year to load CVE data."
+    
+    try:
+        filtered_df = df.copy()
+        
+        # Apply filters
+        if severity and severity != "All":
+            filtered_df = filtered_df[filtered_df["Severity"] == severity]
+        if vector and vector != "All":
+            filtered_df = filtered_df[filtered_df["Attack_Vector"] == vector]
+        if search and search.strip():
+            search_term = search.strip()
+            masks = [
+                filtered_df[col].str.contains(search_term, case=False, na=False)
+                for col in ["CVE_ID", "Description", "CWE_IDs"] if col in filtered_df.columns
+            ]
+            if masks:
+                combined_mask = pd.concat(masks, axis=1).any(axis=1)
+                filtered_df = filtered_df[combined_mask]
+        
+        # Create outputs
+        severity_chart = create_severity_chart(filtered_df)
+        timeline_chart = create_timeline_chart(filtered_df)
+        summary_text = create_summary_text(filtered_df)
+        
+        display_columns = ["CVE_ID", "Severity", "Base_Score", "Description"]
+        display_df = filtered_df[[col for col in display_columns if col in filtered_df.columns]]
+        
+        return display_df, severity_chart, timeline_chart, summary_text
+    except Exception as e:
+        logger.error(f"Error in analyze_and_visualize: {e}", exc_info=True)
+        empty_df = pd.DataFrame(columns=["CVE_ID", "Severity", "Base_Score", "Description"])
+        return empty_df, None, None, f"### Error\n\nAn error occurred while filtering data: {str(e)}"
+
+
+def create_severity_chart(df: pd.DataFrame) -> Optional[px.bar]:
+    """Creates a bar chart for CVE severity distribution."""
+    if df.empty or "Severity" not in df.columns:
+        return None
+    try:
+        order = ["CRITICAL", "HIGH", "MEDIUM", "LOW", "N/A"]
+        counts = df["Severity"].value_counts().reindex(order, fill_value=0)
+        color_map = {"CRITICAL": "#8B0000", "HIGH": "#FF4500", "MEDIUM": "#FFA500", "LOW": "#FFD700", "N/A": "#D3D3D3"}
+        fig = px.bar(
+            x=counts.index, y=counts.values,
+            labels={"x": "Severity Level", "y": "Number of CVEs"},
+            title="CVE Severity Distribution",
+            color=counts.index, color_discrete_map=color_map, text=counts.values
+        )
+        fig.update_traces(texttemplate='%{text}', textposition='outside')
+        fig.update_layout(showlegend=False, xaxis={'categoryorder': 'array', 'categoryarray': order})
+        return fig
+    except Exception as e:
+        logger.error(f"Error creating severity chart: {e}")
+        return None
+
+def create_timeline_chart(df: pd.DataFrame) -> Optional[px.line]:
+    """Creates a line chart showing CVE publications over time."""
+    if df.empty or 'Published' not in df.columns:
+        return None
+    try:
+        df_copy = df.copy()
+        df_copy["Date"] = pd.to_datetime(df_copy["Published"], errors='coerce')
+        df_copy.dropna(subset=["Date"], inplace=True)
+        if df_copy.empty: return None
+        
+        counts = df_copy.set_index("Date").resample('M').size()
+        if counts.empty: return None
+
+        fig = px.line(
+            x=counts.index, y=counts.values,
+            labels={"x": "Month", "y": "Number of CVEs"},
+            title="CVE Publications Timeline", markers=True
+        )
+        return fig
+    except Exception as e:
+        logger.error(f"Error creating timeline chart: {e}")
+        return None
+
+
+def create_summary_text(df: pd.DataFrame) -> str:
+    """Generates a markdown string with key statistics."""
+    if df.empty:
+        return "### No Results\n\nNo CVEs match your current filter criteria."
