KEV Catalog
The Known Exploited Vulnerabilities (KEV) catalog tracks CVEs with confirmed active exploitation in the wild. BreachSpider polls the catalog every 15 minutes and enriches every entry with SAGE analysis, BCS scoring, and asset matching.
Endpoint
GET /api/v1/cves/kev
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
| page | integer | 1 | Page number |
| limit | integer | 20 | Results per page (max 100) |
Example
curl -H "Authorization: Bearer bs_live_..." \
"https://breachspider.com/api/v1/cves/kev?limit=50"
Response
{
"api": { "version": "1.0.0", "request_id": "bs-req-...", "processing_ms": 38 },
"data": [
{
"cve_id": "CVE-2025-32433",
"severity": "CRITICAL",
"cvss_score": 10.0,
"kev_flagged": true,
"exploit_maturity": "POC",
"primary_vendor": "Erlang",
"published_at": "2025-04-16T22:15:14Z"
}
],
"pagination": {
"total": 1613,
"page": 1,
"per_page": 50,
"pages": 33,
"has_next": true,
"has_prev": false,
"count": 50
},
"filters_applied": {
"kev_only": true,
"source": "KEV"
},
"meta": {
"kev_program_launched": "2021-11-03",
"source": "Known Exploited Vulnerabilities Catalog",
"catalog_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"corpus_size": 1613
}
}
About the KEV Catalog
The KEV catalog launched in November 2021. Federal agencies under its authority are required to remediate KEV entries within mandated timeframes (typically 14 days for internet-facing systems, 60 days otherwise).
BreachSpider treats any CVE in the KEV catalog as exploit_maturity: WEAPONIZED regardless of other exploitation signals, since the KEV catalog confirms active exploitation before adding entries.
Filtering KEV by CVSS
To find only critical-severity KEV entries, use the main CVEs endpoint with both filters:
curl -H "Authorization: Bearer bs_live_..." \
"https://breachspider.com/api/v1/cves?kev=true&severity=CRITICAL"