Kunsh This workflow corresponds to n8n.io template #8283 — we link there as the canonical source.
This workflow follows the Agent → HTTP Request recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "Mg7AXksWUAkq3gfL",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "CVE Shoten",
"tags": [],
"nodes": [
{
"id": "3f9c06b8-41e5-4328-bea9-f58408b6b944",
"name": "Schedule Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-672,
192
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "5e7e6a0f-8ae6-4190-b85d-c0615b5af6ff",
"name": "\ud83d\udcd2 Overview",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1360,
128
],
"parameters": {
"color": 4,
"width": 556,
"height": 228,
"content": "## \ud83c\udfaf CVE Shoten - Bug Bounty CVE Monitor\n\nAutomatically monitors new CVEs from NIST and generates AI-powered bug bounty relevance assessments.\n\n**Setup required:**\n1. Configure Google Gemini API credentials\n2. Set up Slack webhook/bot credentials\n3. Customize Slack channel ID"
},
"typeVersion": 1
},
{
"id": "3f6d4779-9fef-47ef-8ac4-ba4f57a8caf3",
"name": "HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"position": [
-448,
192
],
"parameters": {
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0",
"options": {},
"sendQuery": true,
"queryParameters": {
"parameters": [
{
"name": "pubStartDate",
"value": "={{ new Date(Date.now() - 60 * 60 * 1000).toISOString() }}"
},
{
"name": "pubEndDate",
"value": "={{ new Date().toISOString() }}"
},
{
"name": "resultsPerPage",
"value": "20"
},
{
"name": "startIndex",
"value": "0"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "534cbfa4-7db1-4a70-92e8-0b07fc0fa07a",
"name": "\ud83d\udcd2 NIST API",
"type": "n8n-nodes-base.stickyNote",
"position": [
-560,
-160
],
"parameters": {
"color": 2,
"width": 344,
"height": 204,
"content": "## \ud83d\udd0d NIST CVE API\n\n**No credentials needed** - public API\n\nFetches CVEs published in the last hour:\n- Maximum 20 results per run\n- Includes severity scores and descriptions\n- Free to use with no rate limits"
},
"typeVersion": 1
},
{
"id": "a61a8245-ac38-4b35-8ad3-398c1a3209ff",
"name": "Split Out",
"type": "n8n-nodes-base.splitOut",
"position": [
-256,
192
],
"parameters": {
"options": {},
"fieldToSplitOut": "vulnerabilities"
},
"typeVersion": 1
},
{
"id": "0909109e-ae80-48ee-80f0-6e003b3cbb92",
"name": "Edit Fields",
"type": "n8n-nodes-base.set",
"position": [
-48,
192
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "56767386-f217-4b9e-ba8d-518dd98e5a25",
"name": "cve",
"type": "string",
"value": "={{ $json.cve.id }}"
},
{
"id": "74c34102-5090-4bc5-99d3-4403366eff89",
"name": "published",
"type": "string",
"value": "={{ \n new Date($json.cve.published).toLocaleString('en-GB', { \n timeZone: 'UTC',\n weekday: 'short',\n year: 'numeric',\n month: 'short',\n day: 'numeric',\n hour: '2-digit',\n minute: '2-digit',\n hour12: false\n }) + ' (UTC)' \n}}"
},
{
"id": "a23a198f-fac6-425a-9f0a-2aa48cf5225b",
"name": "cve_descriptions",
"type": "string",
"value": "={{ $json.cve.descriptions[0].value }}"
},
{
"id": "ed88ec1b-7b98-477f-87f0-e7353b794129",
"name": "severity",
"type": "string",
"value": "={{\n $json.cve.metrics.cvssMetricV40\n ? $json.cve.metrics.cvssMetricV40[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV40[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV31\n ? $json.cve.metrics.cvssMetricV31[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV31[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV30\n ? $json.cve.metrics.cvssMetricV30[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV30[0].cvssData.baseScore + ')'\n : $json.cve.metrics.cvssMetricV2\n ? $json.cve.metrics.cvssMetricV2[0].cvssData.baseSeverity + ' (' + $json.cve.metrics.cvssMetricV2[0].cvssData.baseScore + ')'\n : 'Unknown'\n}}"
},
{
"id": "992a9a62-3980-4287-8a47-4fb2e46220a5",
"name": "references",
"type": "string",
