Pricing

Pay per usage

CVE Threat Prioritizer — NIST + CISA + FIRST EPSS

Stop triaging CVEs manually. Combines NIST NVD severity, CISA Known Exploited status, and FIRST EPSS exploit probability into a single priority score — plus patch availability and affected product count. Know which vulnerabilities to fix today.

Pricing

Pay per usage

Rating

0.0

(0)

Developer

daehwan kim

Actor stats

Bookmarked

Total users

Monthly active users

6 hours ago

Last modified

What it does

Most vulnerability scanners give you a raw CVSS score and stop there. CVSS alone doesn't tell you if a vulnerability is being actively exploited, how likely exploitation is in the next 30 days, or whether a patch even exists. This Actor combines three independent signals:

Source	Signal	Why it matters	License
NIST NVD	CVSS score (0–10) + attack vector	Base severity and exploitability	US Government Public Domain
CISA KEV	Known Exploited Vulnerabilities catalog	Active exploitation confirmed by government	US Government Public Domain
FIRST EPSS	Exploit Prediction Scoring System (0–1)	Probability of exploitation in next 30 days	Public

Priority Score Formula

Priority = (CVSS × 0.3) + (EPSS × 10 × 0.3) + KEV_bonus(3) + Ransomware_bonus(1)

Score	Priority	Action
≥ 6	CRITICAL	Patch immediately
≥ 4	HIGH	Patch within 7 days
≥ 2	MEDIUM	Schedule next sprint
< 2	LOW	Monitor

Input

{
  "cveIds": ["CVE-2021-44228", "CVE-2022-30190", "CVE-2023-44487"],
  "keyword": "apache",
  "minCvssScore": 7.0
}

Field	Type	Default	Description
`cveIds`	string[]	Log4Shell, PrintNightmare, HTTP/2 Rapid Reset	Specific CVE IDs to analyze
`keyword`	string	—	Search NVD for all HIGH CVEs matching a keyword
`minCvssScore`	number	`7.0`	Skip CVEs below this score (unless in CISA KEV)

Output

{
  "_summary": {
    "total": 3,
    "critical": 2,
    "high": 1,
    "knownExploited": 2,
    "ransomwareLinked": 1,
    "patchAvailable": 3,
    "networkExposure": 3
  }
},
{
  "cveId": "CVE-2021-44228",
  "description": "Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features...",
  "cvssScore": 10.0,
  "severity": "CRITICAL",
  "attackVector": "NETWORK",
  "attackComplexity": "LOW",
  "epssScore": 0.9754,
  "epssPercentile": 0.99996,
  "isKnownExploited": true,
  "cisaDueDate": "2021-12-24",
  "ransomwareUse": "Known",
  "patchAvailable": true,
  "patchUrls": ["https://logging.apache.org/log4j/2.x/security.html"],
  "affectedProductsCount": 214,
  "priorityScore": 7.97,
  "priority": "CRITICAL",
  "published": "2021-12-10T10:15:09.143"
}

Use Cases

Security teams — replace manual CVE triage spreadsheets with automated priority queues
DevSecOps pipelines — integrate into CI/CD to flag CRITICAL CVEs before merge
Vulnerability management platforms — enrich scanner output with EPSS + KEV data
Compliance reporting — generate evidence of vulnerability prioritization methodology
MSSP / MDR services — automate client vulnerability briefings

Why this beats building it yourself

Three separate API integrations, CISA KEV XML parsing, EPSS batch queries, NVD CPE parsing for affected product count, patch URL extraction from NVD references — all combined with a weighted scoring formula. This Actor does all of it in a single run.

Attribution

NIST NVD: https://nvd.nist.gov
CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
FIRST EPSS: https://www.first.org/epss

Cybersecurity Vuln Mcp

martc03/cybersecurity-vuln-mcp

CoDee

CISA Known Exploited Vulnerabilities Search

ryanclinton/cisa-kev-search

Search and filter the official CISA Known Exploited Vulnerabilities (KEV) catalog -- the authoritative U.S. government list of vulnerabilities actively exploited in the wild.

ryan clinton

NVD CVE Vulnerability Search

ryanclinton/nvd-cve-vulnerability-search

NVD CVE Vulnerability Search queries the NIST National Vulnerability Database (NVD) REST API v2.0 to retrieve detailed information about Common Vulnerabilities and Exposures (CVEs). The NVD is the U.S.

ryan clinton

Cyber Attack Surface Report

ryanclinton/cyber-attack-surface-report

Comprehensive external attack surface report that maps any domain's infrastructure, vulnerabilities, and exposure using 11 sub-actors in parallel.

ryan clinton

Cisa-Kev-Enricher.

signalfoundry/cisa-kev-ransomware-threat-intel

Prioritise real threats fast. Tracks CISA KEV catalogue live + EPSS v3 scores. Spots "Silent Flips" CVEs now used by ransomware (LockBit, BlackCat). 90%+ exploit probability, ransomware filter, SOC 2/HIPAA reports, Slack/Teams alerts, JSON/CSV export.

Frank Kamu

Linkedin Sales Navigator Scraper

bestscrapers/linkedin-sales-navigator-scraper

A powerful tool designed to extract detailed lead information from a Sales Navigator URL — without the need for cookies or login.

Linkedin Scrapers

1.5K

2.8

(18)

Linkedin Sales Navigator Scraper

freshdata/linkedin-sales-navigator-scraper

A powerful tool designed to extract detailed leads information from a sales navigator URL — without the need for cookies or login.

FreshData

652

5.0

(2)

Sales Navigator Scraper By Filters

bestscrapers/sales-navigator-scraper-by-filters

Find and scrape LinkedIn Sales Navigator leads with advanced filters.

Linkedin Scrapers

175

Bulk Email Verifier

ryanclinton/bulk-email-verifier

Verify email deliverability in bulk — MX records, live SMTP mailbox checks, disposable domain detection (55,000+ domains), role-based flagging, catch-all detection, and confidence scores. $0.005/email, no subscription.

ryan clinton

CVE Monitor — New Vulnerability Feed with Alerts

mukedlii/nvd-cve-monitor

Monitor the NIST National Vulnerability Database (NVD) for new and updated CVEs. Filter by vendor, product, CVSS score, or severity level. Get instant Telegram alerts when critical vulnerabilities affect your stack.