CVE Security Advisory Monitor — AI Agent Vulnerability API
Pricing
from $3.50 / 1,000 results
CVE Security Advisory Monitor — AI Agent Vulnerability API
Keyless vulnerability intelligence for AI agents: NVD + GitHub Security Advisories + OSV merged. Daily new CVEs, keyword search, or product/package lookups. CVSS scores, weaknesses, affected versions, patch info and references per row. No API key, no browser.
Pricing
from $3.50 / 1,000 results
Rating
0.0
(0)
Developer
Logiover
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
a day ago
Last modified
Categories
Share
CVE Security Advisory Monitor — AI Agent Vulnerability Intelligence API
Keyless vulnerability intelligence for AI security agents. Pull CVEs from NVD, GitHub Security Advisories and OSV — merged, deduplicated, enriched with CVSS scores, CWE weaknesses, affected versions, patch info and references. Track daily new CVEs, search by keyword, or look up a product/package. No API key, no headless browser.
Built for the new wave of AI agents that reason about software security — DevSecOps agents that triage the daily CVE feed, dependency agents that check "is this package vulnerable?", patch-prioritization agents that rank by CVSS, and RAG pipelines that ground LLM answers in current vulnerability data instead of stale training-set knowledge.
🎯 What this Actor is for
Software vulnerabilities are published constantly — NVD alone logs hundreds of new CVEs a week. When an AI agent is asked "any new critical CVEs for our stack today?" or "is django 4.2.0 vulnerable?", it needs structured, current, multi-source vulnerability data — not a raw NVD JSON page to re-parse. cve-security-advisory-monitor is that vulnerability-grounding layer:
- Daily new CVEs.
recentmode pulls everything published in the last N days across NVD + GitHub Advisory — ideal for a scheduled daily monitoring run. Hundreds of fresh advisories per day. - Keyword search.
searchmode finds CVEs by description keyword (e.g.log4j,wordpress rce,apache). - Product/package lookup.
productmode queries OSV for vulnerabilities affecting specific packages (npm:express,pypi:django,maven:org.springframework:spring-core) — perfect for dependency scanning. - Multi-source merge. NVD (CVEs, CVSS, CWE, CPE), GitHub Security Advisories (GHSA, often with package-level affected ranges and fix versions), and OSV (open-source DB that merges many sources) are normalized and deduplicated. The same CVE found in all three collapses into one row with
sourceFeedsshowing where it appeared. - Triage-ready schema. Every advisory carries CVE/GHSA/OSV IDs, CVSS score + severity + vector, CWE weaknesses, affected products/versions, patched version and reference URLs.
- Severity filtering.
minCvsskeeps only High+ (7.0+) or Critical (9.0+) for focused triage. - AI-agent friendly. Predictable fields, ISO dates, nullable values, per-source attribution. Drop straight into a prompt or a vector store.
- No keys, no browser. Pure HTTP + JSON APIs on a small Node 20 container, with Apify proxy IP rotation to spread NVD/GitHub keyless rate limits. Cheap, fast, resilient.
✨ Key features
- 🛡️ NVD (NIST) —
services.nvd.nist.gov/rest/json/cves/2.0with date range (recent) or keywordSearch. Paginated (200/page). CVSS v3.1 (falls back to v2), CWE, CPE affected products. - 🐙 GitHub Security Advisories —
api.github.com/advisorieswithpublished>=filter. GHSA IDs (cross-linked to CVEs), package-level affected ranges, fix versions, references. - 📦 OSV.dev —
api.osv.dev/v1/queryPOST batch for package lookups. Merges NVD, GHSA, PyPA, RUSTSEC, Go, and many ecosystem-specific DBs. Aliases resolve to CVE/GHSA. - 🔀 Cross-source dedup — same CVE found in NVD + GHSA + OSV merges into one row;
sourceFeedslists carriers; richest fields win (summary, CVSS, patch version, CWE). - 📊 CVSS + severity —
cvssScore,cvssSeverity(LOW/MEDIUM/HIGH/CRITICAL),cvssVector.minCvssfilter for triage. - 🏷️ CWE weaknesses —
weaknessesarray (CWE-79, CWE-89, …) for classification. - 🎯 Affected versions — CPE products (NVD), package + ranges (GHSA/OSV), with
patchedVersionextracted from fix events. - 📅 Daily monitoring —
recentmode withdaysBack: 1= today's CVEs. Schedule daily for continuous coverage. - 🔍 Keyword search — NVD
keywordSearchfor topical queries (log4j,wordpress,rce). - 🌐 Proxy IP rotation — Apify datacenter proxy rotates IPs per request to mitigate NVD's keyless 5 req/30s and GitHub's 60 req/hr/IP limits.
