## https://sploitus.com/exploit?id=3E1C49E1-191E-5F77-9F8C-89263B0EB21C
# ๐ฏ KEV Tracker
Daily automated tracking of the **CISA Known Exploited Vulnerabilities (KEV) catalog** โ the authoritative list of CVEs confirmed to be exploited in the wild.
New KEV entries are the highest-priority patching signal that exists: these aren't theoretical vulnerabilities, they're being used in real attacks right now.
**๐ Live dashboard:** [tayvensec.github.io/kev-tracker](https://tayvensec.github.io/kev-tracker/)
Companion tool to the [Patch Tuesday Tracker](https://github.com/TayvenSec/patch-tuesday-tracker), built for the [Tayven Cyber Security Patch Management Series](https://tayvensec.com/patch-management/).
---
## What It Does
Every day at 09:00 UTC it:
1. Downloads the official [CISA KEV catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) (JSON feed โ no scraping)
2. Diffs against the previous day's catalog
3. Records new additions to a monthly log (`data/additions/YYYY-MM-additions.md` + `.json`)
4. Rebuilds the dashboard showing: recent additions, ransomware-linked CVEs, and remediation deadlines due within 14 days
5. Opens a **GitHub Issue notification** listing the new CVEs โ with a ๐ด flag when a CVE is linked to known ransomware campaigns
No new entries โ no commit, no issue, no noise.
## Data Layout
```
data/
โโโ kev-catalog.json # full current catalog (mirror of CISA's)
โโโ additions/
โโโ 2026-07-additions.json # this month's new entries (machine-readable)
โโโ 2026-07-additions.md # this month's new entries (human-readable)
```
## Setup
1. Fork/clone, push to GitHub
2. **Settings โ Pages** โ Deploy from branch โ `main` / `docs`
3. **Actions** tab โ enable workflows โ run **Track KEV Catalog** manually once
4. **Watch โ All Activity** to get new-KEV notifications by email
First run seeds the catalog and shows the last 7 days of additions; from then on it tracks day-to-day changes.
## Run Locally
```bash
pip install -r requirements.txt
python collect.py
```
## About Due Dates
Each KEV entry carries a CISA **BOD 22-01 remediation deadline** โ binding for US federal agencies, and widely used by everyone else as a prioritisation signal. The dashboard surfaces anything due within 14 days.
## License
MIT โ Copyright (c) 2026 Tayven Cyber Security (https://tayvensec.com)