---
title: "Vulnerabilities inventory"
---

When viewing ((vulnerability groups)), you can use the keywords in this section to search and filter.


## Name {#vulnerabilities-name}

The name field can be searched using the syntax `name:<term>`.

```plaintext
name:"Cisco IOS Software DHCP Remote Code Execution Vulnerability"
```
```plaintext
name:"PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution"
```

## CVE {#vulnerabilities-CVE}

The CVE field can be searched using the syntax `cve:<term>`.

```plaintext
cve:CVE-2021-44228
```
```plaintext
cve:CVE-2016-2183
```

## KEV {#vulnerabilities-KEV}

Membership in a Known Exploited Vulnerability (KEV) list can be searched using the syntax `kev:<term>`.

```plaintext
kev:t
```

will search for vulnerabilities that appear on a KEV list.

Specific KEV lists can be searched by name.

- `kev:cisa` will search for vulnerabilities listed as actively exploited in the [CISA Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog).

- `kev:vulncheck` will search for vulnerabilities listed as actively exploited in the [VulnCheck Catalog](https://vulncheck.com/kev).

- `kev:true` will search for vulnerabilities in either of the above lists.

## Severity {#vulnerabilities-severity}

The severity field can be searched using the syntax `severity:<term>`.

```plaintext
severity:info
```
```plaintext
severity:medium
```

## Risk {#vulnerabilities-risk}

The `Risk` and `Risk Score` fields can be searched using either numeric or keyword values.
Risk score is an integer from zero through four, where `0` is Info level risk and `4` indicates Critical risk.
```plaintext
risk:"Critical"
```
```plaintext
risk:2
```

## Vulnerability instance count {#vulnerabilities-count}
The `Asset count` field can be searched using the syntax `count:<text>`.
```plaintext
count:>0
```

## Site name or ID {#vulnerabilities-siteID}

Use the syntax `site:<term>` to filter by site name or ID.
```plaintext
site:Primary
```

## EPSS score {#vulnerabilities-EPSS}

The EPSS score can be searched using the syntax `epss_score:<term>`. The term supports numerical comparison operators (`>`, `>=`, `<`, `<=`, `=`).

```plaintext
epss_score:>0.5
```

```plaintext
epss_score:<=0.1
```

```plaintext
epss_score:=0.9
```

## Timestamps {#vulnerabilities-timestamps}

Use the following syntaxes to search the vulnerability group timestamp fields (`created_at`, `suppressed_at`):

* `created_at:<term>`
* `suppressed_at:<term>`

The term supports the standard runZero [time comparison syntax][time].

```plaintext
created_at:>2weeks
```
```plaintext
created_at:<30minutes
```
```plaintext
suppressed_at:<1day
```

## Suppression {#suppressed-vuln-group}

The current suppressed or unsuppressed state of vulnerability groups can be searched using the syntax `suppressed:<term>`.

```plaintext
suppressed:t
```

will search for vulnerability groups that are suppressed. Inversely, 

```plaintext
suppressed:f
```

will search for vulnerability groups that are not suppressed.

A special value of `any` can be used to display all records, regardless of suppression settings:

```plaintext
suppressed:any
```

will display both suppressed and unsuppressed vulnerability groups.

Additionally, the user who performed the suppression can be found using the following syntaxes:
```plaintext
suppressed_by:<username>
```