- 💰 Pay-per-result — charged per saved advisory, not per run. Empty results are free.
🤖 Why AI agents need this
Vulnerability intelligence is a high-frequency, high-trust grounding task for security-flavored agents — and the hardest to keep current. NVD's own UI is clunky; commercial vuln DBs are expensive; each source (NVD, GHSA, OSV) has a different schema and gaps. An agent that hits one source gets partial coverage; an agent that scrapes NVD HTML reinvents parsing every time. cve-security-advisory-monitor wraps all three into one reliable, deduplicated, proxy-rotated, pay-per-result Actor:
- Daily CVE triage agent. A DevSecOps agent runs
recentmode every morning withminCvss: 7, ranks by severity, and alerts the team on CVEs matching their stack (filtered byaffected). - Dependency scan agent. A build/CI agent takes a lockfile, queries
productmode for each package via OSV, and fails the build if an unpatched vuln is found. - Patch prioritization agent. An agent ranks open CVEs by CVSS + affected-package criticality + patch availability, and drafts remediation tickets.
- Knowledge grounding. A support agent answers "is X version vulnerable to Y?" by retrieving the matching advisory instead of guessing from training data.
- Brand/ecosystem monitoring. A security-research agent watches for new CVEs mentioning a vendor or product keyword weekly.
- RAG over CVEs. Embed the daily CVE feed into a vector store; answer security questions with citations to the exact CVE.
- Threat-intel pipeline. Feed merged advisories into a SIEM or ticketing system; dedup prevents duplicate alerts.
Each of these is one Actor call (or a scheduled run). The output is a table of advisories ready for an LLM to triage, summarize, or alert on.
📦 What you get (output schema)
Every run streams one vulnerability advisory per row to the default dataset. A row looks like:
{"query": "last 1d","cveId": "CVE-2026-12345","ghsaId": "GHSA-abcd-efgh-1234","osvId": null,"description": "A SQL injection vulnerability exists in ...","summary": "SQL injection in package X via parameter Y","publishedDate": "2026-07-02T13:00:00.000Z","lastModified": "2026-07-02T14:30:00.000Z","cvssScore": 9.8,"cvssSeverity": "CRITICAL","cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","weaknesses": ["CWE-89"],"affected": [{ "ecosystem": "pypi", "package": "django", "ranges": [...] }],"patchedVersion": "4.2.1","references": ["https://nvd.nist.gov/...", "https://github.com/.../security/advisories/..."],"sourceFeeds": ["nvd", "githubAdvisory"],"duplicateCount": 2,"scrapedAt": "2026-07-02T12:00:00.000Z"}
Use the Overview view to scan all advisories newest-first with CVSS, or the By severity view to pivot on LOW/MEDIUM/HIGH/CRITICAL for triage.