"value": "={{ $json.cve.references[0].url }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "45d4125a-338b-4821-a40f-7b95000e9a1d",
"name": "\ud83d\udcd2 Processing",
"type": "n8n-nodes-base.stickyNote",
"position": [
-320,
448
],
"parameters": {
"color": 3,
"width": 298,
"height": 226,
"content": "## \u2699\ufe0f Data Processing\n\nExtracts key CVE information:\n- CVE ID and publication date\n- CVSS severity scores (v2-v4)\n- Vulnerability descriptions\n- Reference URLs\n\nFormats data for AI analysis"
},
"typeVersion": 1
},
{
"id": "c03e59c1-16ba-4d19-8c8c-0a029158ce35",
"name": "Google Gemini Chat Model",
"type": "@n8n/n8n-nodes-langchain.lmChatGoogleGemini",
"position": [
32,
400
],
"parameters": {
"options": {},
"modelName": "models/gemini-2.5-pro"
},
"credentials": {
"googlePalmApi": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"id": "65ffe2f0-c788-44c4-b8cd-d0b49a3ef6ea",
"name": "CVE Summarizer",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
160,
192
],
"parameters": {
"text": "=CVE: {{ $json.cve }}\nSeverity: {{ $json.severity }}\nPublished: {{ $json.published }}\nDescription: {{ $json.cve_descriptions }}\nRef: {{ $json.references }}`",
"options": {
"systemMessage": "=You are a CVE relevance analyzer for elite bug bounty hunters. You analyze CVE data and return **well-structured, Slack-ready assessments** with high exploitation value.\n\nYour audience is an elite-level bug bounty hunter. Your job is to extract only what helps them:\n* Decide if this CVE is worth their time\n* Find similar patterns on their targets \n* Use actionable testing strategies\n\n---\n\n**Mindset & Output Philosophy**\n\n* Focus only on real, actionable techniques for bug bounty testing\n* Do not explain basic vulnerability concepts\n* Think modularly - what can be reused, chained, or tested on other targets?\n* Your assessment should help the hunter immediately decide:\n -> \"Can I use this on my targets?\"\n -> \"Should I prioritize this?\"\n -> \"What should I test?\"\n\n---\n\n**Required Output Format** (Slack-Optimized)\n\n\n*CVE:* <Reference-Link|CVE-ID> | *Severity:* SEVERITY-LEVEL\n\n\ud83c\udfaf *Bug Bounty Relevance:* HIGH/MEDIUM/LOW/NONE\n\n[1-2 precise lines explaining why this matters for bug bounty based on the exact CVE description - be specific to the vulnerability, not generic]\n\n*Strategy:* [One actionable technique - mass scan targets, test specific endpoints, check for patterns, etc.]\n\n\n---\n\n**Critical Formatting Rules**\n\n* Use Slack hyperlink format: `<https://example.com|Display Text>` \n* This creates a clickable \"Display Text\" that links to the URL\n* The URL itself will NOT be visible in Slack\n* Use asterisks for bold: `*Bold Text*`\n* Keep total response under 5 lines\n* Always include the exact CVE description as provided\n* Be brutally honest about bounty relevance\n\n---\n\n**Example Output:**\n\n\n*CVE:* <https://github.com/Pierrad/obsidian-github-copilot/releases/tag/1.1.7|CVE-2025-58401> | *Severity:* MEDIUM (5.1)\n\n\ud83c\udfaf *Bug Bounty Relevance:* HIGH\n\nObsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account.\n\n*Strategy:* Target apps with GitHub integrations; check localStorage, sessionStorage, and API responses for exposed tokens.\n\n\n**Low Relevance Example:**\n\n\n*CVE:* <https://example.com/advisory|CVE-2025-12345> | *Severity:* HIGH (8.2)\n\n\ud83c\udfaf *Bug Bounty Relevance:* NONE\n\nKernel-level privilege escalation requiring local system access. Not testable through web interfaces or external attack surface.\n\n*Strategy:* Skip - infrastructure vulnerability outside bounty scope.\n\n\n---\n\n**Reminder**\n\nKeep all output Slack-safe, well-formatted, and directly useful for offensive testing. Your job is to surface only the **most operationally valuable** content for bug bounty hunting.\n\nAlways think: **\"What would a skilled bounty hunter test differently because of this CVE?\"**"
