Cpe-editor v1.0.0: Establishing the Foundation for Collaborative CPE & PURL Mapping

GCVE
1

cpe-editor v1.0.0 (2026-06-14)

We are thrilled to announce the official first release (v1.0.0) of cpe-editor, the platform powering cpe.gcve.eu. This initial release establishes a collaborative environment for managing Common Platform Enumerations (CPE) and Package URL (PURL) mappings, aligned carefully with the GCVE BCP-10 deterministic identity guidance.

Screenshot from 2026-06-14 16-50-15
Screenshot from 2026-06-14 16-50-151158×1076 152 KB

Screenshot from 2026-06-14 16-50-03
Screenshot from 2026-06-14 16-50-031158×1076 141 KB

Screenshot from 2026-06-14 16-49-51
Screenshot from 2026-06-14 16-49-511158×1076 273 KB

Key Highlights

  • GCVE BCP-10 Alignment: Implemented deterministic UUIDv5 generation utilizing a vendor-scoped product namespace to guarantee data identity consistency.
  • PURL ⇄ CPE Mapping Workflow: Comprehensive support for importing, exporting, browsing, and proposing PURL-to-CPE mappings across vendor, product, and CPE scopes.
  • Intelligent Admin Tools: Added advanced duplicate detection routines (exact and partial name matches) alongside experimental metadata creation interfaces.
  • Dark Mode Support: A fully integrated dark mode toggle with system preference defaults and optimized color contrast.

Features & New Capabilities

Collaborative Proposal System

  • Introduced dedicated submission pipelines for Note Proposals, Product Alias Proposals, and Relationship Proposals (including mixed vendor/product bounds).
  • Added user-agent and source-IP tracking for proposals to empower admins with bulk-deletion capabilities for spam mitigation.
  • Improved the proposal form UI to default fields to optional for a smoother user experience.

UI, Navigation & Aesthetics

  • Theme Toggle: Added native Dark Mode support with local storage persistence and automated fallback to system preferences.
  • Enhanced Tables & Views: Added a combined product listing view onto vendor details, collapsible controls for lengthy lists, and explicit anchor-link styling.
  • Information & Branding: Refreshed the homepage visual layout, integrated the GCVE logo seamlessly into headers/footers, and added an initiative overview details page.
  • Pagination Controls: Added clear pagination handlers to main search routes, vendor directories, top-vendor statistics, and proposal queries.

Comprehensive Statistics & Feeds

  • Implemented a public Statistics Page tracking contribution inputs and CPE part distribution metrics.
  • Added support for scoped RSS and Atom Change Feeds to tracking approved adjustments publicly.

API & Integration Layers

  • Read-Only OpenAPI Endpoint: Exposed major data buckets via a paginated API (including approved changes, statistics, and PURL query filters).
  • Vulnerability Enriched Lookups: Embedded external vulnerability lookups directly into product and version UI pages, leveraging db.gcve.eu / vulnerability.circl.lu endpoints and supporting the cvelistv5 payload format.
  • Streaming Importer/Exporter: Rewrote data dumping workflows to utilize a streaming NDJSON exporter, radically dropping memory consumption during dataset replication.

Security & Performance Fixes

  • Security Baseline: Enforced global Anti-CSRF (Cross-Site Request Forgery) protections.
  • Database Scaling: Added explicit ALTER TABLE handling on dynamic schema alterations and unblocked concurrent file access loops on SQLite deployments.
  • Query Speeds: Optimized complex prefix filtering lookups on PURL data blocks via targeted index structures.
  • Data Integrity: Resolved critical NameError faults impacting URI construction blocks and vendor detail views; added automated deduplication skips inside the CLI importer.
1 Like