Plug exploited-vulnerability intelligence into your workflow

Automation-ready delivery for vulnerability management, CTI, SOC, and MSSP workflows. Pro API for enrichment and telemetry; RSS and JSON for monitoring.

Pro API

JSON access to enriched KEV records, confidence scoring, limited sensor telemetry, PoCs, scanner integrations, mentions, tags, and IoCs. Self-serve at $599/mo.

View Pro Pricing

Enterprise

Everything in Pro plus full sensor telemetry, attacker intelligence API, deployable virtual patches (ModSecurity, Cloudflare, AWS WAF), and outbound webhooks.

Talk to Sales

Free KEV JSON Feed

Registered free API with summary KEV catalog fields. Requires a confirmed account and API token.

Sign Up for Free JSON Feed

Free KEV RSS Feed

Registered free RSS with summary KEV catalog updates at GET /feeds/kevs.rss?token=…. Requires a confirmed account and personal feed URL from your dashboard. CISA KEV does not provide RSS — KEVIntel does.

Sign Up for Free RSS Feed

Free vs Pro Delivery

The Free KEV RSS Feed and Free KEV JSON Feed expose the exploited CVE catalog with summary fields. Pro API adds operational enrichment and immediate sensor telemetry.

Capability Free KEV RSS Feed Free KEV JSON Feed Pro API
Exploited CVE catalog Yes (token) Yes (token) Yes
Registration required Yes Yes Yes
Confidence scoring No No Yes
Sensor telemetry No No Immediate API access
Full CVSS breakdown Summary fields Summary fields Yes
PoCs and private PoCs No No Yes
Scanner integrations No No Yes
Mentions, tags, IoCs No No Yes
Virtual patch availability Yes Yes (token) Yes
Deployable virtual patch rules No No Enterprise only

Enterprise API

The Enterprise API namespace at /api/v2/enterprise/* mirrors Pro enrichment and adds full sensor telemetry, attacker intelligence, virtual patches, and webhooks. Requires an Enterprise subscription and X-API-Token authentication.

  • GET /api/v2/enterprise/attackers — ranked source IPs observed targeting KEVIntel sensors across KEV-attested CVEs
  • GET /api/v2/enterprise/attackers/:ip — per-IP profile with cross-CVE context, geo, ASN, and raw request paths and payload samples

Pro API Example Fields

Representative enriched fields available via GET /api/v2/pro/kevs — not exposed on the free public feed.

{
  "cve_id": "CVE-2024-1234",
  "title": "...",
  "affected_vendor": "...",
  "affected_product": "...",
  "description": "...",
  "references": ["..."],
  "cvss_score": 9.8,
  "cvss_v3_1": { "base_score": 9.8, "vector": "..." },
  "epss_score": 0.95,
  "exploit_status": { "exploited_in_the_wild": true },
  "cwes": [{ "cwe_id": "CWE-79", "name": "..." }],
  "tags": [{ "name": "wordpress", "colour": "#FF5733" }],
  "proof_of_concepts": [{ "poc_type": "github", "title": "...", "private": false }],
  "scanner_integrations": [{ "scanner": "Nuclei", "plugin_id": "..." }],
  "mentions": [{ "source": "...", "url": "...", "date": "..." }],
  "iocs": [{ "ioc_type": "ip", "value": "...", "first_seen_at": "..." }],
  "primary_source": { "name": "CISA", "url": "..." },
  "all_sources": [{ "name": "...", "url": "..." }]
}

Sensor telemetry, confidence scoring, and per-observation fields are available on Pro CVE endpoints and related Pro API resources. See the API docs for the full schema.