CISA KEV Scraper
Pricing
$1.80 / 1,000 kev results
CISA KEV Scraper
Extract the official CISA Known Exploited Vulnerabilities catalog. Get CVEs, vendors, products, due dates, required actions, ransomware-use status, summaries, and remediation-planning rows.
Pricing
$1.80 / 1,000 kev results
Rating
0.0
(0)
Developer
Maxime Dupré
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
2 days ago
Last modified
Categories
Share
🛡️ CISA KEV scraper for vulnerability and remediation data
CISA KEV Scraper extracts the official public CISA Known Exploited Vulnerabilities catalog into structured Apify dataset rows. Use it to collect CVE records, group affected vendors and products, or create remediation-planning rows with CISA due dates, ransomware-use status, and source context.
- Export official CISA KEV vulnerability records for CVE tracking, reporting, and vulnerability management workflows.
- Filter KEV entries by affected vendor, product, date added, due date, or ransomware-use status.
- Build vendor and product summaries that show CVE counts, affected date ranges, and ransomware CVE counts.
- Create remediation-planning records with urgency, due-date timing, required action, and watchlist matches.
- Run recurring KEV monitoring for selected vendors, products, watchlist terms, or date windows.
📦 What you get
Choose one target per run:
| Target | Result |
|---|---|
| Vulnerability records | One row per matching CISA KEV vulnerability, including CVE, vendor/project, product, vulnerability name, description, dates, required action, ransomware-use status, notes, and catalog source context. |
| Vendor and product summaries | One row per affected vendor/product group, including CVE count, CVE list, date ranges, due-date ranges, ransomware CVE count, and catalog source context. |
| Remediation-planning records | One row per matching vulnerability with calendar urgency, due-date timing, ransomware-use status, required action, source URL, and optional watchlist matches. |
▶️ How to run
- Select the target you want: vulnerability records, vendor and product summaries, or remediation-planning records.
- Add optional filters such as vendor/product keywords, date-added range, due-date range, ransomware-only, watchlist terms, or maximum results.
- Start the Actor and open the dataset when the run finishes.
- Export results as JSON, CSV, Excel, XML, or connect them to another Apify workflow.
No CISA API key, login, or user credentials are needed for the public catalog data.
🔎 Input options
| Input | Use it for |
|---|---|
collectVulnerabilities | Collect individual KEV vulnerability records. |
collectVendorSummaries | Group matching KEV entries by vendor/project and product. |
minCveCount | Keep only vendor/product summaries with at least this many CVEs. |
collectRemediationPlans | Create remediation-planning rows with urgency and timing fields. |
watchlistTerms | Focus remediation-planning output on vendors, products, or vulnerability terms you monitor. |
vendorProductTerms | Filter by affected vendor, project, or product keyword. |
dateAddedFrom / dateAddedTo | Limit results by CISA catalog addition date. |
dueDateFrom / dueDateTo | Limit results by CISA remediation due date. |
ransomwareOnly | Keep only entries CISA marks as known to be used in ransomware campaigns. |
maxResults | Stop after a fixed number of output rows. |
🧾 Output example
A vulnerability record looks like this:
{"rowType": "vulnerability","cve": "CVE-2023-34362","vendorProject": "Progress","product": "MOVEit Transfer","vulnerabilityName": "Progress MOVEit Transfer SQL Injection Vulnerability","shortDescription": "Official CISA vulnerability description.","dateAdded": "2023-06-02","dueDate": "2023-06-23","requiredAction": "Official CISA required remediation action.","knownRansomwareCampaignUse": "Known","notes": "","daysSinceAdded": 400,"daysUntilDue": -379,"sourceUrl": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog","catalogVersion": "2024.07.01","catalogReleaseDate": "2024-07-01T00:00:00.000Z"}
A vendor summary row uses fields such as rowType, vendorProject, product, cveCount, cves, firstDateAdded, lastDateAdded, firstDueDate, lastDueDate, knownRansomwareCveCount, sourceUrl, catalogVersion, and catalogReleaseDate.
A remediation-planning row uses fields such as rowType, cve, vendorProject, product, vulnerabilityName, dateAdded, dueDate, daysSinceAdded, daysUntilDue, urgency, knownRansomwareCampaignUse, requiredAction, watchlistMatches, sourceUrl, catalogVersion, and catalogReleaseDate.
💳 Pricing
This actor uses pay-per-event pricing. You are charged only when the actor saves an accepted KEV result to the dataset. Empty runs, setup checks, diagnostics-only work, and no-result searches are not described as charged.
🔌 Integrations
Use this actor with Apify integrations, API clients, webhooks, scheduled runs, and dataset exports. Send results to spreadsheets, BI tools, databases, or your own app after each run.
❓ FAQ
🧩 Is this an official CISA API?
No. This is an Apify Actor that extracts the official public CISA Known Exploited Vulnerabilities catalog and returns structured dataset rows with source URLs and catalog context.
🔐 Do I need credentials?
No. The actor works with the public CISA KEV catalog and does not require a CISA API key, login, or user credentials.
📅 Can I filter by due date or date added?
Yes. Use the date-added and due-date range inputs to collect KEV entries relevant to a reporting period, remediation deadline, or monitoring window.
🦠 Can I collect only ransomware-related KEV entries?
Yes. Enable the ransomware-only filter to keep entries CISA marks as known to be used in ransomware campaigns.
🏢 Can I monitor specific vendors or products?
Yes. Add vendor or product keywords, or use watchlist terms with remediation-planning records to focus results on monitored assets or technologies.
📊 Does it include CVSS, EPSS, NVD, OSV, or GitHub advisory data?
No. The actor is limited to CISA KEV source data. It does not enrich results with NVD, EPSS, OSV, GitHub advisory, or package-vulnerability data.
📌 Which target should I choose?
Use vulnerability records for row-level CVE exports, vendor and product summaries for aggregation, and remediation-planning records when you need urgency, due-date timing, and watchlist matches.
📝 Changelog
- 0.1: Initial release.
🆘 Support
For issues, questions, or feature requests, file a ticket and I'll fix or implement it in less than 24h 🫡
🔗 Other actors
- GitHub Security Advisories Scraper ↗ - Track GitHub advisory data for security research and vulnerability workflows.
- SSL Certificate Checker ↗ - Check certificate details for domains you monitor.
- Semver Parser Version Range Checker ↗ - Parse and compare package version ranges for developer tooling.
- RapidAPI Scraper ↗ - Collect API marketplace data for integration research.
- US Travel Advisories Scraper ↗ - Extract official advisory data from a public government source. Made with ❤️ by Maxime Dupré