Standalone · Offline · No Install

Browse the CISA KEV Catalog
Without a Server

A self-contained HTML app with all Known Exploited Vulnerabilities embedded inline. Run build.py to pull the latest data — then open the HTML in any browser, anywhere.

Get Started View Architecture
1,558+
KEVs Tracked
313
Ransomware Known
1,553
Past Due Date
0
Dependencies
Overview

How It Works

The project is two files. build.py is a Python script that fetches the latest KEV JSON from CISA's live feed and bakes every vulnerability record directly into a standalone HTML file. The resulting cisa-kev-browser.html needs no server, no network connection, and no dependencies to run.

Step 1 — build.py
Fetch & Validate
Downloads the CISA KEV JSON feed with aggressive cache-busting headers to defeat CDN caching. Verifies the payload is complete by cross-checking the declared count field against actual entries received. Sorts all vulnerabilities newest-first before embedding.
# Cache-busting URL on every run URL = CISA_URL + f"?_={timestamp}&nocache={nonce}" headers = { "Cache-Control": "no-cache, no-store", "Pragma": "no-cache", "Expires": "0" }
Step 1 — build.py
Inject & Build
Takes the validated JSON and injects it as a JavaScript constant directly into the HTML template. Replaces placeholder tokens for catalog version, release date, and entry count. Writes the final file in one shot. The output is fully self-contained — no external requests at runtime.
# Injection into HTML template html = TEMPLATE html = html.replace("__CATALOG_JSON__", json_str) html = html.replace("__CATALOG_VERSION__", version) html = html.replace("__RELEASE_DATE__", released) with open("cisa-kev-browser.html", "w") as f: f.write(html)
Step 2 — browser
Initialize the App
When you open the HTML, the browser reads the embedded CATALOG constant — no network call needed. It populates the vendor and CWE dropdowns, displays the latest entry date in the stats bar, and renders the first page of results instantly.
// Embedded at build time — no fetch needed const CATALOG = { ...1,558 KEVs... }; (function init() { populateVendorDropdown(); populateCWEDropdown(); showLatestEntry(CATALOG.vulnerabilities[0]); applyFilters(); // → renderPage() })();
Step 2 — browser
Filter, Sort & Explore
All filtering and sorting happens in-memory in the browser — instant, with no round trips. The full-text search covers CVE ID, vendor, product, description, CWE codes, and notes simultaneously. Clicking any CVE opens a full detail modal with references and navigation.
// applyFilters() pipeline let list = CATALOG.vulnerabilities; list = textSearch(list, filters.search); list = filterByVendor(list, filters.vendor); list = filterByRansomware(list, filters.ransomware); list = filterByCWE(list, filters.cwe); list = filterByDateRange(list, from, to); list = sort(list, sortBy, sortDir); renderPage(list, pageNumber);
Architecture

Functionality Diagram

End-to-end data flow from CISA's CDN through build.py into the standalone HTML app and its interactive UI layers.

flowchart TD CISA["🌐 CISA CDN\nknown_exploited_vulnerabilities.json"] subgraph BP["build.py — Run once to update"] direction TB F1["fetch_kev()\nTimestamp + nonce URL\nno-cache headers\nFresh SSL context"] F2["Validate payload\ncount check\nnon-empty check"] F3["Sort newest-first\ndateAdded desc"] F4["build()\nInject JSON into\nHTML template"] F5["Write\ncisa-kev-browser.html"] F1 --> F2 --> F3 --> F4 --> F5 end subgraph HTML["cisa-kev-browser.html — Open in any browser"] direction TB D1["const CATALOG = {...}\n1,558 KEVs embedded inline"] D2["init()\nPopulate dropdowns\nShow latest entry stat"] subgraph UI["Interactive UI"] direction LR SF["🔍 Search\nCVE · vendor · product\ndescription · CWE · notes"] FF["🎛 Filters\nvendor · ransomware\nCWE · date range"] SF & FF --> AF["applyFilters()\n+ sort()"] end subgraph TABLE["Data Table"] direction TB T1["renderPage()\n50 rows per page"] T2["Pagination\n← prev / next →"] T1 --> T2 end subgraph MODAL["Detail Modal"] direction TB M1["Full metadata\nvendor · product · dates"] M2["Description\nRequired Action\nReferences (NVD · CISA · vendor)"] M3["← Prev CVE Next CVE →\nKeyboard: ← → Esc"] end D1 --> D2 --> UI AF --> TABLE T1 -->|"click CVE"| MODAL end EXP["📤 Export CSV\nFiltered view · all pages"] TABLE --> EXP CISA -->|"HTTPS"| F1 F5 -->|"open file"| HTML style CISA fill:#1e2d45,stroke:#60a5fa,color:#e2e8f0 style BP fill:#111827,stroke:#1e2d45,color:#e2e8f0 style HTML fill:#111827,stroke:#1e2d45,color:#e2e8f0 style UI fill:#1a2234,stroke:#1e2d45,color:#e2e8f0 style TABLE fill:#1a2234,stroke:#1e2d45,color:#e2e8f0 style MODAL fill:#1a2234,stroke:#1e2d45,color:#e2e8f0 style EXP fill:#1e2d45,stroke:#4ade80,color:#e2e8f0 style F1 fill:#1a2234,stroke:#60a5fa,color:#e2e8f0 style F5 fill:#1a2234,stroke:#4ade80,color:#e2e8f0 style D1 fill:#0c1929,stroke:#38bdf8,color:#e2e8f0 style AF fill:#1e3a5f,stroke:#60a5fa,color:#e2e8f0
Files

