Hi everyone,

I'm sharing a new open-source tool I developed: the Ephemeral Vulnerability Scanner.

If you're tired of using security tools that require you to send sensitive lists of your installed software to a 3rd party server, this is your solution.

What it does:

1. You run a simple command (PowerShell, dpkg -l, brew list) to generate a local inventory.json file.
2. You open the scanner's index.html in your browser.
3. You upload the file (it stays local!).
4. The browser's JavaScript performs the lookup against public APIs (MSRC, OSV.dev, CISA KEV) and gives you a professional, exportable report.

The core benefit is privacy: Your inventory never leaves your control. Analysis is ephemeral—everything is gone when you close the tab.

It supports Windows, Linux, and macOS, giving you a unified, free way to scan packages across your fleet.

Feedback and contributions are highly welcome!