CISA KEV Scraper avatar

CISA KEV Scraper

Pricing

$1.80 / 1,000 kev results

Go to Apify Store
CISA KEV Scraper

CISA KEV Scraper

Extract the official CISA Known Exploited Vulnerabilities catalog. Get CVEs, vendors, products, due dates, required actions, ransomware-use status, summaries, and remediation-planning rows.

Pricing

$1.80 / 1,000 kev results

Rating

0.0

(0)

Developer

Maxime Dupré

Maxime Dupré

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

2 days ago

Last modified

Share

🛡️ CISA KEV scraper for vulnerability and remediation data

CISA KEV Scraper extracts the official public CISA Known Exploited Vulnerabilities catalog into structured Apify dataset rows. Use it to collect CVE records, group affected vendors and products, or create remediation-planning rows with CISA due dates, ransomware-use status, and source context.

📦 What you get

Choose one target per run:

TargetResult
Vulnerability recordsOne row per matching CISA KEV vulnerability, including CVE, vendor/project, product, vulnerability name, description, dates, required action, ransomware-use status, notes, and catalog source context.
Vendor and product summariesOne row per affected vendor/product group, including CVE count, CVE list, date ranges, due-date ranges, ransomware CVE count, and catalog source context.
Remediation-planning recordsOne row per matching vulnerability with calendar urgency, due-date timing, ransomware-use status, required action, source URL, and optional watchlist matches.

▶️ How to run

  1. Select the target you want: vulnerability records, vendor and product summaries, or remediation-planning records.
  2. Add optional filters such as vendor/product keywords, date-added range, due-date range, ransomware-only, watchlist terms, or maximum results.
  3. Start the Actor and open the dataset when the run finishes.
  4. Export results as JSON, CSV, Excel, XML, or connect them to another Apify workflow.

No CISA API key, login, or user credentials are needed for the public catalog data.

🔎 Input options

InputUse it for
collectVulnerabilitiesCollect individual KEV vulnerability records.
collectVendorSummariesGroup matching KEV entries by vendor/project and product.
minCveCountKeep only vendor/product summaries with at least this many CVEs.
collectRemediationPlansCreate remediation-planning rows with urgency and timing fields.
watchlistTermsFocus remediation-planning output on vendors, products, or vulnerability terms you monitor.
vendorProductTermsFilter by affected vendor, project, or product keyword.
dateAddedFrom / dateAddedToLimit results by CISA catalog addition date.
dueDateFrom / dueDateToLimit results by CISA remediation due date.
ransomwareOnlyKeep only entries CISA marks as known to be used in ransomware campaigns.
maxResultsStop after a fixed number of output rows.

🧾 Output example

A vulnerability record looks like this:

{
"rowType": "vulnerability",
"cve": "CVE-2023-34362",
"vendorProject": "Progress",
"product": "MOVEit Transfer",
"vulnerabilityName": "Progress MOVEit Transfer SQL Injection Vulnerability",
"shortDescription": "Official CISA vulnerability description.",
"dateAdded": "2023-06-02",
"dueDate": "2023-06-23",
"requiredAction": "Official CISA required remediation action.",
"knownRansomwareCampaignUse": "Known",
"notes": "",
"daysSinceAdded": 400,
"daysUntilDue": -379,
"sourceUrl": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"catalogVersion": "2024.07.01",
"catalogReleaseDate": "2024-07-01T00:00:00.000Z"
}

A vendor summary row uses fields such as rowType, vendorProject, product, cveCount, cves, firstDateAdded, lastDateAdded, firstDueDate, lastDueDate, knownRansomwareCveCount, sourceUrl, catalogVersion, and catalogReleaseDate.

A remediation-planning row uses fields such as rowType, cve, vendorProject, product, vulnerabilityName, dateAdded, dueDate, daysSinceAdded, daysUntilDue, urgency, knownRansomwareCampaignUse, requiredAction, watchlistMatches, sourceUrl, catalogVersion, and catalogReleaseDate.

💳 Pricing

This actor uses pay-per-event pricing. You are charged only when the actor saves an accepted KEV result to the dataset. Empty runs, setup checks, diagnostics-only work, and no-result searches are not described as charged.

🔌 Integrations

Use this actor with Apify integrations, API clients, webhooks, scheduled runs, and dataset exports. Send results to spreadsheets, BI tools, databases, or your own app after each run.

❓ FAQ

🧩 Is this an official CISA API?

No. This is an Apify Actor that extracts the official public CISA Known Exploited Vulnerabilities catalog and returns structured dataset rows with source URLs and catalog context.

🔐 Do I need credentials?

No. The actor works with the public CISA KEV catalog and does not require a CISA API key, login, or user credentials.

📅 Can I filter by due date or date added?

Yes. Use the date-added and due-date range inputs to collect KEV entries relevant to a reporting period, remediation deadline, or monitoring window.

Yes. Enable the ransomware-only filter to keep entries CISA marks as known to be used in ransomware campaigns.

🏢 Can I monitor specific vendors or products?

Yes. Add vendor or product keywords, or use watchlist terms with remediation-planning records to focus results on monitored assets or technologies.

📊 Does it include CVSS, EPSS, NVD, OSV, or GitHub advisory data?

No. The actor is limited to CISA KEV source data. It does not enrich results with NVD, EPSS, OSV, GitHub advisory, or package-vulnerability data.

📌 Which target should I choose?

Use vulnerability records for row-level CVE exports, vendor and product summaries for aggregation, and remediation-planning records when you need urgency, due-date timing, and watchlist matches.

📝 Changelog

  • 0.1: Initial release.

🆘 Support

For issues, questions, or feature requests, file a ticket and I'll fix or implement it in less than 24h 🫡

🔗 Other actors