AnamayaVyas/nvd-security-phi35-gguf

NVD Security Analyzer — Phi-3.5 Mini GGUF

A GGUF version of Phi-3.5 Mini fine-tuned on the AnamayaVyas/nvd-security-instructions dataset. Analyzes CVE vulnerability data and produces structured, developer-friendly security analysis in JSON format.

Run Locally with Ollama

Step 1 - Install Ollama from https://ollama.com

Step 2 - Pull and run: ollama pull hf.co/AnamayaVyas/nvd-security-phi35-gguf ollama run hf.co/AnamayaVyas/nvd-security-phi35-gguf

Step 3 - Type this example prompt:

You are a senior security engineer. Analyze this CVE and respond with a JSON object containing exactly these fields: what_happened, who_is_affected, how_bad_is_it, what_to_do.

CVE ID : CVE-2023-38699 Description : MindsDB prior to version 23.7.4.0 disables SSL certificate checks when calling requests with verify=False, allowing attackers to intercept sensitive data. CVSS Score : 9.1 CVSS Severity : CRITICAL Fix Available : True CWEs : CWE-311

Expected output: { "what_happened": "MindsDB disables SSL certificate checks, allowing attackers to intercept sensitive data.", "who_is_affected": ["MindsDB versions prior to 23.7.4.0"], "how_bad_is_it": "CRITICAL (9.1) - exploitable remotely, no privileges needed, high impact on confidentiality and integrity.", "what_to_do": [ "Update to version 23.7.4.0 or later", "Disable the AI Virtual Database feature until patched", "Use a secure connection when connecting to the database" ] }

Evaluation Results

Metric	Score
Valid JSON rate	100% (50/50)
All fields present	100% (50/50)
Training loss	0.53 → 0.42

System Requirements

	Minimum
RAM	8GB
GPU	Not required
Disk space	8GB

Related

• Dataset: https://huggingface.co/datasets/AnamayaVyas/nvd-security-instructions
• LoRA adapter: https://huggingface.co/AnamayaVyas/phi3-mini-nvd-security-qlora