| --- |
| language: en |
| license: mit |
| library_name: transformers |
| pipeline_tag: text-classification |
| base_model: google/flan-t5-base |
| model_type: seq2seq |
| tags: |
| - security |
| - cve |
| - vulnerability |
| - explanation |
| - remediation |
| - devsecops |
| - lora |
| - peft |
| - education |
| datasets: |
| - synthetic |
| inference: true |
| --- |
| |
| # CVE Human-Readable Explanation & Solution Generator |
|
|
| An open-source, fine-tuned language model that converts **CVE (Common Vulnerabilities and Exposures)** information into **plain-English explanations**, **step-by-step remediation**, and **future prevention guidance**. |
|
|
| This model is designed to **educate developers and non-security users**, not just classify vulnerabilities. |
|
|
| --- |
|
|
| ## What This Model Does |
|
|
| Given a CVE description, the model explains: |
|
|
| - What the **CVE ID means** |
| - What the vulnerability is **in simple terms** |
| - Why it is **dangerous in real life** |
| - How to **fix it step by step** |
| - How to **prevent similar issues** in the future |
|
|
| The output is written in **full sentences and paragraphs**, avoiding security jargon whenever possible. |
|
|
| --- |
|
|
| ## Model Architecture |
|
|
| - **Base model:** google/flan-t5-base |
| - **Fine-tuning method:** LoRA (Low-Rank Adaptation) |
| - **Task:** Text-to-Text Generation |
| - **Weights in this repository:** LoRA adapter only |
|
|
| The base model remains frozen; only lightweight LoRA parameters were trained. |
|
|
| --- |
|
|
| ## Example |
|
|
| ### Input |
| ```text |
| Explain this vulnerability to a developer with no security background. |
| |
| CVE ID: CVE-2021-44228 |
| Software: Apache Log4j |
| Severity: CRITICAL |
| Description: Attackers can remotely execute code. |
| |
