CVE Lookup

About the free CVE lookup

The free CVE lookup is a searchable catalog of 362,516 CVEs, including 1,630 actively exploited on the CISA KEV list, each with its severity, exploit-prediction, and the fix to apply. This page explains what the tool does, the terms it uses, exactly where its data comes from, and how each source is licensed.

Understanding CVEs, CVSS, EPSS, and KEV

What is a CVE?
A CVE (Common Vulnerabilities and Exposures) is a unique identifier for a publicly disclosed security vulnerability, in the form CVE-YYYY-NNNN. Each CVE record describes the flaw, the affected software, and references to advisories and fixes.
What is CVSS severity?
The Common Vulnerability Scoring System (CVSS) rates how severe a vulnerability is on a 0 to 10 scale, mapped to Low, Medium, High, and Critical. The score is derived from a vector describing how the flaw can be exploited and its impact.
What is an EPSS score?
The Exploit Prediction Scoring System (EPSS), published by FIRST.org, estimates the probability that a CVE will be exploited in the next 30 days. A high EPSS percentile means a vulnerability is far more likely to be attacked than most others.
What is the CISA KEV catalog?
The CISA Known Exploited Vulnerabilities (KEV) catalog lists CVEs that are confirmed to be actively exploited in the wild. KEV entries include a remediation due date and flag vulnerabilities tied to known ransomware campaigns.

How to use the lookup

Type a CVE ID such as CVE-2021-44228 into the search box to jump straight to its record, or use the filters to browse by severity, EPSS, CISA KEV status, weakness type, or year. Sort by EPSS to see the vulnerabilities most likely to be exploited, or filter to KEV to focus on what is already being attacked. Every CVE page shows its CVSS score and vector, EPSS probability and percentile, CISA KEV remediation timeline, CWE weakness types, references grouped by type, and the remediation (the exact fixed versions to upgrade to).

Need to find and fix these vulnerabilities across your own fleet? TridentStack Control continuously scans Windows, macOS, and Linux endpoints for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Every actively-exploited vulnerability has an actionable next step

Most CVE tools stop at a score. This one tells you what to do about it. For every vulnerability on the CISA Known Exploited Vulnerabilities list, we show either a sourced fix or the official CISA remediation action and deadline.

127,230
CVEs with a direct, sourced fix linked to its advisory
100%
of the 1,630 actively-exploited (KEV) CVEs have actionable guidance
12
independent data sources across every major platform

Sourced remediation by platform

NVD (derived)102,856 CVEs
Debian52,331 CVEs
Ubuntu21,397 CVEs
Applications12,064 CVEs
Red Hat8,057 CVEs
Windows & Microsoft4,423 CVEs
Apple242 CVEs

These cover roughly 35.1% of the 362,516 CVEs ever published. The published CVE corpus spans more than 25 years; the majority are research-disclosed, low-severity, superseded, or affect software that never had a tracked fixed version. Our coverage concentrates on the vulnerabilities that are actually actionable today, and it grows every day as new advisories land.

Data sources and licenses

We combine public-domain government data, openly-licensed advisory databases, and factual vendor records. Each source below links to its origin. Where a source requires attribution, this page provides it.

National Vulnerability Database (NVD)

CVE records, CVSS severity scores, and product (CPE) data, including the affected-version ranges some fixes are derived from.

U.S. Government work, public domain
CISA Known Exploited Vulnerabilities (KEV)

Actively-exploited status, the required remediation action, and the federal due date.

Public domain (CC0)
FIRST.org EPSS

Exploit-prediction scores (the probability a CVE is exploited in the next 30 days).

CC BY 4.0
GitHub Advisory Database

Fixed versions for open-source software packages.

CC BY 4.0
Google OSV

Fixed versions across open-source language ecosystems and Linux distributions.

CC BY 4.0
Red Hat Security Data

Will-not-fix decisions and recommended mitigations for Red Hat products.

CC BY 4.0
Ubuntu Security Notices

Fixed package versions for Ubuntu releases.

CC BY-SA 4.0 (share-alike)
Debian Security Tracker

Fixed package versions for Debian releases.

Open data (factual records)
Microsoft Security Updates

Security updates (KBs) for Windows and core Microsoft products.

Factual records, linked to Microsoft
Apple Security Releases

Fixed versions for macOS, iOS, iPadOS, and other Apple platforms.

Factual records, linked to Apple
Application package catalog

Fixed versions for third-party desktop applications.

Open package metadata
endoflife.date

Product end-of-life and extended-security-maintenance dates.

MIT

Sources marked CC BY are reproduced under the Creative Commons Attribution license with the attribution above. Ubuntu Security Notices are licensed CC BY-SA (share-alike) and are kept as discrete, individually-attributed records. Vendor records (Microsoft, Apple, and application catalogs) are presented as factual fixed-version data linked back to the vendor; we do not reproduce their advisory text.

How we build remediation

We ingest official vendor and distribution security advisories on a continuous schedule, normalize them into a single model, and link every fix back to the advisory it came from. A CVE can carry fixes from several sources at once: an open-source package version, a Linux distribution package, a Windows update, and an Apple platform release.

We never invent a fix. When no published remediation has been found for a vulnerability, the tool says so plainly instead of guessing. Where a fix is inferred from NVD's published affected-version data rather than a vendor advisory, it is clearly marked as derived. For actively-exploited vulnerabilities that have no vendor fix yet, it surfaces the official CISA required action and deadline so you still have a next step.

Vulnerability and exploit data refreshes throughout the day; remediation data refreshes daily. The same data that powers this free tool powers TridentStack Control, where it drives automated patching, vulnerability detection, and compliance across your fleet.