CISA Brings KEV Data to GitHub

The Cybersecurity and Infrastructure Security Agency (CISA) just made a major move to improve access and usability for its Known Exploited Vulnerabilities (KEV) catalog. Announced by Tod Beardsley on LinkedIn, CISA has launched a new kev-data repository on GitHub, allowing developers, researchers, and cybersecurity enthusiasts to access KEV data in JSON and CSV formats under a CC0 license.

Easier Access and Integration via GitHub#

CISA’s KEV catalog, historically hosted on cisa.gov/kev, is now mirrored on GitHub, making it easier for developers and security teams to work with the data.

GitHub offers a robust API for querying and downloading datasets, making it a preferred platform for automation, integrations, and security research. Many projects that rely on vulnerability data—including those built and maintained on GitHub—can now pull KEV data more seamlessly, avoiding potential challenges associated with accessing government-hosted datasets directly.

Additionally, for users in regions where government websites may be restricted or unreliable, GitHub’s global infrastructure ensures broader and more consistent availability of KEV data.

Improved Update Frequency and Synchronization#

The GitHub repository is updated automatically whenever the KEV catalog is updated on CISA’s website. Typically, KEV updates occur on weekdays during U.S. Eastern business hours when new or modified entries are available. Users can expect both sources—cisa.gov/kev and the kev-data repository—to be synchronized within minutes of each other.

The JSON schema defining the data structure will also remain in sync, though updates to the schema itself are expected to be infrequent, likely only a few times per year.

It’s important to note that the GitHub repository is a read-only mirror for KEV data; additions or removals are still managed solely by CISA under the guidelines of BOD 22-01.

Commit History for Transparency and Change Tracking#

One of the most requested features—commit history—is now available through GitHub. The KEV catalog itself does not include built-in revision history, making it difficult to track when specific vulnerabilities were added or modified. With GitHub, every update to the KEV catalog now has a corresponding commit, allowing users to track changes over time in a structured and accessible way.

This approach aligns KEV with other major vulnerability tracking projects, such as the CVE List and Vulnrichment, which also rely on public logging and issue tracking for greater transparency. With the official kev-data repository, users can also be confident they’re getting an unaltered, authoritative mirror straight from CISA.

“I know other people mirror KEV for their projects, but who can say if they're fiddling with it along the way?” Beardsley said on Mastodon. “With https:// github.com/cisagov/kev-data, you can rest assured that it's the Real and True mirror of KEV. cisa.gov/kev is still the actual authoritative source, but this GitHub mirror is a pretty close second.”

Fueling Security Research and Automation#

By providing KEV data in a machine-readable format on a developer-friendly platform, CISA is enabling new possibilities for security research and automation. This update makes it easier for organizations to:

• Integrate KEV data into security tooling and dashboards
• Automate vulnerability tracking for asset management
• Conduct historical analysis on known exploited vulnerabilities
• Build custom alerting systems based on KEV updates

While CISA maintains authoritative control over KEV data, this new format empowers users to explore, analyze, and leverage the information in innovative ways.

What This Means for Security Practitioners#

While cisa.gov/kev remains the official source for KEV data, this GitHub mirror adds flexibility for those looking to build on top of it. Whether you're automating vulnerability tracking, conducting research, or building custom dashboards, the GitHub repo makes it easier to bring KEV data into your workflow. KEV-driven analysis is now just a git clone away.

This move reflects CISA's commitment to openness and transparency in cybersecurity. As Tod Beardsley put it, this initiative brings "warm nerd fuzzies" to the community while enhancing the utility and reach of the KEV catalog.