🚀 How to use
1. Daily new CVEs (schedule this)
{"mode": "recent","daysBack": 1,"sources": ["nvd", "githubAdvisory"],"maxResults": 500}
2. High-severity only (for triage)
{"mode": "recent","daysBack": 7,"minCvss": 7,"sources": ["nvd", "githubAdvisory", "osv"]}
3. Keyword search
{"mode": "search","query": "log4j","maxResults": 200}
4. Product/package vulnerabilities (dependency scan)
{"mode": "product","products": ["npm:express", "pypi:django", "maven:org.springframework:spring-core"],"sources": ["osv"]}
5. Bulk keywords
{"mode": "bulk","queries": ["log4j", "wordpress", "apache struts"],"maxResults": 100}
From code (Apify SDK)
import { ApifyClient } from 'apify-client';const client = new ApifyClient({ token: process.env.APIFY_TOKEN });const run = await client.actor('logiover/cve-security-advisory-monitor').call({mode: 'recent',daysBack: 1,minCvss: 7,});const { items } = await client.dataset(run.defaultDatasetId).listItems();const critical = items.filter(i => i.cvssSeverity === 'CRITICAL');console.log(`${critical.length} critical CVEs today`);
As an MCP tool for AI agents
Wrap this Actor in an MCP server. A security agent calls the tool with a keyword, product, or date window and receives structured advisories with CVSS + patch info — no NVD scraping, no schema juggling on the agent side.
🔧 Input fields
| Field | Type | Default | Description |
|---|---|---|---|
mode | enum | recent | recent (new CVEs in N days), search (keyword), product (packages), bulk (many keywords). |
daysBack | int | 1 | Days back for recent mode (1–120). 1 = today's CVEs. |
query | string | — | Keyword for search mode. |
queries | array | — | Keywords for bulk mode. |
products | array | — | Packages for product mode (ecosystem:name, e.g. npm:express). |
sources | array | all | Which DBs: nvd, githubAdvisory, osv. |
maxResults | int | 500 | Cap per query/window (1–5000). |
minCvss | number | 0 | Keep only CVSS ≥ this (0–10). 7 = High+. |
useApifyProxy | bool | true | Route through Apify datacenter proxy (IP rotation for rate limits). |
proxyGroups | array | — | Override group, e.g. ["RESIDENTIAL"]. |
🧩 How it works
- Build requests per source. For
recent, compute the ISO date window (daysBack→pubStart/pubEnd) and query NVD (pubStartDate/pubEndDate) + GitHub Advisory (published>=). Forsearch, NVDkeywordSearch. Forproduct, OSV POST batch. - Fetch with IP rotation. Each request goes through the Apify datacenter proxy (rotating source IP per request) to mitigate NVD's keyless 5 req/30s and GitHub's 60 req/hr/IP. 429/5xx trigger exponential backoff retry (up to 6 attempts).
- Paginate. NVD (
resultsPerPage=200+startIndex), GitHub Advisory (per_page=100+page). Loop untilmaxResultsor an empty/short page. - Normalize. Each source's schema is mapped to a common record:
cveId/ghsaId/osvId,description/summary, dates,cvssScore/cvssSeverity/cvssVector,weaknesses(CWE),affected(products/packages + ranges),patchedVersion(from fix events),references. - Deduplicate. Rows are keyed by CVE ID (or GHSA/OSV if no CVE). The same vuln found in NVD + GHSA + OSV merges into one row:
sourceFeedsunions,duplicateCountincrements, and the richest fields (summary, CVSS, patch version, CWE) win. - Filter.
minCvsskeeps only advisories at or above the threshold (advisories without a CVSS score pass ifminCvssis 0). - Stream. Each advisory is pushed to the dataset and one
resultevent is charged.
💡 Tips & best practices
- Schedule
recentdaily.daysBack: 1each morning catches yesterday's CVEs. UsedaysBack: 7weekly for a broader sweep. Hundreds of fresh CVEs per day = consistent volume. - Use
minCvss: 7for triage. Focus on High+ first; Low/Medium can wait. Critical-only (minCvss: 9) for emergency sweeps. productmode for dependency hygiene. Pass your lockfile packages (npm:*,pypi:*,maven:*) to OSV for a full dependency vuln scan. Combine withpatchedVersionto auto-generate upgrade tickets.- All three sources for coverage. NVD is the CVE authority but slow to enrich; GitHub Advisory has package-level fix versions fast; OSV merges ecosystem DBs (RUSTSEC, PyPA, Go, etc.) that NVD lacks. Dedup keeps it clean.
