Open data
The CSIRTS.com database as downloadable files — free, no key, no rate games. Rebuilt from the live tables at most every 6 hours. Licensed CC BY 4.0: use it in research, dashboards or products, with a link back to csirts.com.
Exploitation dataset — 1,713 CVEs
Every CVE that is in the CISA KEV catalog (exploited in the wild) and/or has public exploit code in Exploit-DB, Metasploit, Nuclei templates or PoC-in-GitHub. This is the machine-readable form of the live Exploitation Gap report — filter has_exploit=true + kev=false to reproduce the gap list.
- cve
- CVE identifier
- severity
- critical / high / medium / low / unknown (from NVD CVSS)
- cvss
- CVSS base score, when scored
- kev
- true = in the CISA KEV catalog (exploited in the wild)
- kev_date
- date the CVE was added to KEV
- has_exploit
- true = public exploit or PoC code exists
- exploit_sources
- which datasets reference it: exploitdb, metasploit, nuclei, poc-github
- published_at / modified_at
- CVE record timestamps
- csirts_url
- consolidated CVE page on CSIRTS.com
Advisory index — 4,840 advisories
Every durable advisory we aggregate from national CERTs, CERT-EU and vendor PSIRTs (24 sources), one row per advisory. The NVD/GHSA firehose mirrors are excluded — this is the curated stream, including advisories machine-translated from German, French and Dutch that have no other English index.
- num
- stable CSIRTS advisory number
- source_id
- publishing feed (see /sources for ids)
- external_id
- the publisher’s own advisory id, when present
- title
- advisory title (machine-translated to English where needed)
- severity / cvss
- normalized severity and CVSS score
- cves
- CVE ids referenced by the advisory (| separated in CSV)
- exploited
- true = references a CISA-KEV CVE
- has_exploit
- true = references a CVE with public exploit code
- published_at
- publication timestamp
- link / csirts_url
- original advisory and the CSIRTS page
Format, cadence & license
JSON files carry a metadata envelope (dataset, license, generated_at, count, rows); CSV files are plain tables with a header row, arrays joined with |. Files regenerate from the live database at most every 6 hours; the database itself syncs all 24 sources every 3 hours. For queries instead of downloads, use the JSON API, OpenAPI spec or MCP server.
License: Creative Commons Attribution 4.0. Suggested citation: CSIRTS.com Open Data, https://www.csirts.com/data (retrieved YYYY-MM-DD). Advisory texts remain the property of their publishing organizations.