# CISA KEV Known Exploited Vulnerabilities Scraper (`parseforge/cisa-kev-scraper`) Actor Scrape the CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by CVE ID, vendor, product, or date added. Returns required actions, due dates, ransomware campaign use, and CWE references for every actively-exploited CVE tracked by CISA. - **URL**: https://apify.com/parseforge/cisa-kev-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Business, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $23.25 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/main/banners/banner-default.jpg?raw=true) ## ๐Ÿšจ CISA KEV Scraper > ๐Ÿš€ **Export the U.S. federal Known Exploited Vulnerabilities catalogue in seconds.** Track every CVE actively exploited in the wild with vendor, product, due date, and ransomware-campaign tagging from the official CISA KEV catalogue. No sign-up, no token, no manual CSV wrangling. > ๐Ÿ•’ **Last updated:** 2026-05-15 ยท **๐Ÿ“Š 14 fields** per record ยท **๐Ÿšจ 1,500+ exploited CVEs** ยท **๐Ÿข 600+ vendors** ยท **โฐ Federal due-date tracking** The **CISA KEV Scraper** pulls every entry from the U.S. Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities catalogue and returns **14 normalised fields per record**, including the CVE ID, vendor, product, vulnerability name, addition date, required action, federal due date, ransomware-campaign flag, and associated CWE weaknesses. The catalogue is the single most important U.S. government list for vulnerability prioritisation. Federal civilian agencies are bound by Binding Operational Directive 22-01 to remediate every entry by its due date. The catalogue covers **1,500+ CVEs across 600+ vendors and projects** spanning operating systems, network gear, browsers, email servers, virtualisation platforms, and SaaS products. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in seconds. Filters apply locally on the full catalogue snapshot, so you skip pagination, retry handling, and JSON-to-spreadsheet plumbing entirely. | ๐ŸŽฏ Target Audience | ๐Ÿ’ก Primary Use Cases | |---|---| | Security operations teams, vulnerability managers, federal contractors, MSSPs, threat intel analysts, compliance officers, security tool builders | BOD 22-01 compliance, patch prioritisation, ransomware risk reports, SIEM enrichment, executive dashboards, incident response triage | --- ### ๐Ÿ“‹ What the CISA KEV Scraper does Six filtering workflows in a single run: - ๐ŸŒ **Full catalogue export.** Every active KEV entry in one dataset. - ๐Ÿข **Vendor filter.** Restrict to a vendor like `Microsoft`, `Cisco`, or `Apache`. - ๐Ÿ“ฆ **Product filter.** Drill down to a specific product line like `Windows` or `Log4j`. - ๐Ÿ†” **CVE filter.** Find a single CVE in the catalogue. - ๐Ÿ’€ **Ransomware-only filter.** Restrict to CVEs flagged as `Known` ransomware campaign use. - ๐Ÿงฌ **CWE filter.** Slice by weakness type, e.g. `CWE-79,CWE-89`. Each record includes the CVE identifier, vendor and product, plain-English vulnerability name, short description, the action CISA requires, the due date federal agencies must meet, a normalised ransomware-use boolean, free-text notes, and the full CWE list. > ๐Ÿ’ก **Why it matters:** the CISA KEV catalogue is the single most actionable feed for vulnerability prioritisation. Building your own ingestion means handling JSON parsing, normalising the ransomware text field, and refreshing on cadence. This Actor skips all of that and gives you a clean, downloadable dataset. --- ### ๐ŸŽฌ Full Demo _๐Ÿšง Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded KEV dataset._ --- ### โš™๏ธ Input
InputTypeDefaultBehavior
cveIdstring""Case-insensitive substring match on CVE ID.
vendorstring""Case-insensitive substring match on vendor (e.g. Microsoft).
productstring""Case-insensitive substring match on product (e.g. Windows).
addedAfterYYYY-MM-DD""Only include entries added to the catalogue on or after this date.
ransomwareOnlybooleanfalseRestrict to CVEs with knownRansomwareCampaignUse = "Known".
cwesstring""Comma-separated CWE IDs (e.g. CWE-79,CWE-89,787).
requiredActionDueAfterYYYY-MM-DD""Only include entries with a federal due date on or after this date.
maxItemsinteger10Records to return. Free plan caps at 10, paid plan at 1,000,000.
