~/cve-explorer apps ← terminal

🌐 Language

██████╗ ██╗ ██╗ ███████╗ ███████╗ ██╗ ██╗ ██████╗ ██╗ ██████╗ ██████╗ ███████╗ ██████╗ ██╔════╝ ██║ ██║ ██╔════╝ ██╔════╝ ╚██╗██╔╝ ██╔══██╗ ██║ ██╔═══██╗ ██╔══██╗ ██╔════╝ ██╔══██╗ ██║ ██║ ██║ █████╗ █████╗ ╚███╔╝ ██████╔╝ ██║ ██║ ██║ ██████╔╝ █████╗ ██████╔╝ ██║ ╚██╗ ██╔╝ ██╔══╝ ██╔══╝ ██╔██╗ ██╔═══╝ ██║ ██║ ██║ ██╔══██╗ ██╔══╝ ██╔══██╗ ╚██████╗ ╚████╔╝ ███████╗ ███████╗ ██╔╝ ██╗ ██║ ███████╗╚██████╔╝ ██║ ██║ ███████╗ ██║ ██║ ╚═════╝ ╚═══╝ ╚══════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚═╝ ╚═╝
🔴 CVE Vulnerability Explorer
Search CVEs in real-time — NVD + CISA KEV active exploits + EPSS exploit probability — Priority Quadrant for triage
Results
Critical
CISA KEV
Avg EPSS
CRITICAL HIGH MEDIUM LOW 7d 30d 90d 1y All time EPSS ≥ 0%
⭐ My Stack
Add vendors/products to highlight matching CVEs
📊 Statistics
Today:
This week:
KEV catalog:
KEV + ransomware:
🏢 Top Vendors
Search to populate
🐛 Top Weaknesses
Search to populate
Ready — search or load today's CVEs
🔍 Search for CVEs by keyword, vendor, product, or CVE-ID.
Or click "Today's CVEs" to see what was published today.
CVSS × EPSS Priority Quadrant
Critical Priority
Severe / Low Exploit
Exploited / Lower CVSS
Low Priority
EPSS Exploit Probability → CVSS Severity →
CVE Publication Heatmap — Last 90 Days
Loading heatmap data...
Less
More
▸ Understanding CVE Vulnerability Data
🛡️
What is a CVE?
A Common Vulnerabilities and Exposures (CVE) is a unique identifier assigned to a publicly known security flaw. The NVD maintains over 240,000 CVEs with severity scores, affected products, and references. CVE-IDs follow the format CVE-YYYY-NNNNN.
🎯
CVSS vs EPSS — Why Both Matter
CVSS measures theoretical severity (0–10). EPSS predicts real-world exploit probability (0–100%). A CVE can be CVSS 9.8 but EPSS 2% (severe but rarely exploited). Combining both in the Priority Quadrant gives you actual triage priority.
⚠️
CISA KEV — Actively Exploited
The CISA Known Exploited Vulnerabilities catalog lists CVEs confirmed to be actively exploited in the wild. US federal agencies must remediate KEV entries by the listed deadline. If a CVE is on KEV, it's not theoretical — attackers are using it now.
▸ Frequently Asked Questions
Is this data real-time?+
Yes. Every search queries the NVD API v2.0 directly from your browser. CISA KEV data is loaded on page start. EPSS scores are fetched on-demand when you expand a CVE. No server-side caching — you always see the latest data.
What is a MOAS / BGP hijack in CVE context?+
MOAS isn't directly CVE-related. However, many CVEs relate to routing security (e.g., RPKI validation bugs). Use the BGP Hijack Monitor for real-time BGP anomaly detection, and this tool for vulnerability tracking.
Can I monitor my own products?+
Yes! Use the My Stack panel to add vendor or product names. Any CVE matching your stack entries will be highlighted with a green border in the results. Your stack is saved in localStorage and persists across sessions.
What does the Priority Quadrant show?+
It plots each CVE with CVSS severity on the Y-axis and EPSS exploit probability on the X-axis. The top-right quadrant (high CVSS + high EPSS) = patch immediately. Top-left = severe but unlikely to be exploited. Bottom-right = lower severity but actively exploited. This is how security teams should prioritize patching.
Why is NVD slow or rate-limited?+
The NVD public API allows 5 requests per 30 seconds without an API key. This tool throttles requests accordingly. If you hit limits, wait 30 seconds. For heavier usage, request a free NVD API key.