CISA KEV Catalog
Browse CISA's catalog of actively exploited vulnerabilities. Filter by vendor, view ransomware associations, and track remediation due dates.
Ready to take this to the next level?
Our team can help implement enterprise-grade solutions. Get personalized recommendations in a free 30-minute consultation.
Frequently Asked Questions
Common questions about the CISA KEV Catalog
The CISA Known Exploited Vulnerabilities (KEV) Catalog is an authoritative list of vulnerabilities that have been actively exploited in the wild. CISA requires federal agencies to remediate these vulnerabilities within specified timeframes.
CISA updates the KEV catalog regularly as new exploited vulnerabilities are discovered. New entries can be added at any time when CISA confirms active exploitation.
Due dates indicate when federal agencies are required to remediate the vulnerability. While only mandatory for federal agencies, all organizations should treat these deadlines as guidance for prioritization.
⚠️ Security Notice
This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. Unauthorized access or security testing may be illegal in your jurisdiction. All processing happens client-side in your browser - no data is sent to our servers.