**Example: every Microsoft KEV entry actively used in ransomware campaigns.** ```json { "vendor": "Microsoft", "ransomwareOnly": true, "maxItems": 200 } ```` **Example: KEV entries added in 2025 with upcoming federal due dates.** ```json { "addedAfter": "2025-01-01", "requiredActionDueAfter": "2025-06-01", "maxItems": 500 } ``` > โš ๏ธ **Good to Know:** federal civilian agencies must remediate KEV entries by the published due date under BOD 22-01. Private organisations are not legally bound but the catalogue remains the highest-signal prioritisation list available. *** ### ๐Ÿ“Š Output Each record contains **14 fields**. Download the dataset as CSV, Excel, JSON, or XML. #### ๐Ÿงพ Schema | Field | Type | Example | |---|---|---| | ๐Ÿ†” `cveID` | string | `"CVE-2021-44228"` | | ๐Ÿ”— `url` | string | `"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"` | | ๐Ÿข `vendorProject` | string | `"Apache"` | | ๐Ÿ“ฆ `product` | string | `"Log4j2"` | | ๐Ÿท๏ธ `vulnerabilityName` | string | `"Apache Log4j2 Remote Code Execution Vulnerability"` | | ๐Ÿ“… `dateAdded` | YYYY-MM-DD | `"2021-12-10"` | | ๐Ÿ“ `shortDescription` | string | `"Apache Log4j2 contains a vulnerability where JNDI features..."` | | ๐Ÿ› ๏ธ `requiredAction` | string | `"For all affected software assets... apply mitigations..."` | | โฐ `dueDate` | YYYY-MM-DD | `"2021-12-24"` | | ๐Ÿ’€ `knownRansomwareCampaignUse` | boolean | null | `true` | | ๐Ÿ’€ `knownRansomwareCampaignUseRaw` | string | null | `"Known"` | | ๐Ÿ“ `notes` | string | null | `"https://logging.apache.org/log4j/2.x/security.html;..."` | | ๐Ÿงฌ `cwes` | string\[] | `["CWE-20", "CWE-400", "CWE-502"]` | | ๐Ÿ•’ `scrapedAt` | ISO 8601 | `"2026-05-15T00:00:00.000Z"` | #### ๐Ÿ“ฆ Sample record
๐Ÿ”ฅ Log4Shell (CVE-2021-44228) ```json { "cveID": "CVE-2021-44228", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "vendorProject": "Apache", "product": "Log4j2", "vulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability", "dateAdded": "2021-12-10", "shortDescription": "Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.", "requiredAction": "For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) Remove affected assets from agency networks.", "dueDate": "2021-12-24", "knownRansomwareCampaignUse": true, "knownRansomwareCampaignUseRaw": "Known", "notes": "https://logging.apache.org/log4j/2.x/security.html; https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance", "cwes": ["CWE-20", "CWE-400", "CWE-502"], "scrapedAt": "2026-05-15T00:00:00.000Z" } ```
*** ### โœจ Why choose this Actor | | Capability | |---|---| | ๐Ÿšจ | **Authoritative source.** Pulls directly from the official CISA KEV catalogue, the U.S. federal exploited-vulnerability list. | | โฐ | **Federal due dates.** Each entry carries the BOD 22-01 remediation deadline for federal civilian agencies. | | ๐Ÿ’€ | **Ransomware tagging.** Both raw text and a normalised boolean for `knownRansomwareCampaignUse`. | | ๐Ÿงฌ | **CWE mapping.** Each KEV entry is paired with its full list of weakness IDs. | | ๐Ÿ” | **Six filters.** Vendor, product, CVE, date-added, due-date, ransomware-only, and CWE all combine freely in one run. | | ๐Ÿ” | **Always fresh.** Every run hits the live catalogue, so the dataset reflects current entries and ransomware flags. | | ๐Ÿšซ | **No sign-up.** Works with public U.S. government data. No login or token needed. | > ๐Ÿ“Š The KEV catalogue is the single highest-signal vulnerability prioritisation list. Owning a clean local copy is a multiplier for every patch-management and SOC workflow. *** ### ๐Ÿ“ˆ How it compares to alternatives | Approach | Cost | Coverage | Refresh | Filters | Setup | |---|---|---|---|---|---| | **โญ CISA KEV Scraper** *(this Actor)* | $5 free credit, then pay-per-use | **1,500+ CVEs** | **Live per run** | vendor, product, CVE, date, CWE, ransomware | โšก 2 min | | Commercial threat-intel feeds | $10,000+/year | KEV + extra context | Streaming | Many | โณ Days | | Manual CSV downloads | Free | Full | Stale | None | ๐Ÿข Hours | | Self-built ingestion | Engineering time | Full | Custom | Custom | ๐Ÿ› ๏ธ Weeks | Pick this Actor when you want the canonical KEV catalogue with normalised filters and ready-to-load output. *** ### ๐Ÿš€ How to use 1. ๐Ÿ“ **Sign up.