Pricing
Free proves value. Pro captures self-serve buyers. Enterprise unlocks full telemetry, virtual patches, webhooks, and custom licensing.
Free
$0
Public access and a free JSON API key.
- Public KEV feed, CVE pages, and RSS
- Free KEV JSON Feed (registration + token)
- Summary CVSS and EPSS fields
- Aggregate sensor activity counts
Pro
Self-serve$599/month
or $5,999/year. Prices in USD, inclusive of any applicable VAT/sales tax.
- Everything in Free
- Pro API with full enrichment
- Confidence scoring, evidence links, timelines
- Full CVSS / EPSS / CWE, PoC and scanner context
- Limited sensor telemetry
Create a free account, then subscribe from your dashboard.
Enterprise
Custom
Sales-led. Tailored to your team and use case.
- Everything in Pro
- Full proprietary sensor telemetry
- Deployable virtual patches (WAF rules)
- Webhooks and integration support
- MSSP, redistribution, and client-reporting rights
- Priority support
2,640
High & Confirmed Confidence KEVs
Evidence-backed exploitation with high confidence
1,013
Beyond CISA KEV
Additional exploited CVEs tracked beyond CISA KEV
20
KEVs Observed in Sensors (7d)
Tracked KEVs with live exploitation attempts in honeypots
1,793+
Artifacts Available
PoC, Nuclei, and scanner context
Free vs Pro vs Enterprise
Free proves value, Pro is self-serve via Stripe, and Enterprise unlocks full telemetry, virtual patches, webhooks, and custom licensing.
Swipe horizontally to compare
| Capability | Free | Pro | Enterprise |
|---|---|---|---|
| Exploited CVE catalog | RSS, JSON (registration), and web | Pro API with full enrichment | Everything in Pro |
| Beyond CISA KEV coverage | JSON, RSS, and web | Pro API + web | Pro API + web |
| Confidence scoring | No | Pro API + web | Pro API + web |
| Enrichment (CVSS, EPSS, CWE, exploit status) | Summary CVSS and EPSS | Full breakdown via Pro API | Full breakdown via Pro API |
| PoC and scanner artifacts | No | Public + private PoCs via API | Public + private PoCs via API |
| Mentions, tags, and IoCs | No | Pro API + web | Pro API + web |
| Sensor telemetry | Aggregate counts only | Limited (sensor / region breakdown, 24h & 7d summaries) | Full (attacker IPs, request paths, payloads, per-event detail) |
| Virtual patches (WAF rules) | Availability flag only | Availability flag only | Full deployable rules — ModSecurity, Cloudflare, AWS WAF |
| Webhooks | No | No | Yes |
| Licensing | Internal use | Single organization, internal use only | Custom — MSSP, redistribution, client reporting |
| Support | Community | Standard | Priority |
API Response Examples
For complete documentation, including all endpoints and parameters,
view the API docs.
Sign up
for the Free KEV JSON Feed (GET /api/v2/kevs) with summary catalog fields.
{
"kevs": [
{
"cve_id": "CVE-2025-1976",
"title": "Code injection exposure in Fabric OS 9.1.0 through 9.1.1d6",
"vendor": "Brocade",
"product": "Fabric OS",
"cvss_score": 8.6,
"cvss_severity": "HIGH",
"cvss_highlights": {
"network": true,
"no_user_interaction": true,
"low_complexity": true,
"unauthenticated": true
},
"epss_score": 0.04,
"epss_percentile": 0.91,
"used_in_malware": "unknown",
"ahead_of_cisa_kev": null,
"not_yet_in_cisa_kev": false,
"virtual_patch": false,
"added_date": "2025-04-28T00:00:00.000Z"
}
],
"pagination": {
"current_page": 1,
"total_pages": 42,
"total_count": 1034,
"per_page": 25,
"next_page": 2,
"prev_page": null,
"first_page": 1,
"last_page": 42
}
}
Index omits references, notes, and PoC content.
Use GET /api/v2/pro/kevs/{cve_id} for the full record.
{
"kevs": [
{
"cve_id": "CVE-2024-1234",
"title": "Remote Code Execution in Example Software",
"description": "A critical vulnerability allowing remote code execution...",
"affected_vendor": "Example Vendor",
"affected_product": "Example Product",
"state": "PUBLISHED",
"date_published": "2024-01-01T00:00:00Z",
"added_date": "2024-01-01T00:00:00Z",
"epss_score": 0.95,
"epss_percentile": 0.98,
"ssvc_exploitation": "ACTIVE",
"cvss_score": 9.8,
"cvss_severity": "CRITICAL",
"used_in_malware": "unknown",
"ahead_of_cisa_kev": { "unit": "day", "count": 3 },
"not_yet_in_cisa_kev": false,
"cvss_v3_1": {
"version": "3.1",
"base_score": 9.8,
"base_severity": "CRITICAL",
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
"primary_source": { "name": "CISA", "url": "https://example.com/kev/1234" },
"cwes": [
{ "cwe_id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }
],
"tags": [
{ "name": "wordpress", "colour": "#FF5733", "description": "WordPress-related vulnerability" }
],
"exploit_status": {
"exploited_in_the_wild": true,
"active_exploitation_observed": false,
"poc_available": true,
"wild_exploitation_date": "2024-01-01T00:00:00Z"
},
"proof_of_concepts": [
{
"poc_type": "private",
"title": "Private exploit validation PoC",
"url": null,
"private": true
}
],
"scanner_integrations": [
{ "scanner_name": "Nuclei", "url": "https://example.com/nuclei/template.yaml", "date_detected": "2024-01-01T00:00:00Z" }
],
"mentions": [
{
"source_name": "TheHackerNews",
"source_title": "Example vulnerability actively exploited",
"source_link": "https://thehackernews.com/2024/01/01/example-vulnerability-exploit.html",
"published_at": "2024-01-01T00:00:00Z"
}
],
"iocs": [
{
"ioc_type": "ip",
"value": "203.0.113.10",
"first_seen_at": "2024-01-01T00:00:00Z",
"last_seen_at": "2024-01-15T00:00:00Z",
"source_url": "https://example.com/threat-report",
"metadata": {}
}
]
}
],
"pagination": {
"current_page": 1,
"total_pages": 3,
"total_count": 30,
"per_page": 25,
"next_page": 2,
"prev_page": null,
"first_page": 1,
"last_page": 3
}
}Ready to Act on Real Exploitation?
Start Pro in minutes, or talk to us about Enterprise telemetry, virtual patches, and webhooks.
Free of charge for Ukrainian 🇺🇦 organisations