- Keyword for vendor/product monitoring.
search: "apache struts"orsearch: "wordpress plugin"to watch a vendor's CVEs. - Polite pacing. NVD keyless is 5 req/30s; the Actor sleeps between pages. For very large windows, expect slower throughput (it trades speed for reliability).
- Combine with related Actors. Pair with
github-activity-stream(security commits/releases),certificate-transparency-monitor(infra changes), andnews-intelligence-scraper(breach news).
❓ FAQ
Does this Actor need any API keys?
No. NVD, GitHub Advisory, and OSV all have keyless tiers. The Apify proxy IP rotation helps spread the keyless rate limits. For heavy production use, NVD offers a free API key (raises to 50 req/30s) — but this Actor doesn't require one.
Why three sources instead of just NVD?
NVD is the CVE authority but often lags on enrichment (package ranges, fix versions). GitHub Security Advisories add package-level affected ranges and fix versions fast. OSV merges ecosystem-specific DBs (RUSTSEC, PyPA, Go, etc.) that NVD doesn't cover well. Merging all three + deduping gives the broadest, richest coverage.
How current is the data?
NVD and GitHub Advisory publish in near-real-time. recent mode with daysBack: 1 gives you CVEs published in the last 24 hours. There's a small lag (minutes to hours) between public disclosure and NVD enrichment.
Does it find CVEs for a specific package version?
product mode queries OSV with a package name; OSV returns all known vulns for that package (you filter by version using the affected ranges downstream). For exact-version checks, post-process the affected.ranges field.
How does dedup work?
Rows are keyed by CVE ID (or GHSA/OSV ID if no CVE). The same vuln in NVD + GHSA + OSV collapses into one row with sourceFeeds: ["nvd","githubAdvisory","osv"] and duplicateCount: 3. The richest fields win (summary from GHSA, CVSS from NVD, patch version from GHSA/OSV).
Why are some CVSS scores null?
Not every advisory has a CVSS score (especially fresh OSV entries before NVD enrichment). minCvss: 0 keeps them; minCvss: 7 filters them out (since null < 7).
How is this priced?
Pay-per-result: one result event per saved advisory. Runs that yield zero advisories are free.
Will I get rate-limited?
NVD keyless is 5 req/30s; GitHub is 60 req/hr/IP. The Actor uses IP rotation + exponential backoff to push through. For sustained heavy use, an NVD API key would help.
Can AI agents call this directly?
Yes. Expose it through an MCP server or Apify tool integration; the agent passes a keyword/product/date window and gets structured advisories back. This is the primary design target.
🔗 Related Actors
- github-activity-stream — repo commits/releases/security commits (dev-side signals).
- certificate-transparency-monitor — new TLS certs (infra/attack-surface changes).
- news-intelligence-scraper — breach/security news coverage.
- subdomain-finder — CT-log subdomain discovery (recon).
- bulk-whois-rdap-lookup — domain ownership for vuln attribution.
📝 Changelog
2026-07-02 — v1.0
- Initial release.
- 4 modes:
recent,search,product,bulk. - 3 sources: NVD, GitHub Security Advisories, OSV.
- Cross-source dedup (CVE/GHSA/OSV key), CVSS + severity + vector, CWE weaknesses, affected versions, patched version, references.
minCvssseverity filter.- Apify datacenter proxy default (IP rotation for rate limits).
- Pay-per-result (
resultevent per saved advisory).
⚖️ Disclaimer
This Actor queries public vulnerability databases (NVD, GitHub Advisory, OSV) via their keyless APIs. Vulnerability data is owned by the respective sources (NIST, GitHub, OSV maintainers); respect their Terms of Service and rate limits. Use for security monitoring, DevSecOps automation and AI-agent grounding on data that is already public.