** [Create a free account with $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) (takes 2 minutes). 2. ๐ŸŒ **Open the Actor.** Go to the CISA KEV Scraper page on the Apify Store. 3. ๐ŸŽฏ **Set input.** Pick a vendor, product, date filter, or leave blank for the full catalogue, then set `maxItems`. 4. ๐Ÿš€ **Run it.** Click **Start** and let the Actor collect your data. 5. ๐Ÿ“ฅ **Download.** Grab your results in the **Dataset** tab as CSV, Excel, JSON, or XML. > โฑ๏ธ Total time from signup to downloaded dataset: **3-5 minutes.** No coding required. *** ### ๐Ÿ’ผ Business use cases
#### ๐Ÿ›ก๏ธ Federal & Compliance - Daily BOD 22-01 compliance dashboards for federal teams - Evidence packs for FedRAMP and FISMA assessments - Tracking remediation SLAs against KEV due dates - Slack alerts when a CVE in your stack hits the catalogue #### ๐Ÿ” Vulnerability Management - KEV-aware patch prioritisation queues - Vendor scorecards based on KEV count over time - Asset triage that fast-tracks KEV entries - Cross-referencing KEV with internal scanner output
#### ๐Ÿ’€ Threat Intel & Ransomware Tracking - Monitor new ransomware-use flags in near real time - Build ransomware risk reports filtered by vendor or product - Correlate KEV adds with ransomware group activity - Customer-facing trust pages with ransomware exposure stats #### ๐Ÿ“Š Executive Reporting - Board dashboards showing KEV coverage and remediation rates - Insurance underwriting models for cyber risk - M\&A due diligence on target attack-surface exposure - Quarterly security posture reports for stakeholders
*** ### ๐Ÿ”Œ Automating CISA KEV Scraper Control the scraper programmatically for scheduled runs and pipeline integrations: - ๐ŸŸข **Node.js.** Install the `apify-client` NPM package. - ๐Ÿ **Python.** Use the `apify-client` PyPI package. - ๐Ÿ“š See the [Apify documentation](https://docs.apify.com/) for full details. The [Apify Schedules feature](https://docs.apify.com/platform/schedules) lets you trigger this Actor on any cron interval. Daily refreshes keep your downstream patch management and SOC workflows in sync automatically. *** ### ๐ŸŒŸ Beyond business use cases Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
#### ๐ŸŽ“ Research and academia - KEV growth and remediation trend analysis for academic papers - Vendor risk modelling for security economics research - Coursework on vulnerability prioritisation and patching - Reproducible studies with cited, versioned dataset pulls #### ๐ŸŽจ Personal and creative - Hobbyist KEV dashboards for home-lab security research - Newsletter and blog research on the latest exploited CVEs - Portfolio projects that show off security data engineering - Personal alerting bots for vendors you actually use
#### ๐Ÿค Non-profit and civic - Local government IT teams tracking exposure to known threats - Civic-tech projects mapping risk for critical infrastructure - Investigative journalism on ransomware-vendor patterns - Community advocacy around responsible disclosure timelines #### ๐Ÿงช Experimentation - Train ML models on KEV characteristics and remediation lag - Prototype agent pipelines that summarise new entries - Test SIEM rules against historical KEV waves - Build dashboards on top of live KEV feeds
*** ### ๐Ÿค– Ask an AI assistant about this scraper Open a ready-to-send prompt about this ParseForge actor in the AI of your choice: - ๐Ÿ’ฌ [**ChatGPT**](https://chat.openai.com/?q=How%20do%20I%20use%20the%20CISA%20KEV%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿง  [**Claude**](https://claude.ai/new?q=How%20do%20I%20use%20the%20CISA%20KEV%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ” [**Perplexity**](https://perplexity.ai/search?q=How%20do%20I%20use%20the%20CISA%20KEV%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ…’ [**Copilot**](https://copilot.microsoft.com/?q=How%20do%20I%20use%20the%20CISA%20KEV%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) *** ### โ“ Frequently Asked Questions #### ๐Ÿงฉ How does it work? Configure your filters in the input form, click Start, and the Actor pulls the latest KEV catalogue snapshot from CISA, applies your filters locally, and emits one clean record per matching entry. #### ๐Ÿ“ How accurate is the data? Records are mirror-copies of the official CISA KEV catalogue at run time. Vendor, product, dates, descriptions, required