EPSS Exploit Prediction Scoring System Scraper
Pricing
from $24.00 / 1,000 results
EPSS Exploit Prediction Scoring System Scraper
Scrape EPSS (Exploit Prediction Scoring System) scores from FIRST.org. Returns the 30-day probability and percentile rank of CVE exploitation. Filter by CVE ID(s), date, history window, or minimum score.
Pricing
from $24.00 / 1,000 results
Rating
0.0
(0)
Developer
ParseForge
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
a day ago
Last modified
Categories
Share
📈 EPSS Exploit Prediction Scraper
🚀 Export FIRST.org EPSS exploit-prediction scores in seconds. Pull the daily probability that a CVE will be exploited in the next 30 days, plus its global percentile rank, with optional historical time-series for trend analysis. No sign-up, no token, no manual ingestion.
🕒 Last updated: 2026-05-15 · 📊 8 fields per record · 📈 240,000+ scored CVEs · 🎯 Daily refresh · 📅 Up to 730-day history
The EPSS Exploit Prediction Scraper pulls scores from the FIRST.org Exploit Prediction Scoring System and returns 8 normalised fields per record, including the CVE ID, the EPSS score (probability between 0 and 1 of exploitation in the next 30 days), the percentile rank against every other scored CVE, a derived severity band (Critical / High / Medium / Low), the score date, and an optional historical time series. EPSS is the de facto data-driven prioritisation signal used by mature security teams worldwide and is recommended by the U.S. federal vulnerability disclosure community as a complement to CVSS.
The system covers 240,000+ scored CVEs refreshed daily and offers up to 730 days of historical scores per CVE for trend tracking. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in minutes. Filters apply at the source, so you skip pagination, rate-limit handling, and time-series flattening entirely.
| 🎯 Target Audience | 💡 Primary Use Cases |
|---|---|
| Security teams, vulnerability managers, threat intel analysts, SOC engineers, risk modellers, security tool builders, ML researchers | EPSS-based patch prioritisation, risk scoring, vendor scorecards, CVE trend analysis, SIEM enrichment, ML features for vulnerability prediction |
📋 What the EPSS Exploit Prediction Scraper does
Several workflows in a single Actor:
- 📈 Daily corpus export. Pull every scored CVE for the latest available date.
- 🆔 Single CVE score. Look up one CVE by ID for a quick triage check.
- 📦 Batch CVE scores. Pass a comma-separated list of CVE IDs and get every score in one run.
- 📅 Specific date. Fetch scores for a historical date (YYYY-MM-DD).
- 🕰️ Time-series window. Return up to 730 days of historical scores per CVE for trend analysis.
- 🎚️ Threshold filters. Restrict to CVEs above a minimum EPSS score (e.g. ≥ 0.5) or above a percentile (e.g. top 5%).
- 📊 Flatten time series. Toggle to emit one row per (cve, date) for spreadsheets and SQL.
Each record includes the CVE identifier, the canonical detail URL, the EPSS probability, the percentile rank, a derived severity band, the score date, and an optional nested or flattened time series.
💡 Why it matters: CVSS tells you how bad a CVE could be in theory; EPSS tells you how likely it is to actually be exploited in the next 30 days. Combining the two is the modern standard for patch prioritisation. Building your own EPSS ingestion means handling pagination, daily refreshes, and the optional time-series shape. This Actor skips all of that and gives you a clean, downloadable dataset.
🎬 Full Demo
🚧 Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded EPSS dataset.
⚙️ Input
| Input | Type | Default | Behavior |
|---|---|---|---|
cveId | string | "" | Single CVE or comma-separated list (e.g. CVE-2021-44228,CVE-2023-50164). Empty = full corpus. |
date | YYYY-MM-DD | "" | Score date. Empty = latest available. |
daysBack | integer | null | Return up to N days of historical scores per CVE (max 730). |
minEpssScore | string (float) | "" | Threshold 0-1. Example: 0.5 = 50% probability of exploitation. |
minPercentile | string (float) | "" | Threshold 0-1. Example: 0.95 = top 5% of scored CVEs. |
flattenTimeSeries | boolean | false | Output one row per (cve, date) instead of nested time series. |
maxItems | integer | 10 | Records to return. Free plan caps at 10, paid plan at 1,000,000. |
Example: top 1% of CVEs by EPSS for the latest date.
