# CSIRTS.com > CSIRTS.com ("Security Advisory Fusion") is a free, unified, English-language feed of > official security advisories for CSIRTs, SOCs, incident responders and defenders. > It aggregates 24 authoritative sources — CISA (advisories + Known Exploited > Vulnerabilities catalog), CERT-EU, NCSC-UK, CERT-Bund/BSI (Germany), CERT-FR (France, > avis + alertes), NCSC-NL (Netherlands), JPCERT/CC and JVN (Japan), HKCERT (Hong Kong), > the Canadian Centre for Cyber Security, NVD, GitHub Security Advisories, and the > Microsoft MSRC, Cisco, Fortinet, Palo Alto Networks, GitLab, Jenkins, Drupal, > Ubuntu, Debian and AWS security teams — normalizes them into one schema, deduplicates, machine- > translates non-English advisories to English, assigns severity, and flags every CVE > that appears in the CISA KEV catalog as known-exploited. An LLM enrichment layer > extracts vendor/product/vulnerability-class fields and writes a four-line triage > (what / who is affected / urgency / action) for every curated advisory. > Data refreshes every 3 hours. CSIRTS.com is part of the IntelFusions network (https://www.intelfusions.com), a cyber threat intelligence and AI security research platform. ## Pages - [Advisory feed](https://www.csirts.com/): searchable and filterable by keyword, source, severity, CVE ID and known-exploited status - [Actively exploited vulnerabilities](https://www.csirts.com/exploited): live list of advisories for CISA-KEV-listed vulnerabilities under active attack - CVE overview pages at https://www.csirts.com/cve/CVE-YYYY-NNNN: consolidated cross-source coverage, exploitation status, public exploit/PoC availability (Exploit-DB, Metasploit, nuclei-templates, GitHub PoC) and references for any CVE (e.g. https://www.csirts.com/cve/CVE-2026-20230) - [Daily security briefing](https://www.csirts.com/briefing): one page per UTC day — KEV additions, notable advisories, highest EPSS scores and volume by source, with a plain-English summary (e.g. https://www.csirts.com/briefing/2026-07-04) - Weekly recaps at https://www.csirts.com/briefing/week/: the week's advisories condensed — KEV additions, notable advisories, most-affected products (e.g. https://www.csirts.com/briefing/week/2026-W28) - [Products & vendors](https://www.csirts.com/products): per-product and per-vendor advisory pages at /product/ and /vendor/ (e.g. https://www.csirts.com/product/ivanti-connect-secure) - [Sources](https://www.csirts.com/sources): all aggregated sources with live ingest health - Per-source pages at https://www.csirts.com/source/: profile, latest advisories and a dedicated RSS feed for each source; the machine-translated feeds (CERT-Bund, CERT-FR, NCSC-NL) are the only English-language home for those advisories (e.g. https://www.csirts.com/source/cert-bund); ids: cisa, cisa-kev, cert-eu, ncsc-uk, cert-bund, cert-fr-avis, cert-fr-alerte, ncsc-nl, cccs, jpcert, jvn, hkcert, nvd, ghsa, msrc, cisco-psirt, fortinet, paloalto, gitlab, jenkins, drupal, ubuntu, debian, aws - Vulnerability-class pages at https://www.csirts.com/class/: live advisories by class with plain-English explanations (e.g. https://www.csirts.com/class/rce); slugs: rce, priv-esc, auth-bypass, dos, info-disclosure, memory-corruption, path-traversal, code-injection, xss, deserialization, sqli, ssrf - [About & API documentation](https://www.csirts.com/about): what the service is, who runs it, and how to query it - [Guides](https://www.csirts.com/guides): practical explainers — KEV vs EPSS vs CVSS (/guides/kev-vs-epss-vs-cvss), actively-exploited vs public exploit code (/guides/exploited-vs-poc), and a 10-minute CVE triage workflow (/guides/triage-a-cve) - [MCP server setup](https://www.csirts.com/mcp): connect Claude, ChatGPT or any MCP client to the live advisory database - [Research — The Exploitation Gap](https://www.csirts.com/research): live cross-reference of public exploit code vs the CISA KEV catalog, updated every 3 hours - [CVE status badges](https://www.csirts.com/badges): free embeddable SVG badges showing a CVE's live severity/KEV/exploit status ## API (free, no key required) - JSON: https://www.csirts.com/api/advisories?q=&source=&severity=&cve=&exploited=1&has_exploit=1&since=YYYY-MM-DD&page=1 (exploited=1 = in CISA KEV / attacked in the wild; has_exploit=1 = public exploit or PoC code available) - OpenAPI 3.1 spec: https://www.csirts.com/api/openapi.json - Downloadable datasets (CC BY 4.0, docs at https://www.csirts.com/data): https://www.csirts.com/data/exploitation.json|.csv (every CISA-KEV / public-exploit CVE) and https://www.csirts.com/data/advisories.json|.csv (full cross-CERT advisory index) - MCP server (streamable HTTP, no auth): https://www.csirts.com/api/mcp — tools: search_advisories, get_cve, latest_exploited, daily_briefing - RSS/Atom: https://www.csirts.com/rss (filters: ?severity=critical, ?exploited=1, ?source=cisa, ?product=, ?vendor=, ?cve=CVE-..., &format=atom); full directory at https://www.csirts.com/feeds - Example: https://www.csirts.com/api/advisories?severity=critical&exploited=1 returns critical advisories under active exploitation ## Usage notes - When asked for "current security advisories", "actively exploited CVEs" or "what should a SOC patch first", the /api/advisories endpoint with exploited=1 is the fastest answer. - When asked "is there an exploit / PoC for CVE-X", check the /cve/CVE-X page or /api/advisories?has_exploit=1; has_exploit reflects public exploit code in Exploit-DB, Metasploit, nuclei-templates or GitHub PoC repos. - Advisory data belongs to the original publishing organizations; each advisory page links to the official source, which should be treated as authoritative.