actions, and CWE mappings are taken verbatim from the source. #### ๐Ÿ” How often is the dataset refreshed? CISA updates the catalogue when a new exploited CVE is identified, typically several times per week. Every run reflects the catalogue as of run time. #### ๐Ÿ’€ What does the ransomware flag mean? `knownRansomwareCampaignUse = true` means CISA has confirmed observed use of the CVE in ransomware campaigns. `false` means CISA has no confirmed reports yet. The raw text field is also preserved if you need the exact source value. #### โฐ What is the due date? Federal civilian agencies must remediate the CVE by the due date under Binding Operational Directive 22-01. Private organisations are not legally bound but it remains the strongest recommended deadline. #### ๐Ÿงฌ What is a CWE? CWE (Common Weakness Enumeration) is the standard taxonomy of software weaknesses. Each KEV entry is mapped to one or more CWE IDs that classify the underlying flaw type, like buffer overflow or cross-site scripting. #### โฐ Can I schedule regular runs? Yes. Use Apify Schedules to run this Actor on any cron interval. A common pattern is a daily schedule that pulls the catalogue and pushes new entries into a SIEM or ticketing system. #### โš–๏ธ Is this data legal to use? The KEV catalogue is a U.S. government public dataset with no restrictions on use, including commercial use. You should still review the official terms for your specific application. #### ๐Ÿ’ณ Do I need a paid Apify plan to use this Actor? No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets. #### ๐Ÿ” What happens if a run fails or gets interrupted? Apify automatically retries transient errors. If a run still fails, you can inspect the log in the Runs tab, fix the input, and re-run. Partial datasets from failed runs are preserved so you never lose progress. #### ๐Ÿ†˜ What if I need help? Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below. *** ### ๐Ÿ”Œ Integrate with any app CISA KEV Scraper connects to any cloud service via [Apify integrations](https://apify.com/integrations): - [**Make**](https://docs.apify.com/platform/integrations/make) - Automate multi-step workflows - [**Zapier**](https://docs.apify.com/platform/integrations/zapier) - Connect with 5,000+ apps - [**Slack**](https://docs.apify.com/platform/integrations/slack) - Get KEV alerts in your security channels - [**Airbyte**](https://docs.apify.com/platform/integrations/airbyte) - Pipe KEV data into your warehouse - [**GitHub**](https://docs.apify.com/platform/integrations/github) - Trigger runs from commits and releases - [**Google Drive**](https://docs.apify.com/platform/integrations/drive) - Export datasets straight to Sheets You can also use webhooks to trigger downstream actions when a run finishes. Push fresh KEV data into your ticketing system, or alert your team in Slack when a new entry hits the catalogue. *** ### ๐Ÿ”— Recommended Actors - [**๐Ÿ›ก๏ธ NIST NVD CVE Scraper**](https://apify.com/parseforge/nist-nvd-cve-scraper) - Official NVD catalogue with CVSS v4/v3/v2 scores - [**๐Ÿ“ˆ EPSS Exploit Prediction Scraper**](https://apify.com/parseforge/epss-exploit-prediction-scraper) - 30-day exploitation probability scores - [**๐Ÿ™ GitHub Security Advisories Scraper**](https://apify.com/parseforge/github-security-advisories-scraper) - GHSA + CVE advisories with patched versions - [**๐Ÿ“ฆ OSV Vulnerabilities Scraper**](https://apify.com/parseforge/osv-vulnerabilities-scraper) - Open source vulnerabilities across 30+ ecosystems - [**๐Ÿ”ฌ CIRCL CVE Scraper**](https://apify.com/parseforge/circl-cve-scraper) - CIRCL Luxembourg CVE catalogue with CWE and CAPEC > ๐Ÿ’ก **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge) for more security and reference-data scrapers. *** **๐Ÿ†˜ Need Help?** [**Open our contact form**](https://tally.so/r/BzdKgA) to request a new scraper, propose a custom data project, or report an issue. *** > **โš ๏ธ Disclaimer:** this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by CISA, the U.S. Department of Homeland Security, or any other government agency. All trademarks mentioned are the property of their respective owners. Only publicly available U.S. government vulnerability data is collected. # Actor input Schema ## `cveId` (type: `string`): Filter to a specific CVE (e.g. CVE-2021-44228). Case-insensitive substring match. ## `vendor` (type: `string`): Filter by vendor / project name (e.g. 