Building an Open Vulnerability Database for Minecraft Servers

Tifix X — Mon, 03 Nov 2025 11:21:03 +0000

The Problem

I run several Minecraft servers, and tracking plugin vulnerabilities is a nightmare. Security info is scattered across:

Random forum threads
Discord servers
Private DMs
GitHub issues

Most server admins learn about exploits AFTER being hacked.

The Solution

I built CraftSploitDB - an open database for Minecraft plugin exploits.

🔗 Live site: https://csdb.dev

Tech Stack

Next.js 16 (App Router)
PostgreSQL + Prisma ORM
Meilisearch (full-text search)
NextAuth (authentication)
Deployed on VPS with Nginx

Features

✅ Searchable exploit database with PoC
✅ User submissions (moderated)
✅ Free REST API
✅ Gamification (reputation, badges)
✅ Bilingual (EN/RU)

Current Exploits

CVE-2021-44228 (Log4Shell)
CVE-2023-30859 (Triton RCE)
BungeeCord misconfigurations
BleedingPipe vulnerabilities

Looking For

Security researchers to contribute
Feedback on the platform
Plugin developers to help verify exploits

Responsible Disclosure

This is NOT about promoting hacking. It's about giving admins the information they need to protect their servers. Bad actors already know these exploits - we're leveling the playing field.

Try It

Visit https://csdb.dev and let me know what you think!

Questions welcome in the comments. 👇

Forem: Tifix X