CISA KEV enrichment dashboard

CISA Known Exploited Vulnerabilities Enrichment Dashboard

The CISA KEV Vulnerability Enrichment Dashboard enables vulnerability researchers to quickly analyze trends of known and exploitable vulnerabilities identified by CISA. The table is free to use and provides a complete list of the CISA Known Exploitable Vulnerabilities Catalog which is then enriched with CVSS, EPSS, and GreyNoise Threat Intelligence.  You can easily sort, search and export the data in the table below. Give it a try!
The Dashboard above provides a complete list of the CISA Known Exploitable Vulnerabilities Catalog, as well as essential information about each vulnerability, including:
  • CVE Identifier: The unique Common Vulnerabilities and Exposures (CVE) identification number assigned to each vulnerability.
  • Vendor: The organization who developed the product associated with the CVE.
  • Product: The product associated with the CVE.
  • Date Added: The date CISA added the vulnerability to the CISA KEV list.
  • Due Date: Federal organizations are required to comply with remediation dates that are set by CISA BOD 22-01. The due date reflects the date federal agencies must comply with the mandate by.

Want to be Notified of Future CISA KEV Breakdowns from Nucleus?
Subscribe here:


Frequently Asked Questions

Why did Nucleus create the CISA KEV Enrichment Dashboard?

We created this tool out of our own curiosity to learn more about the vulnerabilities CISA identifies on the CISA KEV catalog as the information provided by CISA is extremely limited. We created this as a part of our security research known as the CISA KEV Breakdown.We believe having additional context can help organizations better understand the value of incorporating CISA KEV, Greynoise, EPSS, and other threat intelligence into vulnerability management prioritization and remediation efforts.  

What is the CISA KEV (Known Exploitable Vulnerabilities) Catalog?

The CISA KEV Catalog is a managed threat intelligence source that provides a list of known exploited vulnerabilities that carry a significant risk to federal agencies. CISA KEV was developed as a part of the CISA Binding Operating Directive 22-01. The catalog is available for free from CISA and we recommend any organizations should consider using this and other threat intelligence sources to help prioritize vulnerability remediation.

What vulnerability enrichment is included on the dashboard?

Nucleus CISA KEV Vulnerability Enrichment Dashboard mirrors the CISA KEV list, and is enriched with CVSS, EPSS and GreyNoise Threat Intelligence.

How can I identify CISA Known Exploitable Vulnerabilities within my environment?

Lucky you should ask! Enriching your vulnerabilities findings data with vulnerability intelligence is a key way to prioritize vulnerability remediation efforts and significantly reduce your risk of being the victim of an exploited vulnerability. Nucleus enables you to aggregate all of your assets and vulnerabilities and quickly identify what CISA Known Exploitable Vulnerabilities are within your environment.
Learn how Nucleus can help you identify and prioritize CISA Known Exploitable Vulnerabilities for remediation.

Click here to expand our CISA KEV Frequently Asked Questions
  • How Frequently is this dashboard updated
    • We aim to have this page updated within 48 hours of a CISA KEV Catalog update. Vulnerability Intelligence information may change across a vulnerability’s lifespan.
  • I am not bound by BOD 22-01 or federal regulations, why should the KEV concern me?
    • CISA encourages all organizations to utilize the Catalog as an attribute in your vulnerability prioritization framework. Organizations looking to lessen the scope on known dangerous vulnerabilities and make a goal to remediate them can understand where they currently stand against what CISA has confirmed as exploited vulnerabilities in the wild. See CISA’s section on “How should organizations use the KEV catalog?” here.
  • What is GreyNoise?
    • GreyNoise is a platform that collects, analyzes, and labels data on IPs that scan the internet and saturate security tools with noise. Through their sensor network, GreyNoise observes vulnerability exploitation attempts for vulnerabilities that are exploited in the wild over the Internet. These are arguably vulnerabilities that should be at the very top of your priority list to remediate.
  • Why are GreyNoise exploitation attempts only observed on ~20% of KEV vulnerabilities?
    • Exploitation of many vulnerabilities in the CISA KEV will not be observed for many reasons that GreyNoise does a good job of explaining in this post. For example:
      • The vulnerability may not be remotely exploitable
      • Vulnerability exploitation may require authentication (and result in privilege escalation)
      • The impacted software may not be exposed to the internet
      • Mass scanning/exploitation is not occurring yet
  • What is EPSS?
    • EPSS is the Exploit Prediction Scoring System. It is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. See the EPSS home page on FIRST for more information here.
  • What is the difference between EPSS probability and EPSS percent?
    • EPSS probability is the risk calculated by the model when determining the perceived threat of the vulnerability itself. Percentage is a relative comparison of the rest of the CVEs within the given sample. While the probability only changes upon refreshing the results from the model, the percentage can change purely based on the CVE sample given. In the case of the Breakdown, we use the percentage given by the pool of all CVEs with given EPSS data. Scores may vary post-release of the post given new information about the vulnerabilities and their perceived threat. For more information on applying and understanding EPSS data, see this article on the FIRST website, as well as their FAQ page.