CISA Known Exploited Vulnerabilities
Is this CVE actively exploited?
Paste any CVE ID. I check it against CISA’s Known Exploited Vulnerabilities catalog — the list federal civilian agencies are mandated to patch under BOD 22-01.
Format: CVE-YYYY-NNNNN. Examples: (Log4Shell), (EternalBlue).
Absence of a KEV entry is not proof of safety. CISA adds a CVE to the catalog only when it has reliable evidence of in-the-wild exploitation against US targets. A CVE can be severe, widely deployed, and unpatched without ever being added — and a CVE can be exploited at low volume below CISA’s detection threshold. Use this signal alongside the underlying advisory and your own asset inventory.
Couldn’t reach CISA.
Browse the catalog
Loading…Couldn’t load the KEV catalog.
What this page shows
The CISA Known Exploited Vulnerabilities catalog (KEV) is the US Cybersecurity and Infrastructure Security Agency’s running list of vulnerabilities for which CISA has reliable evidence of in-the-wild exploitation. It’s the list every federal civilian agency is mandated to patch by a deadline under Binding Operational Directive 22-01, and the closest thing the open security community has to an authoritative “patch this first” signal.
What gets added
CISA adds an entry when three conditions hold: the vulnerability has a CVE ID, there is reliable evidence of active exploitation, and clear remediation guidance exists (typically a vendor patch). That bar means the catalog is small relative to all known CVEs — it’s a curated short list, not an exhaustive feed of every interesting vulnerability.
Ransomware flag
Each entry carries a knownRansomwareCampaignUse field. When CISA has observed the vulnerability used in ransomware campaigns specifically, the field reads Known and a red pill appears on the row. The "Used in ransomware: Known only" filter narrows the catalog to just those entries.
Where this data comes from
Every fetch goes directly from your browser to CISA’s public mirror of the same JSON file on GitHub
(raw.githubusercontent.com/CISAgov/kev-data),
which serves the byte-identical file under CISA’s own CISAgov GitHub org
with the cross-origin headers a browser needs — the version at
cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
is the same file but blocks cross-origin browser requests. No proxy, no third party in between. The file is US-government public-domain work and CISA explicitly permits unrestricted reuse, including commercial. I cache the response in your browser’s sessionStorage for six hours so reloads are instant.
What is intentionally excluded
- Commercial threat-intelligence feeds or proprietary scoring overlays beyond KEV itself.
- Vendor-attribution narratives ("APT group X is using this") — the KEV catalog doesn’t carry that signal and I’m not inventing it.
- Email or push notification signups. CISA publishes its own RSS feed if you want one.
Source: CISA Known Exploited Vulnerabilities catalog (US government, public domain). Catalog version —, released —.