Example: 90-day history for the Log4Shell family, flattened.
⚠️ Good to Know: EPSS scores are updated daily. A score of 0.95 means a 95% modelled probability of exploitation in the next 30 days. EPSS does not replace CVSS; the two answer different questions and work best together.
📊 Output
Each record contains 8 fields. Download the dataset as CSV, Excel, JSON, or XML.
🧾 Schema
| Field | Type | Example |
|---|---|---|
🆔 cve | string | "CVE-2021-44228" |
🔗 url | string | "https://www.first.org/epss/" |
📈 epss | number | null | 0.97432 |
📊 percentile | number | null | 0.99987 |
🚦 severity | string | null | "Critical" |
📅 date | YYYY-MM-DD | "2026-05-14" |
🕰️ timeSeries | object[] | null | [{ "date": "2026-05-13", "epss": 0.974, "percentile": 0.99987 }, ...] |
🕒 scrapedAt | ISO 8601 | "2026-05-15T00:00:00.000Z" |
📦 Sample record
✨ Why choose this Actor
| Capability | |
|---|---|
| 📈 | Authoritative source. Pulls directly from the FIRST.org EPSS catalogue, the de facto exploit-prediction model. |
| 🎯 | Daily probabilities. 30-day exploitation probability between 0 and 1, refreshed every day. |
| 📊 | Percentile ranks. Compare any CVE against every other scored entry in the corpus. |
| 🕰️ | Up to 730 days of history. Track score evolution over time for individual CVEs. |
| 🚦 | Derived severity bands. Critical / High / Medium / Low buckets ready for dashboards. |
| 📐 | Flatten or nest. Toggle between long-format (one row per cve+date) and wide-format outputs. |
| 🚫 | No sign-up. Works with public exploit-prediction data. No login or token needed. |
📊 EPSS is the modern data-driven complement to CVSS. Owning a clean local feed is a multiplier for every patch-management and risk-scoring workflow.
📈 How it compares to alternatives
| Approach | Cost | Coverage | Refresh | Filters | Setup |
|---|---|---|---|---|---|
| ⭐ EPSS Exploit Prediction Scraper (this Actor) | $5 free credit, then pay-per-use | 240,000+ scored CVEs | Daily | CVE list, date, score, percentile | ⚡ 2 min |
| Commercial threat-intel feeds | $10,000+/year | Curated subset | Streaming | Many | ⏳ Days |
| Manual CSV dumps | Free | Full | Stale by next day | None | 🐢 Hours |
| Self-built ingestion | Engineering time | Full | Custom | Custom | 🛠️ Weeks |
Pick this Actor when you want EPSS scores ready to merge with your CVE inventory.
🚀 How to use
- 📝 Sign up. Create a free account with $5 credit (takes 2 minutes).
- 🌐 Open the Actor. Go to the EPSS Exploit Prediction Scraper page on the Apify Store.
- 🎯 Set input. Pick a CVE list, threshold, or date, then set
maxItems. - 🚀 Run it. Click Start and let the Actor collect your data.
- 📥 Download. Grab your results in the Dataset tab as CSV, Excel, JSON, or XML.
⏱️ Total time from signup to downloaded dataset: 3-5 minutes. No coding required.
💼 Business use cases
🔌 Automating EPSS Exploit Prediction Scraper
Control the scraper programmatically for scheduled runs and pipeline integrations:
- 🟢 Node.js. Install the
apify-clientNPM package. - 🐍 Python. Use the
apify-clientPyPI package. - 📚 See the Apify documentation for full details.
