Exploitability

Get EPSS (Exploit Prediction Scoring System) scores and CISA KEV (Known Exploited Vulnerabilities) data for tracked CVEs.

Endpoint

GET /api/v1/exploitability

Response

json

{
  "success": true,
  "data": {
    "epss": {
      "scores": {
        "CVE-2024-1234": {
          "epss": 0.42,
          "percentile": 0.97
        }
      },
      "lastUpdated": "2026-02-10T12:00:00.000Z",
      "totalCVEs": 150,
      "enrichedCount": 120,
      "highRiskCount": 15
    },
    "kev": {
      "kevMap": {
        "CVE-2024-1234": {
          "vendorProject": "openssl",
          "product": "OpenSSL",
          "dateAdded": "2024-03-15",
          "dueDate": "2024-04-05",
          "knownRansomwareCampaignUse": "Unknown"
        }
      },
      "catalogVersion": "2026.02.10",
      "dateReleased": "2026-02-10",
      "totalEntries": 1200,
      "matchingTracked": 5,
      "lastUpdated": "2026-02-10T12:00:00.000Z"
    }
  },
  "timestamp": "2026-02-10T12:00:00.000Z"
}

Response Fields

EPSS Object

Field	Type	Description
`scores`	object	Map of CVE ID to EPSS score and percentile
`lastUpdated`	string	When EPSS data was last refreshed
`totalCVEs`	number	Total tracked CVEs
`enrichedCount`	number	CVEs with EPSS data
`highRiskCount`	number	CVEs with EPSS > 0.5 (high exploitability)

KEV Object

Field	Type	Description
`kevMap`	object	Map of CVE ID to CISA KEV entry
`catalogVersion`	string	CISA KEV catalog version
`totalEntries`	number	Total entries in KEV catalog
`matchingTracked`	number	How many tracked CVEs appear in KEV
`lastUpdated`	string	When KEV data was last refreshed

Example

bash

curl https://api.vulnpatch.dev/api/v1/exploitability

Code Examples

JavaScriptPython

javascript

async function getExploitability() {
  const response = await fetch('https://api.vulnpatch.dev/api/v1/exploitability');
  const { data } = await response.json();

  // High-risk CVEs by EPSS
  const highRisk = Object.entries(data.epss.scores)
    .filter(([, s]) => s.epss >= 0.5)
    .sort((a, b) => b[1].epss - a[1].epss);

  console.log(`High risk CVEs: ${highRisk.length}`);
  console.log(`In CISA KEV: ${data.kev.matchingTracked}`);
}

python

import requests

response = requests.get("https://api.vulnpatch.dev/api/v1/exploitability")
data = response.json()["data"]

# High-risk CVEs
high_risk = {cve: s for cve, s in data["epss"]["scores"].items() if s["epss"] >= 0.5}
print(f"High risk: {len(high_risk)}")
print(f"In CISA KEV: {data['kev']['matchingTracked']}")

Per-CVE Exploitability

EPSS and KEV data is also returned inline on individual CVE lookups via GET /api/v1/cve/:id. The response includes data.epss and data.kev fields when available, so you don't need to call this bulk endpoint for single-CVE lookups.

bash

# Get EPSS + KEV inline with CVE data
curl -s "https://api.vulnpatch.dev/api/v1/cve/CVE-2024-3094" | jq '{epss: .data.epss, kev: .data.kev}'

Use Cases

Prioritization: Rank CVEs by real-world exploitability (EPSS) rather than just CVSS
Compliance: Identify CVEs in CISA KEV that require mandatory remediation
Risk assessment: Combine EPSS with severity for a more complete risk picture

GET /api/v1/cve/:id - Single CVE lookup (includes inline EPSS + KEV)
GET /api/v1/fix-etas - Predicted fix timelines
GET /api/v1/rebuild-impact - Rebuild blast radius
GET /api/v1/analytics - CVE analytics aggregates

Exploitability ​

Endpoint ​

Response ​

Response Fields ​

EPSS Object ​

KEV Object ​

Example ​

Code Examples ​

Per-CVE Exploitability ​

Use Cases ​

Related Endpoints ​