Loading...
Independent vulnerability enrichment for the global security community. Every CVE scored, classified, and mapped to 500+ compliance frameworks — with full provenance on every field.
When NVD stopped enriching CVEs in April 2026, thousands of vulnerabilities lost their CVSS scores, CWE classifications, and product matching. Advisedly fills that gap with multi-source consensus scoring that goes further than NVD ever did.
Returns CVSS score, CWE classification, affected products, EPSS probability, CISA KEV status, and compliance framework mapping with per-field provenance.
Recently enriched CVEs. Filter by severity or time period.
| CVE ID | Severity | CVSS | Source | ||
|---|---|---|---|---|---|
| No enriched CVEs found for this filter. | |||||
Every CVE passes through four independent enrichment stages. Each stage produces a confidence score. When multiple stages agree, confidence rises. When they disagree, the finding is flagged for review.
We ingest security advisories from Microsoft MSRC, Red Hat, Ubuntu, Debian, Cisco, Oracle, VMware, Adobe, AWS, Azure, and GCP. When a vendor publishes a CVSS score, CWE classification, or affected product list that NVD lacks, we merge it into the CVE record with full provenance.
We compute median CVSS scores per CWE across 350,000+ historically scored CVEs. When a new CVE has a CWE classification but no CVSS, the empirical median from that CWE category provides a data-grounded severity estimate — not a guess.
For CVEs that remain unscored after rule-based methods, a governed AI agent analyzes the vulnerability description to produce CVSS 3.1 base scores, CWE classifications, and affected product extractions. AI scores are guardrailed: they cannot drift more than ±2.0 points from the heuristic baseline.
When multiple independent signals (vendor advisory, heuristic engine, AI analysis) agree within 1.0 CVSS points, confidence is elevated to 0.95. When they disagree by more than 2.0 points, the finding is flagged for human review. NVD relied on a single analyst; we use three independent methods.
Advisedly doesn't just replace NVD's enrichment — it extends it into areas NVD never covered.
Every CVE is automatically mapped to 500+ compliance frameworks (CMMC, FedRAMP, HIPAA, ISO 27001, PCI-DSS, SOC 2, NIST 800-171, and more) via our automated control crosswalk. NVD never provided this.
Every enriched field (CVSS, CWE, CPE) carries its source, method, confidence score, and timestamp. You always know where a score came from and how much to trust it. NVD provided scores without provenance.
When NVD eventually scores a CVE we already enriched, we automatically compare. If our score was within 1.0 points, we log the validation. If we were off by more than 2.0, we auto-correct. Our accuracy improves continuously.
Security researchers can submit corrections via the API. Every correction is reviewed before being applied, creating a feedback loop that no single-vendor database can match.
New CVEs are pulled from NVD every 2 hours. Enrichment runs within 30 minutes of ingest. From NVD publication to fully enriched Advisedly record: under 3 hours.
Every CVSS score, CWE classification, and CPE match includes asource,method,confidence, andenriched_at timestamp. Check the enrichment_metadata object in any API response.
CVSS scores within ±1.0 of NVD ground truth for 80%+ of comparable CVEs. CWE classification match rate above 70%. These metrics are computed automatically via our quality baseline and published transparently.
Found a wrong score? Submit a correction viaPOST /api/public/cve/:id/correctionwith the field, your suggested value, and rationale. Every correction is reviewed by staff before being applied.
All endpoints are unauthenticated, rate-limited to 100 requests/minute/IP, and licensed under CC-BY-4.0. No API key required.
/api/public/cve/:cveIdFull enriched CVE record — CVSS, CWE, CPE, EPSS, KEV, compliance framework mapping, per-field provenance
/api/public/cve/feed/recentRecently enriched CVEs, paginated. Filter by severity (?severity=critical) and period (?period=24h|7d|30d)
/api/public/cve/feed/missing-nvdCVEs that NVD has not scored but Advisedly has independently enriched
/api/public/cve/feed/statsLive coverage statistics — total CVEs, enrichment breakdown, coverage percentage
/api/public/cve/:cveId/correctionSubmit a correction for an enriched field (requires field, reported_value, suggested_value)
/api/public/cve/corrections/statsCorrection submission statistics — total, by status, acceptance rate
Advisedly Compliance LLC is a cybersecurity and compliance platform serving DoD, federal, and commercial customers. SAM.gov registered (UEI: XSZ6TYQM2F54, CAGE: 1Z6E9). The Advisedly CVE Database is a public service — free for everyone, funded by our platform customers who receive deeper integration, compliance automation, and managed security services.