SARA / Free Tools / KEV Browser

CISA Known Exploited Vulnerabilities — searchable, filterable

Browse every CVE in the CISA KEV catalog. Filter by vendor, product, ransomware use, or BOD 22-01 due date. Updated daily from cisa.gov.

CVEVendorProductAddedDueRansomTriage
CVE-2020-29557 D-Link DIR-825 R1 Devices 2021-11-03 2022-05-03 Triage →
CVE-2010-4345 Exim Exim 2022-03-25 2022-04-15 Triage →
CVE-2017-1000486 Primetek Primefaces Application 2022-01-10 2022-07-10 Triage →
CVE-2020-25506 D-Link DNS-320 Device 2021-11-03 2022-05-03 Triage →
CVE-2021-43890 Microsoft Windows 2021-12-15 2021-12-29 Ransomware Triage →
CVE-2010-2861 Adobe ColdFusion 2022-03-25 2022-04-15 Ransomware Triage →
CVE-2017-9822 DotNetNuke (DNN) DotNetNuke (DNN) 2021-11-03 2022-05-03 Ransomware Triage →
CVE-2019-7609 Elastic Kibana 2022-01-10 2022-07-10 Triage →
CVE-2010-4344 Exim Exim 2022-03-25 2022-04-15 Triage →
CVE-2018-15811 DotNetNuke (DNN) DotNetNuke (DNN) 2021-11-03 2022-05-03 Triage →
CVE-2019-1405 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2020-8657 EyesOfNetwork EyesOfNetwork 2021-11-03 2022-05-03 Triage →
CVE-2021-44168 Fortinet FortiOS 2021-12-10 2021-12-24 Triage →
CVE-2019-1322 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2021-35394 Realtek Jungle Software Development Kit (SDK) 2021-12-10 2021-12-24 Triage →
CVE-2005-2773 Hewlett Packard (HP) OpenView Network Node Manager 2022-03-25 2022-04-15 Triage →
CVE-2021-22205 GitLab Community and Enterprise Editions 2021-11-03 2021-11-17 Ransomware Triage →
CVE-2019-7238 Sonatype Nexus Repository Manager 2021-12-10 2022-06-10 Triage →
CVE-2021-4102 Google Chromium V8 2021-12-15 2021-12-29 Triage →
CVE-2009-2055 Cisco IOS XR 2022-03-25 2022-04-15 Triage →
CVE-2019-15752 Docker Desktop Community Edition 2021-11-03 2022-05-03 Triage →
CVE-2020-17463 Fuel CMS Fuel CMS 2021-12-10 2022-06-10 Triage →
CVE-2019-5591 Fortinet FortiOS 2021-11-03 2022-05-03 Triage →
CVE-2019-1129 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2020-8816 Pi-hole AdminLTE 2021-12-10 2022-06-10 Triage →
CVE-2019-13272 Linux Kernel 2021-12-10 2022-06-10 Triage →
CVE-2009-0927 Adobe Reader and Acrobat 2022-03-25 2022-04-15 Triage →
CVE-2018-7600 Drupal Drupal Core 2021-11-03 2022-05-03 Ransomware Triage →
CVE-2021-44515 Zoho Desktop Central 2021-12-10 2021-12-24 Triage →
CVE-2009-1151 phpMyAdmin phpMyAdmin 2022-03-25 2022-04-15 Triage →
CVE-2020-8515 DrayTek Multiple Vigor Routers 2021-11-03 2022-05-03 Triage →
CVE-2020-5135 SonicWall SonicOS 2022-03-15 2022-04-05 Triage →
CVE-2018-6789 Exim Exim 2021-11-03 2022-05-03 Ransomware Triage →
CVE-2019-0193 Apache Solr 2021-12-10 2022-06-10 Triage →
CVE-2019-1253 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2010-1871 Red Hat JBoss Seam 2 2021-12-10 2022-06-10 Triage →
CVE-2021-35464 ForgeRock Access Management (AM) 2021-11-03 2021-11-17 Ransomware Triage →
CVE-2019-1132 Microsoft Win32k 2022-03-15 2022-04-05 Triage →
CVE-2019-1315 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2017-12149 Red Hat JBoss Application Server 2021-12-10 2022-06-10 Ransomware Triage →
CVE-2021-22986 F5 BIG-IP and BIG-IQ Centralized Management 2021-11-03 2021-11-17 Ransomware Triage →
CVE-2020-12812 Fortinet FortiOS 2021-11-03 2022-05-03 Ransomware Triage →
CVE-2019-1069 Microsoft Task Scheduler 2022-03-15 2022-04-05 Ransomware Triage →
CVE-2019-10758 MongoDB mongo-express 2021-12-10 2022-06-10 Triage →
CVE-2020-8655 EyesOfNetwork EyesOfNetwork 2021-11-03 2022-05-03 Triage →
CVE-2017-17562 Embedthis GoAhead 2021-12-10 2022-06-10 Triage →
CVE-2020-5902 F5 BIG-IP 2021-11-03 2022-05-03 Ransomware Triage →
CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus (SDP) 2021-12-01 2021-12-15 Triage →
CVE-2020-16017 Google Chrome 2021-11-03 2022-05-03 Triage →
CVE-2017-0101 Microsoft Windows 2022-03-15 2022-04-05 Ransomware Triage →
← Prev Page 28 of 33 · 1631 entries Next →

