Skip to content
Docs

Introduction

What is CVEFeed.io?

CVEFeed.io is a vulnerability intelligence platform designed to help security teams, DevOps engineers, and IT professionals stay on top of newly published CVEs affecting their software stack. Instead of manually checking vulnerability databases, vendor advisories, and scattered sources across the internet, CVEFeed.io collects, enriches, and delivers vulnerability data directly to you.

Our Goals

  • Make security teams more productive — stop spending time searching for vulnerability information across dozens of sources. CVEFeed.io aggregates everything you need in one place so you can focus on remediation, not research.
  • Help you make better decisions — every CVE is enriched with CVSS scores, EPSS exploit prediction scores, CISA KEV status, CWE classifications, CAPEC attack patterns, and references. You get the full picture without chasing links.
  • Save you from incomplete information — poor information leads to bad decisions, and bad decisions lead to security incidents. If you need 30 minutes per CVE to gather the context you need, you can review maybe 20 CVEs a day — but your stack probably has more than that queued up. CVEFeed.io gives you that context instantly.
  • Provide automation options — scoped API tokens, webhooks, Slack, Microsoft Teams, Jira, and RSS feeds let you integrate vulnerability intelligence into your existing workflows and tooling.

How It Works

CVEFeed.io is built around three core concepts:

  1. Projects — isolated workspaces where you define the software you want to monitor. Each project has its own subscriptions, alert rules, integrations, API tokens, and team members. You might create one project per product team, per client, or per environment.

  2. Subscriptions — within a project, you subscribe to specific software products from the CPE dictionary (e.g., Apache HTTP Server, Linux Kernel, Microsoft Exchange). CVEFeed.io continuously watches for new CVEs published against those products.

  3. Alerts & Integrations — when a new CVE matches your subscriptions, CVEFeed.io sends alerts through your configured channels: email, Slack, Microsoft Teams, webhooks, Jira, or RSS feeds. You choose how and where you get notified.

Key Features

  • Continuous CVE monitoring — data is ingested from the various data sources and enriched with exploit intelligence, EPSS scores, CISA KEV status, and CWE/CAPEC classifications.
  • CVEQL query language — a structured query language for searching vulnerabilities with precision. Combine severity, CVSS scores, affected products, exploit status, and more using logical operators.
  • Multi-tenant projects — organize monitoring by team, client, or environment. Each project is fully isolated with its own member list and role-based access control.
  • Team collaboration — invite team members with admin or member roles. Everyone on the project receives alerts and can manage subscriptions based on their role.
  • Scoped API tokens — create multiple API tokens per project with fine-grained resource and permission scopes. Integrate CVEFeed.io into your CI/CD pipelines, SIEMs, or custom tooling.
  • Activity logs — audit trail of all actions taken within a project, including who did what and when.
  • Multi-factor authentication — secure your account with TOTP-based MFA.

Next Steps

Ready to get started? Create your account — it takes less than a minute.