Email alerts
CVEdetails.com can alert you (either by email or by calling an API of yours) when certain events take place. The following events are supported at the moment:
- For CVEs affecting a vendor, product and version. For example CVEs, matching sql injection category, affecting Wordpress.
- For CVEs in CISA KEV catalog. For example daily list of new CVEs added to CISA KEV catalog.
- For CVEs created by a certain CNA/assigner. For example a daily list of new CVEs created by github
- When a public exploit is discovered for a CVE or if/when a specific CVE is added to the CISA KEV catalog.
Alert configuration
Users can configure alerts using the Alerts link found on various pages like vendor, product, CVE details pages. New alert form contains inline documentation for configuration options, please see inline documentation for more information.
Only one alert per day will be sent per alert configuration, even if the alert configuration would lead to multiple emails per day.
This is required to limit the number of emails sent and getting blocked by various email security solutions.
If you have for example 10 alert configurations, you will receive 10 emails or API calls per day, one for each, assuming alert configurations lead to an alert on that day.
Email alerts
For maximum flexibility we include alert name in email subjects and alert description in email bodies. Please note that using html tags are not supported in alert names or descriptions.
Webhooks/API calls/callbacks/
Users can also set up webhooks/API calls instead of email alerts.
For maximum flexibility we allow users to configure the complete http header to be used for authenticating to the target service. Please make sure that the configured header value is a valid http header line. The configured value will be used as is, only any new line characters in the configured header will be removed. Configured header values will be stored in encrypted format. Please make sure that the user/access token/token has minimal permissions at the target service, e.g do not use an administrator account which has full access to the target service.
Webhooks/callbacks will include at most 50 CVEs per execution, even if there were more matching CVEs. Narrow down your alert criteria if you think your alert would match more CVEs.
Only one alert callback per day will be executed per alert configuration, even if the alert configuration would lead to multiple calls per day.
If you have for example 10 alert configurations, you will receive 10 API calls per day, one for each, if/when all alert configurations lead to an alert on that day.