ReferenceWhat is the CISA KEV catalog?

The Known Exploited Vulnerabilities (KEV) catalog is a CISA-maintained list of CVEs confirmed to be actively exploited in the wild. It is the authoritative answer to "is this vulnerability really being used by attackers?" Unlike EPSS (which is a probability), KEV is a binary, evidence-based signal — if a CVE is on the KEV list, it has been observed in real attacks.

For US federal agencies, BOD 22-01 makes remediation of KEV CVEs mandatory by the listed due date. For everyone else, KEV is the strongest possible "patch this now" signal you can get from public threat intel.

When to useWhen should I use KEV?

Patch prioritization

KEV is your strict "patch this immediately" tier. Anything in KEV outranks any EPSS or CVSS calculation in priority.

Compliance reporting

Federal agencies and federal contractors must show KEV remediation against BOD 22-01. KEV exposure is increasingly a question on cyber-insurance applications and audit checklists.

Tabletop exercises

Run "what if a KEV CVE matched our asset inventory tomorrow?" — most SOCs have never tested that pipeline end-to-end.

Threat-intel feeds

Pipe KEV diffs into your SIEM as a high-priority detection input. Anything new in KEV today should map to your environment within 24 hours.

ComparisonKEV vs EPSS vs CVSS — how do they fit together?

SignalWhat it answersUse
CVSSHow bad is this vulnerability if it is exploited?Severity (theoretical)
EPSSHow likely is this vulnerability to be exploited in the next 30 days?Probability (forecast)
KEVIs this vulnerability already being exploited, with public evidence?Binary (confirmed)

The right priority order, in plain English: anything in KEV is patched first. Among non-KEV items, sort by EPSS percentile descending. Use CVSS as a tiebreaker.

API

Want this in your SOAR or SIEM?

SARA Open ships an OpenAI-compatible API. Call POST /api/v1/analyze — SARA returns EPSS, CVSS, KEV status, and an analyst-grade written summary in one call.

curl -X POST https://sara-open.sirp.io/api/v1/analyze \
  -H "Authorization: Bearer $SARA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type": "cve", "value": "CVE-2021-44228"}'
Read the API reference →

FAQFrequently asked questions

How often does CISA update the KEV catalog?
Whenever new exploitation evidence is confirmed — typically several updates per month, sometimes multiple in a week. This browser refreshes from CISA daily and reflects the most recent ingest.
Is the KEV catalog mandatory for non-federal organizations?
No, but it is widely treated as the de-facto standard for must-patch prioritization, and is increasingly cited by cyber-insurers, auditors, and regulators.
What does ransomware use mean in the KEV catalog?
CISA flags CVEs known to have been exploited in ransomware campaigns. This is the highest-urgency tier for many SOCs and a frequent input to ransomware tabletop exercises.
Can I bulk-export the KEV catalog?
Yes. CISA publishes the full catalog as JSON and CSV directly. SARA's API additionally returns SARA's analyst-written summary alongside each row — useful for triage queues.
Does this browser show every KEV CVE, or just popular ones?
Every entry in the catalog. The full list is searchable here.
What is BOD 22-01?
Binding Operational Directive 22-01, issued by CISA, requires US federal civilian executive-branch agencies to remediate vulnerabilities in the KEV catalog by the listed due date. Most non-federal organizations adopt similar SLAs informally.

Browse related toolsKeep exploring

Looking for more?

Ask SARA — our AI security analyst — for full CVE context, exploit chains, and detection rules.

Try SARA