CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

About CSIRTS.com

One feed instead of twenty-one tabs — what this service is, why it exists, and how to plug it into your tooling.

What this is

CSIRTS.com (“Security Advisory Fusion”) aggregates official security advisories from national CERTs, EU institutions, vendor PSIRTs and vulnerability databases into a single normalized, deduplicated, English-language feed. Incident responders shouldn’t have to poll twenty-one portals across three continents before their first coffee — and with CSIRTS.com, they don’t.

Why defenders use it instead of raw NVD

NVD tells you a CVE exists. CSIRTS.com tells you who is warning about it — which national CERTs, which vendors — and whether it is being exploited right now. When CISA, CERT-EU and Cisco all publish about the same vulnerability within hours, that convergence is the strongest prioritization signal a SOC can get, and it is exactly what this site surfaces on every advisory and CVE page.

From the founder

CSIRTS.com came out of a routine I knew too well from day-to-day threat intelligence work: every morning, a dozen browser tabs — CISA, CERT-EU, the national CERTs, vendor PSIRTs — each with its own format, its own language, its own way of saying “patch this now”. The signal was always there; it was just fragmented, and assembling an operational picture took more time than it should have.

I built CSIRTS.com as the tool I wanted to use myself: one place where official advisories are already normalized, translated and cross-referenced against real-world exploitation — not just collected. It is designed as an operational layer for defenders: less noise, faster prioritization, and clarity about what the authorities are actually telling you to fix first.

Antonio Radu
Founder & Intelligence Analyst, IntelFusions
antonio@csirts.com

The IntelFusions network

CSIRTS.com is part of IntelFusions, a cyber threat intelligence and AI security research platform. Where CSIRTS.com unifies official security advisories, IntelFusions connects the wider threat landscape into one continuously updated knowledge graph: a database of 470+ tracked threat actors — from nation-state APTs to ransomware crews — linked to their techniques, malware families, detection rules mapped to MITRE ATT&CK, and live incident tracking, alongside dedicated AI security research. Together they form one workflow: CSIRTS.com tells you what to patch and what is exploited; IntelFusions tells you who is behind the activity and how to detect them. If you work in threat intelligence, detection engineering or incident response, IntelFusions is the natural next tab.

JSON API

Free, no key, CORS enabled. Responses are cached for 5 minutes.

GET https://www.csirts.com/api/advisories

Parameters (all optional):
  q=ivanti            full-text search in titles
  source=cert-eu      source id (see /sources)
  severity=critical   critical | high | medium | low | unknown
  cve=CVE-2026-1234   advisories referencing a CVE
  exploited=1         only CISA-KEV-listed (actively exploited)
  since=2026-06-01    published on/after date
  page=1              50 results per page

Example — critical advisories under active exploitation: /api/advisories?severity=critical&exploited=1

Machine-readable contract: /api/openapi.json (OpenAPI 3.1) — point your client generator or AI agent at it.

MCP server (for AI agents)

CSIRTS.com is also a remote Model Context Protocol server. Connect Claude, ChatGPT or any MCP client to https://www.csirts.com/api/mcp (streamable HTTP, no auth) and your agent gets four tools: search_advisories, get_cve, latest_exploited and daily_briefing. In Claude Code: claude mcp add --transport http csirts https://www.csirts.com/api/mcp.

A machine-readable overview of the whole site — every page type, API endpoint and feed, with usage hints for LLMs — lives at /llms.txt.

RSS & Atom

Subscribe to /rss for curated advisories, or filter: /rss?severity=critical, /rss?exploited=1, /rss?source=cisa, per-product /rss?product=<slug>. Add format=atom for Atom 1.0. The full directory of feeds lives at /feeds.

Frequently asked questions

What is CSIRTS.com?

CSIRTS.com ("Security Advisory Fusion") is a free service that aggregates official security advisories from 24 authoritative sources — CISA, the CISA KEV catalog, CERT-EU, NCSC-UK, CERT-Bund (BSI), CERT-FR, NCSC-NL, JPCERT/CC and JVN (Japan), HKCERT (Hong Kong), the Canadian Centre for Cyber Security, NVD, GitHub Security Advisories, and the Microsoft, Cisco, Fortinet, Palo Alto Networks, GitLab, Jenkins, Drupal, Ubuntu, Debian and AWS security teams — into one normalized, deduplicated, English-language feed with a web UI, JSON API and RSS.

How is CSIRTS.com different from NVD?

NVD is a database of raw CVE records, with no operational guidance and a well-known analysis backlog. CSIRTS.com aggregates what security authorities are actively warning about: national CERT advisories, vendor PSIRT bulletins and the CISA Known Exploited Vulnerabilities catalog, cross-referenced so you can see every source covering the same CVE and whether it is being exploited in the wild.

How often is the data updated?

The ingestion pipeline runs every 3 hours, fully automatically. Every source has health monitoring visible on the Sources page.

What does the "known exploited" flag mean?

An advisory is flagged as known exploited when at least one of its CVEs appears in the CISA Known Exploited Vulnerabilities (KEV) catalog, meaning exploitation has been observed in the wild. US federal agencies are required to remediate KEV-listed vulnerabilities under Binding Operational Directive 22-01.

Is the API free?

Yes. The JSON API and RSS feeds are free, require no API key, and support filtering by keyword, source, severity, CVE ID, exploitation status and date.

Who is behind CSIRTS.com?

CSIRTS.com is built and operated by IntelFusions (intelfusions.com), a cyber threat intelligence and AI security research platform tracking 470+ threat actors, malware families, detection rules and live incidents. CSIRTS.com is the advisory layer of that ecosystem.

Attribution & disclaimer

All advisory content belongs to the respective publishing organizations. CSIRTS.com is an aggregation layer: always verify against the linked original advisory before acting. Machine translations are provided for convenience and may contain errors.