+    try:
+        total_cves = len(df)
+        sev_counts = df['Severity'].value_counts() if 'Severity' in df.columns else {}
+        scores = df['Base_Score'].dropna()
+        avg_score = f"{scores.mean():.2f}" if not scores.empty else "N/A"
+        max_score = f"{scores.max():.1f}" if not scores.empty else "N/A"
+        
+        return "\n".join([
+            f"### Summary Statistics",
+            f"- **Total CVEs Found:** {total_cves:,}",
+            f"- **Critical:** {sev_counts.get('CRITICAL', 0):,}",
+            f"- **High:** {sev_counts.get('HIGH', 0):,}",
+            f"- **Medium:** {sev_counts.get('MEDIUM', 0):,}",
+            f"- **Low:** {sev_counts.get('LOW', 0):,}",
+            f"- **Average Base Score:** {avg_score}",
+            f"- **Maximum Base Score:** {max_score}"
+        ])
+    except Exception as e:
+        logger.error(f"Error creating summary text: {e}")
+        return f"### Error\n\nCould not generate summary: {str(e)}"
+
+# --- Gradio UI and Event Logic ---
+
+def create_dashboard():
+    """Builds the entire Gradio interface."""
+    
+    with gr.Blocks(theme=gr.themes.Soft(), title="CVE Dashboard - NVD API v2.0 Analyzer") as dashboard:
+        
+        df_state = gr.State(value=None)
+        selected_cve_description = gr.State(value="")
+        hf_token_state = gr.State(value=os.environ.get("HF_TOKEN", ""))
+        
+        gr.Markdown(
+            """
+            # 🛡️ CVE Dashboard: NVD API v2.0 Analyzer
+            Explore Common Vulnerabilities and Exposures (CVE) data from the National Vulnerability Database, fetched live using the NVD API 2.0.
+            
+            Select a year to load CVE data, apply filters, and leverage AI to generate tailored summaries for different professional audiences.
+            """
+        )
+        
+        with gr.Row():
+            with gr.Column(scale=1):
+                gr.Markdown("### 🎛️ Controls")
+                year_dd = gr.Dropdown(
+                    choices=list(range(MIN_YEAR, MAX_YEAR + 1))[::-1], value=CURRENT_YEAR,
+                    label="1. Select Year", info="Choose a year to load CVE data"
+                )
+                
+                gr.Markdown("### 🔍 Filters")
+                severity_dd = gr.Dropdown(
+                    choices=["All", "CRITICAL", "HIGH", "MEDIUM", "LOW"], value="All",
+                    label="2. Severity Level", info="Filter by CVSS severity rating"
+                )
+                vector_dd = gr.Dropdown(
+                    choices=["All", "NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL"], value="All",
+                    label="3. Attack Vector", info="Filter by attack vector type"
+                )
+                search_tb = gr.Textbox(
+                    label="4. Search", placeholder="e.g., 'Log4j', 'SQL injection', 'CWE-89'...",
+                    info="Search in CVE IDs, descriptions, and CWE IDs"
+                )
+                filter_btn = gr.Button("🔄 Apply Filters", variant="primary", size="lg")
+            
+            with gr.Column(scale=3):
+                summary_out = gr.Markdown(value="### Loading...")
+                with gr.Tabs():
+                    with gr.TabItem("📊 Data Table"):
+                        table_out = gr.DataFrame(
+                            headers=["CVE_ID", "Severity", "Base_Score", "Description"],
+                            wrap=True, max_rows=20, interactive=True, label="CVE Data"
+                        )
+                    with gr.TabItem("📈 Severity Analysis"):
+                        plot_severity_out = gr.Plot(label="Severity Distribution")
+                    with gr.TabItem("📉 Timeline Analysis"):
+                        plot_timeline_out = gr.Plot(label="Publication Timeline")
+                
+                with gr.Accordion(
+                    "🤖 AI-Powered CVE Analysis (Select a CVE from the table)",
+                    open=False, visible=False
+                ) as llm_accordion:
+                    with gr.Row():
+                        with gr.Column(scale=2):
+                            original_desc_out = gr.Textbox(
+                                label="Original CVE Description", lines=6, interactive=False, show_copy_button=True
+                            )
+                        with gr.Column(scale=1):
+                            audience_dd = gr.Dropdown(
+                                choices=list(AUDIENCE_PROFILES.keys()), value="Cybersecurity Professional",
+                                label="Target Audience", info="Select your role for a tailored summary"
+                            )
+                            generate_btn = gr.Button("✨ Generate Tailored Summary", variant="primary")
+                    summary_llm_out = gr.Markdown(value="*Select an audience and click 'Generate'...*")
+        
+        # --- Event Handlers ---
+        
+        def on_year_change(year):
+            """Handle year selection change."""
