Vulnerabilities inventory

When viewing vulnerability groups, you can use the keywords in this section to search and filter.

Name

The name field can be searched using the syntax name:<term>.

name:"Cisco IOS Software DHCP Remote Code Execution Vulnerability"

name:"PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution"

CVE

The CVE field can be searched using the syntax cve:<term>.

cve:CVE-2021-44228

cve:CVE-2016-2183

KEV

Membership in a Known Exploited Vulnerability (KEV) list can be searched using the syntax kev:<term>.

kev:t

will search for vulnerabilities that appear on a KEV list.

Specific KEV lists can be searched by name.

kev:cisa will search for vulnerabilities listed as actively exploited in the CISA Known Exploited Vulnerabilities Catalog.
kev:vulncheck will search for vulnerabilities listed as actively exploited in the VulnCheck Catalog.
kev:true will search for vulnerabilities in either of the above lists.

Severity

The severity field can be searched using the syntax severity:<term>.

severity:info

severity:medium

Risk

The Risk and Risk Score fields can be searched using either numeric or keyword values. Risk score is an integer from zero through four, where 0 is Info level risk and 4 indicates Critical risk.

risk:"Critical"

risk:2

Vulnerability instance count

The Asset count field can be searched using the syntax count:<text>.

count:>0

Site name or ID

Use the syntax site:<term> to filter by site name or ID.

site:Primary

EPSS score

The EPSS score can be searched using the syntax epss_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

epss_score:>0.5

epss_score:<=0.1

epss_score:=0.9

Timestamps

Use the following syntaxes to search the vulnerability group timestamp fields (created_at, suppressed_at):

created_at:<term>
suppressed_at:<term>

The term supports the standard runZero [time comparison syntax][time].

created_at:>2weeks

created_at:<30minutes

suppressed_at:<1day

Suppression

The current suppressed or unsuppressed state of vulnerability groups can be searched using the syntax suppressed:<term>.

suppressed:t

will search for vulnerability groups that are suppressed. Inversely,

suppressed:f

will search for vulnerability groups that are not suppressed.

A special value of any can be used to display all records, regardless of suppression settings:

suppressed:any

will display both suppressed and unsuppressed vulnerability groups.

Additionally, the user who performed the suppression can be found using the following syntaxes:

suppressed_by:<username>

Updated December 10, 2025

Previous: Software instance inventory Next: Vulnerability instance inventory