Vulnerability & Threat Intel Feed
Pricing
$3.00 / 1,000 vulnerability records
Vulnerability & Threat Intel Feed
Live vulnerability intelligence from the official public sources (NIST NVD CVE, CISA KEV, GitHub Security Advisories), merged by CVE into one enriched record and billed only per record delivered. Incremental: a run with nothing new bills nothing.
Pricing
$3.00 / 1,000 vulnerability records
Rating
0.0
(0)
Developer
Pono Data
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
2 hours ago
Last modified
Categories
Share
Threat Intel Feed (NVD, CISA KEV, GitHub Advisories)
One clean, flat, deduplicated stream of vulnerability records merged from three official public sources: the NIST National Vulnerability Database (NVD), the CISA Known Exploited Vulnerabilities (KEV) catalog, and GitHub Security Advisories (GHSA). Run it on a schedule in incremental mode to get only what is new or changed since your account's last run.
Input
- Sources: any of
nvd,cisa-kev,ghsa(default: all three). - Lookback days: how far back to pull on a first run (default 7).
- Minimum severity:
low,medium,high,critical(defaultlow). - Only known-exploited: keep only records in the CISA KEV catalog.
- Max records: cap on delivered, billed rows per run.
- NVD API key, GitHub token: optional, raise the source rate limits; not required.
Output
One row per vulnerability, merged across feeds by CVE id: id, source,
sources (every feed it appeared in), cveId, ghsaId, title, description,
severity, cvssScore, cvssVector, knownExploited, ransomwareUse,
vendorProduct, published, lastModified, references, plus provenance
(sourceUrl, retrievedAt, confidence).
How it works
All three are official, public endpoints (NVD REST API, the CISA KEV JSON feed,
the GitHub Advisories API). Every value is copied from the source response;
nothing is inferred. sourceUrl is the canonical page for the record, so any row
is verifiable against its origin. Records are merged so a CVE listed in more than
one feed is one row that names all of its sources. A source that fails to fetch
is skipped for that run and logged; the run continues on the others. A run that
finds nothing new writes nothing and bills nothing.
Billing
Pay per delivered vulnerability record. Records below your severity filter, and
anything past the per-run cap, go to a free, visible rejected dataset and are
never billed. A quiet day costs nothing.
Sample output
A real run merging live vulnerability intel (CISA known-exploited shown here):
| CVE | severity | known-exploited | title |
|---|---|---|---|
| CVE-2026-48907 | unknown | True | Widget Factory Joomla Content Editor Im… |
| CVE-2026-54420 | unknown | True | LiteSpeed cPanel Plugin UNIX Symbolic L… |
| CVE-2026-20262 | unknown | True | Cisco Catalyst SD-WAN Manager Directory… |
| CVE-2026-35273 | unknown | True | Oracle PeopleSoft Enterprise PeopleTool… |
Each row's sourceUrl is the feed it came from, for example https://www.cisa.gov/known-exploited-vulnerabilities-catalog. KEV records pass regardless of CVSS, because active exploitation outranks the score.
See also
More clean, pay-only-for-results data tools from Pono Data:
- Bulk DNS Lookup - DNS records plus SPF, DMARC, and CAA
- Government Data-Rescue Retriever - archived federal pages and datasets
Full catalog: https://apify.com/thoob