},
"promptType": "define"
},
"typeVersion": 2.2
},
{
"id": "f8617b9c-00af-4d63-b652-0ecc30893058",
"name": "\ud83d\udcd2 AI Analysis",
"type": "n8n-nodes-base.stickyNote",
"position": [
96,
-176
],
"parameters": {
"color": 6,
"width": 376,
"height": 304,
"content": "## \ud83e\udd16 AI Analysis\n\n**Setup:**\n1. Get Google Gemini API key from https://aistudio.google.com/\n2. Add to Google Gemini credentials\n\n**Features:**\n- Analyzes CVE relevance for bug bounty\n- Provides actionable testing strategies\n- Slack-formatted output\n- Filters noise from valuable insights"
},
"typeVersion": 1
},
{
"id": "e7efc350-1476-44c9-a1c4-269f5bd030b8",
"name": "Send a message",
"type": "n8n-nodes-base.slack",
"position": [
512,
192
],
"parameters": {
"text": "={{ $json.output }}",
"select": "channel",
"channelId": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultName": "your-channel"
},
"otherOptions": {
"includeLinkToWorkflow": false
}
},
"credentials": {
"slackApi": {
"name": "<your credential>"
}
},
"typeVersion": 2.3
},
{
"id": "8483eb0f-02c9-4314-8264-551980e46053",
"name": "\ud83d\udcd2 Slack Setup",
"type": "n8n-nodes-base.stickyNote",
"position": [
768,
128
],
"parameters": {
"color": 5,
"width": 464,
"height": 240,
"content": "## \ud83d\udcac Slack Integration\n\n**Setup:**\n1. Create Slack app at https://api.slack.com/apps\n2. Add bot token scopes: chat:write, channels:read\n3. Install app to workspace\n4. Add bot token to Slack credentials\n5. Update channelId with your target channel\n\n**Receives formatted CVE assessments**"
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "84076fbc-d57e-45a5-9dae-6d4379a950ea",
"connections": {
"Split Out": {
"main": [
[
{
"node": "Edit Fields",
"type": "main",
"index": 0
}
]
]
},
"Edit Fields": {
"main": [
[
{
"node": "CVE Summarizer",
"type": "main",
"index": 0
}
]
]
},
"HTTP Request": {
"main": [
[
{
"node": "Split Out",
"type": "main",
"index": 0
}
]
]
},
"CVE Summarizer": {
"main": [
[
{
"node": "Send a message",
"type": "main",
"index": 0
}
]
]
},
"Schedule Trigger": {
"main": [
[
{
"node": "HTTP Request",
"type": "main",
"index": 0
}
]
]
},
"Google Gemini Chat Model": {
"ai_languageModel": [
[
{
"node": "CVE Summarizer",
"type": "ai_languageModel",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
googlePalmApislackApi
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
Automatically monitors NIST's CVE database every hour for new vulnerabilities and uses AI to assess their relevance for bug bounty hunting, delivering actionable intelligence directly to Slack. Get Google Gemini API key from AI Studio (free tier available) Create Slack bot with…
Source: https://n8n.io/workflows/8283/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This workflow is the AI analysis and alerting engine for a complete social media monitoring system. It's designed to work with data scraped from X (formerly Twitter) using a tool like the Apify Tweet
Google Sheets, Google Gemini Chat, Google Sheets Tool +4
This workflow is designed for Japanese-speaking professionals, and learners who want to efficiently stay up to date with practical productivity, lifehack, and efficiency-related insights from Japanese
RSS Feed Read, Chain Llm, Google Gemini Chat +7
公認資格ワークフロー. Uses rssFeedRead, chainLlm, lmChatGoogleGemini, outputParserStructured. Scheduled trigger; 25 nodes.
RSS Feed Read, Chain Llm, Google Gemini Chat +5
Easily keep your team aligned by summarizing meeting notes, extracting action items, and delivering them directly to Slack. ⏰ Triggers on a schedule to fetch meeting data from your note-taking tool 📄
Ai Transform, Google Gemini Chat, Slack +3
LinkedIn_Job_Hunt_and_Cover_Letter. Uses outputParserStructured, outputParserAutofixing, googleDrive, agent. Scheduled trigger; 85 nodes.
Output Parser Structured, Output Parser Autofixing, Google Drive +6