cveatlas.io · cve research terminal rev 0.1 · 2026-06-17
/ search >

groups

my views

    mv save · gv jump · dv del

    results ‹ prev next ›

    graphs

    epss × cvss density

    hex-bin of every CVE with both an EPSS score and a CVSS v3 score. kev-flagged bins overlaid as nord11. look for the “paper tigers” (high CVSS, low EPSS) and “sleepers” (low CVSS, high EPSS).

    time to kev

    enrichment rate

    6-month forecast

    vendor concentration

    cwe co-occurrence

    summary

    vendor co-occurrence network

    circle = vendor, sized by matching CVE count. fill = kev share (nord8 cool → nord11 hot). edge = count of CVEs listing both vendors together. filter-aware: pick a group or type a search and the graph follows.

    top vendors

    n = CVEs mentioning the vendor. kev / exp = subset in CISA KEV / Exploit-DB respectively.

    j/k row · h/l page · gt group · gv view · mv/dv save/del · K/X kev/exp · F focus · N network · Y yank csv · i insert · ? help

    keybindings

    j / ↓
    next CVE
    k / ↑
    previous CVE
    gg
    first row on page
    G
    last row on page
    h / ←
    previous page
    l / →
    next page
    gt / gT
    next / previous group
    1gt … 9gt
    jump to N-th group
    gv / gV
    next / previous saved view
    1gv … 9gv
    jump to N-th saved view
    mv
    save current search as a view
    dv
    delete currently-active saved view
    K
    toggle KEV-only filter
    X
    toggle exploit-DB-only filter
    F
    toggle shell ↔ focus
    N
    toggle shell ↔ vendor network
    Y
    yank current view as CSV
    i / /
    focus search (insert mode)
    ?
    this help
    Esc / q
    normal mode (blur search, clear selection)

    search syntax

    source:<name>
    restrict to CVEs covered by a source — nvd, nvidia, redhat, osv
    src:<name>
    alias for source:
    severity:<level>
    critical | high | medium | low (repeat to OR)
    sev:<level>
    alias for severity:
    year:<YYYY>
    match published year; accepts ranges like year:2022-2024
    y:<YYYY>
    alias for year:
    vendor:<slug>
    CPE vendor slug, e.g. vendor:openssl (repeat to OR)
    epss:<n>
    epss threshold — 0<n<1 filters score ≥ n; n≥1 filters percentile ≥ n%
    -term
    exclude rows whose description matches term
    NOT term
    same as -term
    "phrase"
    match the literal phrase
    a OR b
    any of a, b (default is AND across terms)
    a b
    all terms must match (implicit AND)

    data sources

    NVD
    335,555 · 2026-06-17
    Red Hat
    50,179 · 2026-06-17
    OSV.dev
    35,364 · 2026-06-17
    CISA Vulnrichment
    5,817 · 2026-06-17
    NVIDIA PSIRT
    558 · 2026-06-17
    FIRST EPSS
    335,386 · —
    Exploit-DB
    24,867 · —
    CISA KEV
    1,604 · —
    Ubuntu (fix status)
    931,618 · 2026-06-17
    Debian (fix status)
    263,336 · 2026-06-17

    vim-modal — boots in normal mode, keys work immediately; i or / enters the search bar, Esc returns to normal mode

    export
    This product uses the NVD API but is not endorsed or certified by the NVD. · © Zvonko Kaiser · cveatlas.io is licensed under AGPL-3.0 .