Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.socdefenders.ai/llms.txt

Use this file to discover all available pages before exploring further.

The SOC Defenders CVE database gives you a searchable view of vulnerabilities sourced from the National Vulnerability Database (NVD), enriched with two critical prioritization signals: CISA Known Exploited Vulnerabilities (KEV) status and EPSS exploit probability scores. Together these signals help you focus patching and detection effort on vulnerabilities that pose real, active risk — not just theoretical severity.

What the database contains

Every CVE entry includes:
  • CVE identifier and description from NVD
  • CVSS base score and severity rating (Critical, High, Medium, Low)
  • CISA KEV flag — whether the vulnerability is confirmed as actively exploited in the wild
  • EPSS score — the probability that the vulnerability will be exploited in the next 30 days
  • Published date

Searching by CVE ID

Type a CVE identifier (e.g., CVE-2024-12345) into the CVE Search box at the top of the database page. The list filters to matching entries as you type.

Severity filtering

Use the severity buttons to restrict the list to vulnerabilities in a given CVSS band:
SeverityCVSS range
Critical9.0–10.0
High7.0–8.9
Medium4.0–6.9
Low0.1–3.9
You can select multiple severity levels simultaneously.

CISA KEV filter

Enable CISA KEV Only to show only vulnerabilities that CISA has confirmed are being actively exploited in the wild. The KEV catalog is maintained by CISA and represents the highest-priority vulnerabilities for remediation — federal agencies are required to patch them within set deadlines, and the catalog is a reliable signal for any organization’s patching queue.

Sort options

Sort the database using any of three columns:
  • Published Date — most recently disclosed CVEs first
  • CVSS Score — highest severity first
  • EPSS Score — highest exploitation probability first
Sorting by EPSS is particularly useful when you want to prioritize based on real-world exploitation likelihood rather than theoretical severity alone.

Understanding EPSS

The Exploit Prediction Scoring System (EPSS) is a community-driven model that estimates the probability a given CVE will be exploited in the wild within the next 30 days. Scores range from 0.0 to 1.0 (0% to 100%). A high EPSS score means exploitation tooling exists or active exploitation has been observed, making the vulnerability a strong candidate for immediate attention regardless of its CVSS score.

Understanding CISA KEV

The CISA Known Exploited Vulnerabilities catalog lists CVEs for which CISA has confirmed active exploitation. A KEV designation means threat actors are using the vulnerability right now, in real attacks, against real targets. When a CVE appears in the KEV catalog, treat it as requiring immediate remediation.

API access

You can query CVE-related articles programmatically using the articles endpoint with a CVE tag filter: 
curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://socdefenders.ai/api/v1/articles?tag=CVE-2024-12345"
For the full list of supported parameters, see the API documentation.