● Free embeds · auto-updating
CVE status badges
A live shield for any CVE: severity, public-exploit availability and CISA KEV membership, straight from the CSIRTS.com database. Embed it in a PoC repository, a security advisory, a ticket or a wiki — when the status changes (a KEV addition, new exploit code), the badge changes with it. No key, no signup, no rate limits for reasonable use.
Live examples
CVE-2024-3400 — in CISA KEV — actively exploited
CVE-2021-44228 — Log4Shell — KEV, public exploits
Markdown (GitHub README)
[](https://www.csirts.com/cve/CVE-2024-3400)HTML
<a href="https://www.csirts.com/cve/CVE-2024-3400">
<img src="https://www.csirts.com/badge/CVE-2024-3400" alt="CVE-2024-3400 live status" height="20">
</a>States
KEV · exploited (red) — in the CISA Known Exploited Vulnerabilities catalog. exploit public (orange) — public exploit code exists (Metasploit, Exploit-DB, Nuclei, PoC-in-GitHub) but no KEV entry yet. Otherwise the badge shows severity · CVSS. Badges cache for a few hours; every badge links to the full cross-source CVE record.
Why embed one?
If you publish a PoC, a detection rule or an advisory write-up, the exploitation status of the CVE keeps evolving after you hit publish. A live badge keeps your README honest without edits — and gives your readers one click to the current severity, KEV status and every CERT advisory covering it.