CyberAlerts Known Exploited Vulnerabilities (KEV)

Important Note! A few hours after writing this blog post, CISA added CVE-2024-53150 and CVE-2024-53197 to their KEV.

Since November 3rd, 2021, Cybersecurity and Infrastructure Security Agency (CISA) have published a public list of Known Exploited Vulnerabilities (KEV). Over that time, at the time of writing (April 9th 2025), they have published details on 1317 vulnerabilities that have been seen exploited in the wild.

The CISA KEV is an invaluable resources for defenders. It helps defenders prioritise the very worst vulnerabilities and to ensure they are protected against them.

Since CyberAlerts launched earlier this year, we have found that we are also able to accurately determine if a vulnerability is exploited in the wild. And some of these vulnerabilities are not being included in the CISA KEV.

Find the CyberAlerts Known Exploited Vulnerabilities (KEV) here: https://cyberalerts.io/kev

We absolutely also use the CISA KEV to determine if a vulnerability is exploited in the wild. The value given by CISA KEV to us and the security community can not be overstated. But we also use other data sources and methods to in addition to CISA KEV.

For the data that we collect for our alerting service, we collect a lot of "chatter" from many cyber security related sources. And using that data has proved valuable in accurately determining if a vulnerability is exploited in the wild.

CyberAlerts KEV Vs CISA KEV

Since our data collection started on November 27th, 2024, up until today, April 9th, 2025, we have marked 71 vulnerabilities in our database as exploited in the wild.

Important Note! We are currently only interested in new data, and not historical data. Although, we might change our stance on this in the future, if there is demand from our paid customers. As we only started collecting CVE, and other data, on November 27th, 2024, any vulnerabilities marked as exploited in the wild with a CVE number older than our launch date, are not included in our database.

Out of the 71 vulnerabilities in our database that we have marked as exploited in the wild since we started collecting data (about 4 months ago), 6 of those vulnerabilities are not listed in the CISA KEV (see note below).

Our full KEV dataset from today (April 9th, 2025 10:00 GMT+2) can bee found here: https://cyberalerts-public.s3.eu-north-1.amazonaws.com/ca_kev.csv

Conclusions

CISA KEV includes more vulnerabilities than CyberAlerts KEV, no doubt, due to the fact that they also include historical data. Whereas the CyberAlerts KEV has only been collecting data since Novermber 27th, 2024.

However, the CyberAlerts KEV includes 6 vulnerabilities that are not in the CISA KEV. This is just within an around 4 month period. If things continue on the same trajectory, we could expect to have 12 or more vulnerabilities in our database that are not include in CISA KEV by the end of the year.

We published the CyberAlerts KEV publicly yesterday, here, and are not sure how we're going to make it further accessible going forwards. CISA KEV offers CSV and JSON download formats of their data. We may offer the same, or something different. We're still undecided and will gauge the communities and our customers feedback.

There's also lots more we could do with the data that we collect. And are looking for early seed investors to help take CyberAlerts to the next level. 🚀