CVE exploit priority (KEV + EPSS + CVSS) API

Returns an actionable patch-priority bucket (P0-P4) with rationale for a CVE by joining CISA KEV (active exploitation), FIRST EPSS (30-day exploit probability), and CVSS base score — the join no single source gives you. Answers 'should I patch this CVE now', 'is this CVE actively exploited', 'exploit probability of CVE-2021-44228', 'patch priority for a CVE'.

Price$0.01per request

MethodPOST

Route/v1/security/exploit-priority

StatusLive

MIME typeapplication/json

Rate limit60/minute

Cache3600s public

securitycvekevepsscvssvulnerabilityexploitpriority

API URLhttps://x402.hexl.dev/v1/security/exploit-priority

Integration docs

Example request

{
  "cve": "CVE-2021-44228"
}

Example response

{
  "cve": "CVE-2021-44228",
  "priority": "P0",
  "action": "Patch immediately — actively exploited.",
  "rationale": [
    "Listed in CISA KEV — actively exploited in the wild.",
    "Known use in ransomware campaigns."
  ],
  "activelyExploited": true,
  "ransomwareLinked": true,
  "kev": {
    "dateAdded": "2021-12-10",
    "vendor": "Apache",
    "product": "Log4j",
    "name": "Apache Log4j2 Remote Code Execution Vulnerability"
  },
  "epss": 0.97448,
  "epssPercentile": 0.99987,
  "cvss": 10,
  "cvssSeverity": "CRITICAL"
}

Input schema

{
  "type": "object",
  "required": [
    "cve"
  ],
  "properties": {
    "cve": {
      "type": "string",
      "examples": [
        "CVE-2021-44228"
      ]
    }
  }
}

Output schema

{
  "type": "object",
  "additionalProperties": true
}