23.2K+ CVEs enriched with EPSS, CISA KEV, CERT-FR, MSRC, GHSA, Exploit-DB, and Nuclei. Public REST API, free tier available.
NVD-backed, continuously synced
CISA KEV catalog ∪ SSVC=active
Severity = CRITICAL, published in window
FIRST exploit-prediction probability
Refreshed every 30 minutes from production database
Recent high-severity CVEs straight from our PostgreSQL catalog — with KEV, EPSS, and exploitation flags inline.
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handl…
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of arbitrary scripts and leading to a RCE.
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow thi…
SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in the JBIG decoder due to a missing check. T…
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kernel parsing functions. User-controlled ke…
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects…
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to…
Same database, different cuts. Each list is a real query against cveCatalog at request time.
No new KEV adds in the last 30 days.
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). This is thus a remote code execution vulnerability that guarantees a total server compromise. This is also exploitable via anonymous FTP accounts.
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions
No unauthenticated RCEs flagged yet.
Nine upstream sources, one normalized record per CVE.
Base CVE record + CVSS v3 scores and vectors
Known Exploited Vulnerabilities catalog with due dates
FIRST exploit-prediction score and percentile
French national CSIRT advisories with severity
Microsoft Security Response Center title + KB articles
GitHub Security Advisories cross-references
Public proof-of-concept and exploit identifiers
Detection-template availability flag
Change-log titles and history counts
Continuous CPE-based monitoring with KEV / EPSS prioritization for the products you actually run.
Combine CVSS, EPSS, and KEV signals to rank which CVEs deserve emergency change windows.
Block pull requests when a dependency surfaces a high-EPSS or KEV-flagged CVE in the bulk API.
Export filtered CVE lists with CERT-FR / KEV / GHSA links for audit packets.
Stable public pages for CVEs with exploitation, KEV, EPSS, or severity signals useful during vendor and patch-risk research.
The full NVD CVE catalog from 1999 to present is ingested with continuous backfill, and the count above reflects the live row count in our PostgreSQL store. We enrich each record with CISA KEV, EPSS, CERT-FR, MSRC, GHSA, Exploit-DB, Nuclei template availability, and OpenCVE change history when available.
Daily NVD sync plus EPSS daily snapshots, CISA KEV refresh, and external enrichment cron jobs. The most recent CVEs typically land within a few hours of NVD publication.
A CVE is shown as actively exploited when at least one of these is true: it appears in the CISA KEV catalog, FIRST has classified its SSVC exploitation level as "active", or our GCVE (Google CVE) enrichment has confirmed in-the-wild exploitation evidence.
CVSS measures intrinsic severity (impact × exploitability). EPSS measures the empirical probability that a CVE will be exploited in the wild within the next 30 days, based on global telemetry. We surface both — most teams prioritize on EPSS × KEV first, then CVSS for ties.
Yes. The Free plan ($0, no credit card) includes 30 reputation/CVE checks per month with rate-limited API access. Basic ($49/mo) raises that to 2,000 and unlocks bulk, downloadable blocklists, and AI threat analysis. Pro ($99/mo) adds the SSE stream, webhooks, and STIX/TAXII.
Yes — that is what CVE Watch is for. You define perimeters of CPE strings (the products and versions you run) and we continuously match new CVEs to those perimeters. Alerts are delivered via dashboard, email, webhook, or the SSE stream.
The /api/cve and /api/cve/recent endpoints are publicly accessible (rate-limited) so you can integrate without an API key for low-volume usage. Higher-volume access requires registration and a free or paid plan.
Every CVE in the catalog gets a stable canonical page at https://ismalicious.com/cve/CVE-YYYY-NNNNN with full metadata, JSON-LD, and links to the original NVD/KEV/CERT-FR/MSRC/GHSA references.
Free API key, 30 checks/month, no credit card. Bulk and stream endpoints available on Basic and Pro.