File Breakdown

🐍
build.py
~50 KB · 1,025 lines · Python 3.7+
  • Fetches live KEV JSON from CISA with full cache-busting (timestamp + nonce + headers)
  • Validates payload completeness — declared count vs actual entries
  • Sorts all vulnerabilities newest-first before embedding
  • Injects the JSON and catalog metadata into the HTML template
  • Prints 3 newest entries to terminal so you can confirm freshness
  • Falls back to local kev.json if network is unavailable
  • No third-party packages — stdlib only (urllib, json, ssl)
🌐
cisa-kev-browser.html
~1.1 MB · all-in-one · zero dependencies
  • Embeds the entire KEV catalog as an inline JS constant — no runtime fetch
  • Full-text search across 7 fields simultaneously
  • 5 filter dimensions: vendor, ransomware, CWE, date from, date to
  • 5 sortable columns with toggle asc/desc
  • Detail modal with full metadata, references, and prev/next navigation
  • CSV export of any filtered view
  • Dark/light mode, overdue row highlighting, data-age warning banner
Data Flow

Step-by-Step Execution

StepActorActionOutput
1 build.py Construct cache-busted URL with Unix timestamp + random nonce CISA_URL?_=1744034291&nocache=873227
2 build.py HTTP GET with no-cache headers + fresh SSL context Raw JSON bytes from CISA CDN
3 build.py Parse JSON, cross-check count vs len(vulnerabilities) Validated catalog dict
4 build.py Sort vulnerabilities[] by dateAdded descending Newest entry at index [0]
5 build.py Serialize to compact JSON, inject into HTML template via token replacement cisa-kev-browser.html written to disk
6 Browser Parse const CATALOG = {...} on page load 1,558+ objects in memory
7 Browser Populate vendor + CWE dropdowns, set latest-entry stat UI ready state
8 Browser Run applyFilters()sort()renderPage() First 50 rows rendered, newest CVE visible at row 1
9 User Type in search, change dropdowns, click column headers Instant in-memory filter/sort — no network
10 User Click CVE ID → detail modal opens Full metadata, NVD/CISA/vendor links, ← → navigation
Capabilities

Features

🔍
Full-Text Search
Searches CVE ID, vendor, product, vulnerability name, short description, CWE codes, and notes simultaneously as you type.
🎛
Multi-Dimension Filters
Filter by vendor/project, ransomware campaign use (Known/Unknown), CWE code, and date-added range. Combine filters freely. Remove with one-click chips.
Sortable Columns
Click any column header to sort ascending or descending. Columns: CVE ID, Vendor, Product, Date Added (default: newest first), Due Date.
📋
Detail Modal
Full metadata for every CVE — description, required action, due date with overdue indicator, CWE links (MITRE), NVD link, CISA link, vendor advisory links.
📤
CSV Export
Export the current filtered view — all matching records, not just the visible page — with 10 fields including description and required action.
🌙
Dark / Light Mode
Respects your system preference on first load. Toggle any time with the header button. Theme is applied instantly with no flash.
🔴
Overdue Highlighting
Rows with past-due remediation dates are highlighted in red. Upcoming deadlines within 14 days show an amber countdown label.
⚠️
Data Age Warning
A yellow banner appears automatically if the embedded catalog is more than 30 days old, prompting you to re-run build.py.
📡
Always Latest Data
build.py defeats CDN caching with timestamp + nonce URLs and no-cache headers, guaranteeing a fresh pull from CISA on every run.
Usage

Quick Start

1
Download the two files
Save build.py and cisa-kev-browser.html into the same folder.
2
Run build.py to pull the latest KEV data
Requires Python 3.7+ and an internet connection. No pip installs needed.
python3 build.py ✓ Downloaded 1,558 vulnerabilities Catalog: v2026.04.06 (released 2026-04-06) Newest entries: 2026-04-06 CVE-2026-35616 Fortinet 2026-04-02 CVE-2026-3502 TrueConf 2026-04-01 CVE-2026-5281 Google ✓ Done! Output: cisa-kev-browser.html
3
Open the HTML in any browser
Double-click cisa-kev-browser.html, or:
# macOS open cisa-kev-browser.html # Windows start cisa-kev-browser.html # Linux xdg-open cisa-kev-browser.html
4
Update anytime CISA adds new CVEs
Just re-run build.py and reload the HTML. No other steps needed.
Shortcuts

Keyboard Shortcuts

Ctrl+KFocus search bar
EscClose detail modal
Previous CVE in modal
Next CVE in modal
Data

Data Source

FieldValue
SourceCISA Known Exploited Vulnerabilities Catalog
JSON Feed URLhttps://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Update FrequencyMultiple times per week
FormatJSON — fields: cveID, vendorProject, product, vulnerabilityName, dateAdded, dueDate, knownRansomwareCampaignUse, cwes, shortDescription, requiredAction, notes
SchemaCISA KEV JSON Schema