One of the questions we are asked is how much vulnerability data you need to hand over to use the CAUSALITY model’s CVE predictions and the answer is none. The data flow is one-way from us to you and no customer vuln data needs to go anywhere.
There is a notebook in the repo that can be used to process and rate CVE data wherever you run Jupyter. If you have rules or policies about open source code, that’s also fine, and you don’t have to use our code. The only ingredient you need from us are the ratings files and those are text, not data. It isn’t actually necessary for users to send us data because of the way the model works.
If you just want to see the ratings, there is a Streamlit app in the /web directory with a search interface for the ratings data. Search by CVE (exact match) or other fields. Ratings are available for CVEs between January 2024 – August 2025. I have not yet rated years before 2024; hit me up if you would like me to. This also runs locally and reads in two data files; no data is sent anywhere. This is what it looks like:
Opendr 