CISA KEV · EPSS · OSV

Real-time CVE & exploited-vulnerability API ground-truth for security agents.

What attackers are exploiting right now (CISA KEV + EPSS), whether a package is vulnerable (OSV), and the exact version that fixes it.

The call

Keyless over MCP, or one REST call with a free key. Every datapoint is provenance-stamped and citeable.

# REST (free key)
curl -H "X-API-Key: $KEY" "https://dynamicfeed.ai/exploited-vulnerabilities"

# MCP (keyless) — point any client at https://dynamicfeed.ai/mcp, then call:
exploited_vulnerabilities()  ·  check_vulnerability(package, version)

Sample response

{ "cve": "CVE-2026-1234", "product": "PAN-OS", "kev": true, "epss": 0.94,
  "fixed_version": "11.1.2", "observed_at": "2026-06-02T00:00:00Z" }

Why live data

AI now finds and exploits flaws at superhuman scale — but a defender's model can't know from training data what's being exploited today. This is the live feed of what to patch first, every entry citeable.

Use it for

Ground a security agent in what's actively exploited right now
Answer 'is package@version vulnerable, and what fixes it?'
Prioritise patching by real-world exploitation (EPSS), not CVSS alone

Get a free API key See it live API docs

FAQ

What sources back this?

CISA's Known-Exploited-Vulnerabilities catalog, FIRST's EPSS scores, the GitHub Advisory Database and OSV.dev — all commercially redistributable.

Can I check my own dependencies?

Yes — check_vulnerability takes a package + version and returns whether it's affected and the fixed version.

How fresh is it?

Each record carries an observation timestamp; the KEV/EPSS feeds update daily.

Related live feeds

Software version API MCP server Earthquake API All use cases →