Production Security Feeds

Vulnerability intelligence that updates itself

Three production feeds covering the full vulnerability lifecycle — exploited, disclosed, and predicted. 24h scheduled updates. Structured JSON. Zero maintenance.

Get the FeedsView on GitHub
18,345
Total Records
Across 3 feeds
24h
Update Frequency
All feeds daily
100%
Success Rate
Zero errors
The three-layer model

From exploited to predicted

No single database covers all three dimensions. Purify normalizes them into a unified record contract.

Exploited
CISA KEV
What is being attacked right now?
1,592
records
Disclosed
GitHub Advisories
What has been reported?
30
records
Predicted
EPSS High-Risk CVE
What is most likely to be attacked next?
16,723
records
Feed Details

What's in each feed

All fields, full provenance, daily updates. Ready to ingest.

CISA KEV

CISA JSON1,592 records

Every CVE known to be actively exploited in the wild. CISA mandates federal agencies patch these within deadlines. The definitive ground-truth for vulnerability prioritization.

cve_idvendor_projectproductvulnerability_namedate_addeddue_dateknown_ransomwarenotes

GitHub Advisories

GitHub Advisory DB30 records

Curated security advisories from the GitHub Advisory Database. Covers CVEs and GHSAs across the open-source ecosystem with severity scoring.

ghsa_idcve_idsummaryseveritypublished_atupdated_atpermalink

EPSS High-Risk CVE

FIRST EPSS CSV16,723 records

Daily EPSS scores from FIRST.org filtered to top 5% (percentile ≥ 0.95). ~250K CVEs reduced to ~16,700 high-risk. Machine learning model predicts exploitation probability in the next 30 days.

cve_idepsspercentilerisk_bandsource
Use Cases

From data to decisions

Integrate structured vulnerability intelligence into your security stack.

Vulnerability Prioritization

Focus on the CVEs that matter. Cross-reference KEV (must-patch) with EPSS (likely-attacked) to maximize remediation ROI.

Threat Intelligence

Feed structured vulnerability data into your SIEM, SOAR, or threat intel platform. Automate detection and response workflows.

Compliance & Audit

Track CISA KEV deadlines and demonstrate vulnerability management coverage. Stay ahead of regulatory requirements.

Quick Start

Consume in two curl commands

Poll for changes, cross-reference with EPSS. No crawler knowledge needed.

# Poll for new KEV entries since last checkcurl -s "https://purify.verifly.pro/api/dataos/records?spec_id=8f52314e-...&has_changed_since=2026-05-21T07:00:00Z" \  | python3 -c "import sys, jsondata = json.load(sys.stdin)for r in data['records']:    print(f"{r['cve_id']} | {r['vulnerability_name']} | due: {r.get('due_date','N/A')}")" # Cross-reference with EPSS predictionscurl -s "https://purify.verifly.pro/api/dataos/records?spec_id=6cde9a9b-..." \  | python3 -c "import sys, jsondata = json.load(sys.stdin)high_risk = [r for r in data['records'] if float(r['epss']) > 0.1]print(f'{len(high_risk)} CVEs with EPSS > 0.1 (top 2%)')"
Platform

Why use Purify for security data

Stop maintaining brittle scraping scripts. Get structured data on a schedule.

Three-Layer Coverage

Exploited (KEV) + Disclosed (GHSA) + Predicted (EPSS). No single vulnerability database provides all three dimensions.

24h Refresh

All three feeds update on a 24-hour schedule. EPSS scores recalculate daily — you always have the latest predictions.

Unified Schema

Each feed has a consistent JSON schema with full `_purify` provenance — extractor, run_id, source_url, fetched_at.

Change Detection

Poll `has_changed_since` to detect new/updated records. Stop scraping raw sources — just check if the artifact hash changed.

Production Proven

8 production feeds, 19+ days continuous runtime, 100% scheduled run success rate, zero error codes.

Consumer API

Cursor/offset pagination, JSONL export, webhook delivery. Integrate with any SIEM, SOAR, or internal tooling.

Get the security feeds

Three feeds, one endpoint, zero maintenance. Free tier available.

Get StartedContact Us