> curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cvssV3Severity=CRITICAL"_
Real-time vulnerability intelligence from the National Vulnerability Database. Because the window between disclosure and exploitation is measured in hours, not weeks.
Every day, new vulnerabilities are disclosed that affect the software, hardware, and services your organisation depends on. The Common Vulnerabilities and Exposures (CVE) system provides the canonical reference for each one. This feed pulls the latest critical and high-severity CVEs directly from NIST's National Vulnerability Database — the same source your attackers are watching.
The average time from CVE disclosure to first exploitation attempt is 15 days — and for critical vulnerabilities, it can be hours. Monitoring this feed gives you the earliest possible warning. Pair it with our vulnerability scanning service to automatically check whether you're affected.
Filter by severity to focus on what matters most. Data sourced from the National Vulnerability Database (NVD) and refreshed every 15 minutes.
| Severity | CVSS Score | What It Means |
|---|---|---|
| Critical | 9.0 – 10.0 | Trivial to exploit, catastrophic impact. Drop everything and patch. These vulnerabilities typically allow unauthenticated remote code execution or complete system compromise. |
| High | 7.0 – 8.9 | Serious risk requiring urgent attention. May need authentication or specific conditions, but exploitation leads to significant damage — data theft, privilege escalation, or service disruption. |
| Medium | 4.0 – 6.9 | Moderate risk, typically requiring specific conditions or user interaction. Plan remediation within your normal patching cycle, but don't ignore them — they're often chained with other vulnerabilities. |
| Low | 0.1 – 3.9 | Minor impact, often requiring local access or unlikely conditions. Address in regular maintenance windows. Low severity doesn't mean no risk — context matters. |
A CVE list tells you what exists. A penetration test tells you what's exploitable in your environment. Combine threat intelligence with targeted testing to close the gaps that matter.