Sign in Get a demo

Aggregate analytics across the full CVE landscape.

Sometimes the question isn't about a specific CVE. It's about patterns at landscape scale: how a CWE category has trended over the last decade, how CISA KEV additions distribute across vendors, how EPSS scores evolve for a class of vulnerabilities. Vulnerability Intelligence is the aggregate analytics layer over the CVE corpus.

Request a demo Get a free threat exposure report
WHAT THIS DOES

Statistical views across every CVE published.

Vulnerability Intelligence aggregates analytics across the full CVE corpus enriched with EPSS exploit-prediction history and CISA KEV actively-exploited status. CVE statistics by year, CWE category timelines, CISA KEV addition trends, EPSS distribution analyses, vulnerability statistics by CVSS severity. The structural view of the vulnerability landscape with real-world exploitation signal built in.

Use cases include vulnerability research (how is a specific CWE class trending), vendor due diligence (what does a vendor's CVE history look like across their product lines), policy and threat-modeling (how is the CISA KEV catalog evolving), and academic research (the kind of question you'd want to ask a CVE database directly without a heavy aggregation pipeline).

HOW IT WORKS

Three analytics dimensions, across the CVE corpus.

Time-series analytics for trend research. Categorical breakdowns for structural questions. Per-CVE EPSS history for understanding which criticals turned into actual exploitation.

Time-series analytics.

CVE counts by year, CISA KEV additions by month, EPSS distribution shifts over time. Useful for trend research and policy modeling.

Categorical breakdowns.

By CWE class (every CVE labeled with a weakness category), by vendor and product, by CVSS severity, by KEV status. Useful for structural research questions.

EPSS history per CVE.

EPSS scores evolve over time as exploit data accumulates. Per-CVE EPSS history shows how the prediction has shifted, useful for understanding which criticals actually got exploited and which stayed theoretical.

WHAT IT SURFACES

Examples of analytics queries Vulnerability Intelligence runs.

CVE counts by year and severity

Volume of CVE publications across years, broken down by CVSS severity tier.

CWE timelines

Weakness-category trends across years, useful for vulnerability-class research.

CISA KEV additions

Additions to the actively-exploited catalog by date and by vendor.

EPSS distribution

Distribution of EPSS percentiles across the full corpus and within categorical filters.

Per-CVE EPSS history

Time-series EPSS scores for individual CVEs, showing how prediction shifted as exploit data accumulated.

Vendor CVE profiles

Aggregate CVE counts and severity distributions across a vendor's product lines.

CVSS distribution

CVSS-score distribution across the corpus and within filtered subsets.

PART OF DSI

Aggregate intelligence complements specific search.

Vulnerability Intelligence answers structural questions ("how is this category trending"). Vulnerability Search answers specific questions ("which CVEs match these criteria"). The pattern mirrors Domain Intelligence and Domain Search. Together they cover the full search-and-research surface for the CVE corpus.

DSI · VULNERABILITY SEARCH

Vulnerability Search

Learn more DSI · DOMAIN INTELLIGENCE

Domain Intelligence

Learn more DSI · INSTANT LOOKUPS

Instant Lookups

Learn more
← Back to DSI

“For strategic reports on the CVE landscape, having decade-scale aggregate data on CWE categories and KEV additions changes what we can put in board materials. The patterns are visible because the data is queryable.”

— Director of Security Research, Defense Contractor
CONTINUE EXPLORING

Explore the full platform.

EASM · EXTERNAL ATTACK SURFACE MANAGEMENT

See your entire attack surface. Act on what matters.

Continuous discovery and monitoring of every internet-facing asset, including subsidiaries and acquired companies.

See module CTI · CYBER THREAT INTELLIGENCE

See what’s exposed. Act before it’s exploited.

Dark-web monitoring, breach corpora, infostealer logs, and threat-actor activity tied to your organization.

See module BRP · BRAND RISK PROTECTION

Keep an eye on the internet. Protect your brand.

Lookalike domains, fake apps, fraudulent listings, and brand abuse caught in hours, not weeks.

See module TPRM · THIRD-PARTY RISK MANAGEMENT

Every third party carries risk. See all of it.

Continuous external monitoring of every approved vendor with the same depth as your own surface.

See module DSI · DEEP SEARCH AND INSIGHTS

Explore the entire internet. See every layer.

400M domains, 2B subdomains, 200B DNS records, 30B SSL certificates. All queryable directly.

See module
EXPLORE THE LANDSCAPE

Run aggregate queries against the CVE corpus.

Book a demo. We'll run sample analytics queries scoped to your research question.

Request a demo