Plug exploited-vulnerability intelligence into your workflow
Automation-ready delivery for vulnerability management, CTI, SOC, and MSSP workflows. Pro API for enrichment and telemetry; RSS and JSON for monitoring.
Pro API
JSON access to enriched KEV records, confidence scoring, limited sensor telemetry, PoCs, scanner integrations, mentions, tags, and IoCs. Self-serve at $599/mo.
View Pro PricingEnterprise
Everything in Pro plus full sensor telemetry, attacker intelligence API, deployable virtual patches (ModSecurity, Cloudflare, AWS WAF), and outbound webhooks.
Talk to SalesFree KEV JSON Feed
Registered free API with summary KEV catalog fields. Requires a confirmed account and API token.
Sign Up for Free JSON FeedFree KEV RSS Feed
Registered free RSS with summary KEV catalog updates at GET /feeds/kevs.rss?token=…. Requires a confirmed account and personal feed URL from your dashboard. CISA KEV does not provide RSS — KEVIntel does.
Sign Up for Free RSS FeedFree vs Pro Delivery
The Free KEV RSS Feed and Free KEV JSON Feed expose the exploited CVE catalog with summary fields. Pro API adds operational enrichment and immediate sensor telemetry.
| Capability | Free KEV RSS Feed | Free KEV JSON Feed | Pro API |
|---|---|---|---|
| Exploited CVE catalog | Yes (token) | Yes (token) | Yes |
| Registration required | Yes | Yes | Yes |
| Confidence scoring | No | No | Yes |
| Sensor telemetry | No | No | Immediate API access |
| Full CVSS breakdown | Summary fields | Summary fields | Yes |
| PoCs and private PoCs | No | No | Yes |
| Scanner integrations | No | No | Yes |
| Mentions, tags, IoCs | No | No | Yes |
| Virtual patch availability | Yes | Yes (token) | Yes |
| Deployable virtual patch rules | No | No | Enterprise only |
Enterprise API
The Enterprise API namespace at /api/v2/enterprise/* mirrors Pro enrichment and adds full sensor telemetry, attacker intelligence, virtual patches, and webhooks. Requires an Enterprise subscription and X-API-Token authentication.
-
GET /api/v2/enterprise/attackers— ranked source IPs observed targeting KEVIntel sensors across KEV-attested CVEs -
GET /api/v2/enterprise/attackers/:ip— per-IP profile with cross-CVE context, geo, ASN, and raw request paths and payload samples
Pro API Example Fields
Representative enriched fields available via GET /api/v2/pro/kevs — not exposed on the free public feed.
{
"cve_id": "CVE-2024-1234",
"title": "...",
"affected_vendor": "...",
"affected_product": "...",
"description": "...",
"references": ["..."],
"cvss_score": 9.8,
"cvss_v3_1": { "base_score": 9.8, "vector": "..." },
"epss_score": 0.95,
"exploit_status": { "exploited_in_the_wild": true },
"cwes": [{ "cwe_id": "CWE-79", "name": "..." }],
"tags": [{ "name": "wordpress", "colour": "#FF5733" }],
"proof_of_concepts": [{ "poc_type": "github", "title": "...", "private": false }],
"scanner_integrations": [{ "scanner": "Nuclei", "plugin_id": "..." }],
"mentions": [{ "source": "...", "url": "...", "date": "..." }],
"iocs": [{ "ioc_type": "ip", "value": "...", "first_seen_at": "..." }],
"primary_source": { "name": "CISA", "url": "..." },
"all_sources": [{ "name": "...", "url": "..." }]
}
Sensor telemetry, confidence scoring, and per-observation fields are available on Pro CVE endpoints and related Pro API resources. See the API docs for the full schema.