+            try:
+                if year is None:
+                    return None, pd.DataFrame(), None, None, "### Please select a year"
+                df = get_cve_dataframe(int(year))
+                return df, *analyze_and_visualize(df, "All", "All", "")
+            except Exception as e:
+                logger.error(f"Error in on_year_change: {e}")
+                return None, pd.DataFrame(), None, None, f"### Error\n\n{str(e)}"
+        
+        # --- Correct CVE selection logic ---
+        def on_select_cve(full_df: pd.DataFrame, evt: gr.SelectData):
+            """Handle CVE row selection safely."""
+            try:
+                if full_df is None or evt.value is None:
+                    return "", "", gr.update(visible=False)
+                
+                # Get the CVE_ID from the selected row's first column value
+                selected_cve_id = evt.value
+                
+                # Look up the full description in the master dataframe
+                cve_record = full_df[full_df["CVE_ID"] == selected_cve_id]
+                if cve_record.empty:
+                    return "", "Could not find details for the selected CVE.", gr.update(visible=False)
+
+                full_description = cve_record.iloc[0]["Description"]
+                return full_description, full_description, gr.update(visible=True)
+            except Exception as e:
+                logger.error(f"Error in on_select_cve: {e}", exc_info=True)
+                return "", "Error loading CVE details", gr.update(visible=False)
+
+        # Wire up events
+        analysis_outputs = [table_out, plot_severity_out, plot_timeline_out, summary_out]
+        filter_inputs = [df_state, severity_dd, vector_dd, search_tb]
+
+        year_dd.change(
+            fn=on_year_change, inputs=[year_dd],
+            outputs=[df_state, *analysis_outputs], show_progress="full"
+        )
+        dashboard.load(
+            fn=on_year_change, inputs=[year_dd],
+            outputs=[df_state, *analysis_outputs], show_progress="full"
+        )
+
+        filter_btn.click(
+            fn=analyze_and_visualize, inputs=filter_inputs, outputs=analysis_outputs
+        )
+        search_tb.submit(
+            fn=analyze_and_visualize, inputs=filter_inputs, outputs=analysis_outputs
+        )
+        for control in [severity_dd, vector_dd]:
+            control.change(
+                fn=analyze_and_visualize, inputs=filter_inputs, outputs=analysis_outputs
+            )
+
+        table_out.select(
+            fn=on_select_cve,
+            inputs=[df_state],
+            outputs=[selected_cve_description, original_desc_out, llm_accordion],
+            # Use the cell value (CVE_ID) as the event data
+            _js="((df, evt) => { return [df, evt.value] })",
+            show_progress="hidden"
+        )
+
+        generate_btn.click(
+            fn=generate_tailored_summary,
+            inputs=[selected_cve_description, audience_dd, hf_token_state],
+            outputs=[summary_llm_out]
+        )
+        
+    return dashboard
+
+if __name__ == "__main__":
+    try:
+        if not os.environ.get("HF_TOKEN"):
+            logger.warning("HF_TOKEN not found. AI features will be limited.")
+        
+        cve_dashboard = create_dashboard()
+        cve_dashboard.launch(server_name="0.0.0.0", show_error=True)
+    except Exception as e:
+        logger.error(f"Failed to launch application: {e}", exc_info=True)
+        raise

requirements.txt

@@ -0,0 +1,5 @@
+gradio
+pandas
+plotly
+requests
+urllib3