# CVE Vulnerability Monitor โ€” NVD, CISA KEV & EPSS (`nexgendata/cve-vulnerability-monitor`) Actor Monitor new/updated CVEs by vendor or product, enriched with CISA KEV exploited-flag and EPSS exploit probability. Official NVD data, no login. - **URL**: https://apify.com/nexgendata/cve-vulnerability-monitor.md - **Developed by:** [NexGenData](https://apify.com/nexgendata) (community) - **Categories:** Business, Developer tools, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $30.00 / 1,000 cves This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## ๐Ÿ›ก๏ธ CVE Monitor ยท NVD ยท CISA KEV ยท EPSS Monitor new and updated CVEs for the vendors and products you care about โ€” enriched with CISA Known-Exploited flags and EPSS exploit-probability. Built for security & vulnerability-management teams. ### โšก What you get | Field | Description | |---|---| | `cveId` | CVE identifier | | `cvssScore` / `cvssSeverity` | CVSS base score & severity | | `knownExploited` | In CISA KEV (actively exploited) | | `epssScore` | EPSS exploit-probability (0-1) | | `published` / `lastModified` | Timeline | | `description` / `references` | Summary + source links | ### ๐ŸŽฏ Use cases 1. Vulnerability-management teams tracking their tech stack 2. Security vendors / MSSPs feeding alerting pipelines 3. Threat-intel analysts prioritising by KEV + EPSS 4. Compliance teams evidencing CVE monitoring ### ๐Ÿš€ Sample inputs ```json { "keywords": ["openssl","fortinet"], "sinceDays": 7, "maxPerKeyword": 20 } ```` ```json { "keywords": ["apache log4j"], "severityMin": "HIGH" } ``` ### ๐Ÿ“ฆ Sample output ```json { "cveId": "CVE-2026-1234", "cvssScore": 9.8, "cvssSeverity": "CRITICAL", "knownExploited": true, "epssScore": 0.94, "published": "2026-06-01T00:00Z", "keyword": "openssl", "description": "..." } ``` ### ๐Ÿ“Š Sample Output ![Sample output](https://api.apify.com/v2/key-value-stores/8gLgXMBveEI1tTz1z/records/cve-vulnerability-monitor-output.png) ### ๐Ÿ›  How it works 1. **Source** โ€” official NVD CVE API 2.0 (`services.nvd.nist.gov`), no login. 2. **Enrich** โ€” joins CISA KEV (known-exploited) + FIRST.org EPSS scores. 3. **Filter** โ€” by keyword, look-back window, and minimum severity. 4. **Schema** โ€” one row per CVE with prioritisation fields. 5. **Fallback** โ€” rate-limit-aware; failed keywords are logged and skipped. ### ๐Ÿ”— Related Actors - [Domain WHOIS Lookup](https://apify.com/nexgendata/domain-whois-lookup?fpr=2ayu9b) - [SSL Certificate Checker](https://apify.com/nexgendata/ssl-certificate-checker?fpr=2ayu9b) - [Tech Stack Detector](https://apify.com/nexgendata/wappalyzer-replacement?fpr=2ayu9b) - [Email DMARC Auditor](https://apify.com/nexgendata/email-dmarc-auditor?fpr=2ayu9b) ### ๐Ÿ’ฐ Pricing Example Pay-per-event: **$0.005 per run + $0.03 per CVE** (`cve-record`). | Cves | Cost | |---|---| | 100 | ~$3.00 | | 500 | ~$15.01 | | 2,000 | ~$60.01 | Apify's **$5 free credit** covers ~166 CVEs. [Start free โ†’](https://apify.com/?fpr=2ayu9b) ### โš–๏ธ Legal & data sources Data from public, official feeds: NVD (NIST), CISA KEV, and FIRST.org EPSS. Government/public-domain and openly-licensed sources; identified User-Agent; rate-limit-respecting. ### โ“ FAQ **How fresh?** Live from NVD at run time; use `sinceDays` for the window. **What is KEV?** CISA's Known Exploited Vulnerabilities catalog โ€” actively-exploited CVEs. **What is EPSS?** FIRST.org's probability a CVE will be exploited in the next 30 days. **Do I need an API key?** No. **Can I filter severity?** Yes โ€” `severityMin` = LOW/MEDIUM/HIGH/CRITICAL. **By product?** Use `keywords` (vendor/product terms). ### ๐Ÿ†˜ Troubleshooting - **Few results** โ€” widen `sinceDays` or broaden keywords. - **Rate-limited** โ€” the actor paces NVD calls; large keyword lists take longer. - **No EPSS for a CVE** โ€” EPSS may not score very new CVEs yet; field is null. - **Too noisy** โ€” set `severityMin: "HIGH"`. ### ๐Ÿท๏ธ About NexGenData Structured public-data tools for analysts, developers, and operators. [thenextgennexus.com](https://thenextgennexus.com/actors-by-workflow/). # Actor input Schema ## `keywords` (type: `array`): Terms to monitor, e.g. \["openssl","fortinet","apache log4j"]. ## `sinceDays` (type: `integer`): Return CVEs modified within this many days. ## `maxPerKeyword` (type: `integer`): Cap CVEs returned per keyword. ## `severityMin` (type: `string`): Optional floor: LOW, MEDIUM, HIGH, or CRITICAL. ## Actor input object example ```json { "keywords": [ "openssl", "fortinet" ], "sinceDays": 7, "maxPerKeyword": 20 } ``` # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "keywords": [ "openssl", "fortinet" ], "sinceDays": 7, "maxPerKeyword": 20, "severityMin": "" }; // Run the Actor and wait for it to finish const run = await client.actor("nexgendata/cve-vulnerability-monitor").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "keywords": [ "openssl", "fortinet", ], "sinceDays": 7, "maxPerKeyword": 20, "severityMin": "", } # Run the Actor and wait for it to finish run = client.actor("nexgendata/cve-vulnerability-monitor").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "keywords": [ "openssl", "fortinet" ], "sinceDays": 7, "maxPerKeyword": 20, "severityMin": "" }' | apify call nexgendata/cve-vulnerability-monitor --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=nexgendata/cve-vulnerability-monitor", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CVE Vulnerability Monitor โ€” NVD, CISA KEV & EPSS", "description": "Monitor new/updated CVEs by vendor or product, enriched with CISA KEV exploited-flag and EPSS exploit probability. Official NVD data, no login.", "version": "0.0", "x-build-id": "HEVEhSefTmR9i4BdW" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/nexgendata~cve-vulnerability-monitor/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-nexgendata-cve-vulnerability-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/nexgendata~cve-vulnerability-monitor/runs": { "post": { "operationId": "runs-sync-nexgendata-cve-vulnerability-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/nexgendata~cve-vulnerability-monitor/run-sync": { "post": { "operationId": "run-sync-nexgendata-cve-vulnerability-monitor", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "keywords" ], "properties": { "keywords": { "title": "Vendors / products / keywords", "type": "array", "description": "Terms to monitor, e.g. [\"openssl\",\"fortinet\",\"apache log4j\"].", "items": { "type": "string" } }, "sinceDays": { "title": "Look-back window (days)", "type": "integer", "description": "Return CVEs modified within this many days." }, "maxPerKeyword": { "title": "Max CVEs per keyword", "type": "integer", "description": "Cap CVEs returned per keyword." }, "severityMin": { "title": "Minimum severity", "type": "string", "description": "Optional floor: LOW, MEDIUM, HIGH, or CRITICAL." } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```