Name: CISA Known Exploited Vulnerabilities (KEV) Catalog
Creator: Cybersecurity and Infrastructure Security Agency
Published: 2026-05-27T11:42:47.648Z
License: https://www.usa.gov/government-copyright

Vulnerabilities with confirmed exploitation actively tracked by CISA

The CISA Known Exploited Vulnerabilities (KEV) Catalog is an authoritative source of vulnerabilities that have been exploited in the wild. Maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the catalog is updated regularly and serves as a primary resource for prioritizing vulnerability remediation efforts.

Under Binding Operational Directive (BOD) 22-01, U.S. federal civilian executive branch agencies are required to remediate KEV catalog entries by their specified due dates. CISA strongly recommends that all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise.

Each entry includes the CVE identifier, vendor/product information, a short description of the vulnerability, the required remediation action, a remediation due date, and whether the vulnerability has been linked to known ransomware campaigns.

This dataset can be used in conjunction with the @nist.nvd dataset to access additional metadata, e.g. CVSS scores.

CISA Known Exploited Vulnerabilities (KEV) Catalog

Vulnerabilities with confirmed exploitation actively tracked by CISA

Related Datasets

NIST NVD – Common Vulnerabilities And Exposures (CVEs)

CVE (Common Vulnerabilities And Exposures)

Software Vulnerability Detection Datasets - Function/method Level

Mapping Of NIST Cybersecurity Framework V1.1 To NERC CIP Reliability Standards

Mapping Of NIST Cybersecurity Framework V1.1 To NERC CIP Reliability Standards

Security Related Problems Experienced When Using The Internet (2004-2019)