The Apify Schedules feature lets you trigger this Actor on any cron interval. Daily refreshes line up perfectly with the EPSS publication cadence.
🌟 Beyond business use cases
Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
🤖 Ask an AI assistant about this scraper
Open a ready-to-send prompt about this ParseForge actor in the AI of your choice:
- 💬 ChatGPT
- 🧠 Claude
- 🔍 Perplexity
- 🅒 Copilot
❓ Frequently Asked Questions
🧩 What is EPSS?
EPSS (Exploit Prediction Scoring System) is a daily-updated model from FIRST.org that estimates the probability a CVE will be exploited in the wild in the next 30 days. It is the modern data-driven complement to CVSS.
📈 What does the score mean?
The EPSS score is a probability between 0 and 1. A score of 0.95 means a 95% modelled probability of exploitation in the next 30 days. The percentile field tells you where the CVE ranks against every other scored entry.
🔁 How often is the dataset refreshed?
EPSS publishes new scores every day. Every run reflects the corpus as of the latest available date.
🚦 What are the severity bands?
The Actor derives a Critical / High / Medium / Low band from the EPSS score: > 0.95 is Critical, ≥ 0.5 is High, ≥ 0.1 is Medium, otherwise Low. The bands are convenience labels; raw scores remain in the dataset for custom thresholds.
🕰️ How far back does the history go?
Up to 730 days per CVE via the daysBack input. The full historical corpus is available from the source with continuous coverage since the model went live.
🆚 EPSS vs CVSS - which should I use?
Both. CVSS rates technical severity if a vulnerability is exploited; EPSS estimates the likelihood of exploitation. Mature programmes combine the two: a Critical CVSS with a high EPSS gets fast-tracked, while a Critical CVSS with a low EPSS can be patched on the regular cycle.
🧮 Can I get one row per (cve, date) instead of nested time series?
Yes. Set flattenTimeSeries: true to emit one row per CVE per date. This is the most spreadsheet- and SQL-friendly shape for trend analysis.
⏰ Can I schedule regular runs?
Yes. Use Apify Schedules to run this Actor on any cron interval. A daily schedule lines up with the EPSS publication cadence.
⚖️ Is this data legal to use?
EPSS is published under permissive open licensing by FIRST.org. You should review the source license for your specific application but raw scores are public.
💳 Do I need a paid Apify plan to use this Actor?
No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets.
🆘 What if I need help?
Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below.
🔌 Integrate with any app
EPSS Exploit Prediction Scraper connects to any cloud service via Apify integrations:
- Make - Automate multi-step workflows
- Zapier - Connect with 5,000+ apps
- Slack - Get EPSS alerts in your security channels
- Airbyte - Pipe EPSS data into your warehouse
- GitHub - Trigger runs from commits and releases
- Google Drive - Export datasets straight to Sheets
You can also use webhooks to trigger downstream actions when a run finishes. Push fresh EPSS data into your ticketing system, or alert your team in Slack when a CVE jumps into the top percentile.
🔗 Recommended Actors
- 🛡️ NIST NVD CVE Scraper - Official NVD catalogue with CVSS v4/v3/v2 scores
- 🚨 CISA KEV Scraper - Known Exploited Vulnerabilities catalogue with due dates
- 🐙 GitHub Security Advisories Scraper - GHSA + CVE advisories with patched versions
- 📦 OSV Vulnerabilities Scraper - Open source vulnerabilities across 30+ ecosystems
- 🔬 CIRCL CVE Scraper - CIRCL Luxembourg CVE catalogue with CWE and CAPEC
💡 Pro Tip: browse the complete ParseForge collection for more security and reference-data scrapers.
🆘 Need Help? Open our contact form to request a new scraper, propose a custom data project, or report an issue.
⚠️ Disclaimer: this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by FIRST.org or the EPSS Special Interest Group. All trademarks mentioned are the property of their respective owners. Only publicly available exploit-prediction data is collected.