'Microsoft', 'Cisco', 'Apache'). Case-insensitive substring match. ## `product` (type: `string`): Filter by product name (e.g. 'Windows', 'Log4j'). Case-insensitive substring match. ## `addedAfter` (type: `string`): Only include CVEs added to KEV on or after this date (YYYY-MM-DD). ## `ransomwareOnly` (type: `boolean`): Only include CVEs with knownRansomwareCampaignUse = 'Known' (used in observed ransomware campaigns). ## `cwes` (type: `string`): Comma-separated CWE IDs (e.g. 'CWE-79,CWE-89,787'). Returns only KEV entries tagged with at least one of these CWEs. ## `requiredActionDueAfter` (type: `string`): Only include KEV entries with a dueDate on or after this date (YYYY-MM-DD). Useful for tracking active remediation deadlines. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## Actor input object example ```json { "cveId": "", "vendor": "", "product": "", "addedAfter": "", "ransomwareOnly": false, "cwes": "", "requiredActionDueAfter": "", "maxItems": 10 } ``` # Actor output Schema ## `overview` (type: `string`): Overview of scraped data ## `fullData` (type: `string`): Complete dataset # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "cveId": "", "vendor": "", "product": "", "addedAfter": "", "cwes": "", "requiredActionDueAfter": "", "maxItems": 10 }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/cisa-kev-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "cveId": "", "vendor": "", "product": "", "addedAfter": "", "cwes": "", "requiredActionDueAfter": "", "maxItems": 10, } # Run the Actor and wait for it to finish run = client.actor("parseforge/cisa-kev-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "cveId": "", "vendor": "", "product": "", "addedAfter": "", "cwes": "", "requiredActionDueAfter": "", "maxItems": 10 }' | apify call parseforge/cisa-kev-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/cisa-kev-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CISA KEV Known Exploited Vulnerabilities Scraper", "description": "Scrape the CISA Known Exploited Vulnerabilities (KEV) catalog. Filter by CVE ID, vendor, product, or date added. Returns required actions, due dates, ransomware campaign use, and CWE references for every actively-exploited CVE tracked by CISA.", "version": "0.0", "x-build-id": "AXaSPscRsBaIPWSWs" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~cisa-kev-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-cisa-kev-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~cisa-kev-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-cisa-kev-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~cisa-kev-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-cisa-kev-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "cveId": { "title": "CVE ID Filter", "type": "string", "description": "Filter to a specific CVE (e.g. CVE-2021-44228). Case-insensitive substring match.", "default": "" }, "vendor": { "title": "Vendor Filter", "type": "string", "description": "Filter by vendor / project name (e.g. 'Microsoft', 'Cisco', 'Apache'). Case-insensitive substring match.", "default": "" }, "product": { "title": "Product Filter", "type": "string", "description": "Filter by product name (e.g. 'Windows', 'Log4j'). Case-insensitive substring match.", "default": "" }, "addedAfter": { "title": "Added After Date", "type": "string", "description": "Only include CVEs added to KEV on or after this date (YYYY-MM-DD).", "default": "" }, "ransomwareOnly": { "title": "Ransomware Use Only", "type": "boolean", "description": "Only include CVEs with knownRansomwareCampaignUse = 'Known' (used in observed ransomware campaigns).", "default": false }, "cwes": { "title": "CWE IDs Filter", "type": "string", "description": "Comma-separated CWE IDs (e.g. 'CWE-79,CWE-89,787'). Returns only KEV entries tagged with at least one of these CWEs.", "default": "" }, "requiredActionDueAfter": { "title": "Required Action Due After", "type": "string", "description": "Only include KEV entries with a dueDate on or after this date (YYYY-MM-DD). Useful for tracking active remediation deadlines.", "default": "" }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```