Vulnerabilities inventory

When viewing vulnerability groups, you can use the keywords in this section to search and filter.

Name

The name field can be searched using the syntax name:<term>.

name:"Cisco IOS Software DHCP Remote Code Execution Vulnerability"

name:"PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution"

CVE

The CVE field can be searched using the syntax cve:<term>.

cve:CVE-2021-44228

cve:CVE-2016-2183

KEV

Membership in a Known Exploited Vulnerability (KEV) list can be searched using the syntax kev:<term>.

kev:t

will search for vulnerabilities that appear on a KEV list.

Specific KEV lists can be searched by name.

kev:cisa will search for vulnerabilities listed as actively exploited in the CISA Known Exploited Vulnerabilities Catalog.
kev:vulncheck will search for vulnerabilities listed as actively exploited in the VulnCheck Catalog.
kev:true will search for vulnerabilities in either of the above lists.

Severity

The severity field can be searched using the syntax severity:<term>.

severity:info

severity:medium

Risk

The Risk and Risk Score fields can be searched using either numeric or keyword values. Risk score is an integer from zero through four, where 0 is Info level risk and 4 indicates Critical risk.

risk:"Critical"

risk:2

Vulnerability instance count

The Asset count field can be searched using the syntax count:<text>.

count:>0

Site name or ID

Use the syntax site:<term> to filter by site name or ID.

site:Primary

EPSS score

The EPSS score can be searched using the syntax epss_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

epss_score:>0.5

epss_score:<=0.1

epss_score:=0.9

Timestamps

Use the following syntaxes to search the vulnerability timestamp field (created_at):

created_at:<term>

The term supports the standard runZero [time comparison syntax][time].

created_at:>2weeks

created_at:<30minutes

Updated April 14, 2025

Previous: Software instance inventory Next: Vulnerability instance inventory