CVEdetails.com can alert you (either by email or by calling an API of yours) when certain events take place. The following events are supported at the moment:

  • For CVEs affecting a vendor, product and version. For example CVEs, matching sql injection category, affecting Wordpress.
  • For CVEs in CISA KEV catalog. For example daily list of new CVEs added to CISA KEV catalog.
  • For CVEs created by a certain CNA/assigner. For example a daily list of new CVEs created by github
  • When a public exploit is discovered for a CVE or if/when a specific CVE is added to the CISA KEV catalog.

Alert configuration

Users can configure alerts using the Alerts link found on various pages like vendor, product, CVE details pages. New alert form contains inline documentation for configuration options, please see inline documentation for more information.

Only one alert per day will be sent per alert configuration, even if the alert configuration would lead to multiple emails per day. This is required to limit the number of emails sent and getting blocked by various email security solutions.
If you have for example 10 alert configurations, you will receive 10 emails or API calls per day, one for each, assuming alert configurations lead to an alert on that day.

Email alerts

For maximum flexibility we include alert name in email subjects and alert description in email bodies. Please note that using html tags are not supported in alert names or descriptions.

We use an external email service provider to send emails and sometimes users might get unsubscribed from receiving emails inadvertently. Please let us know if you are having trouble receiving emails or if you stop receiving emails unexpectedly.

Webhooks/API calls/callbacks/

Users can also set up webhooks/API calls instead of email alerts.

For maximum flexibility we allow users to configure the complete http header to be used for authenticating to the target service. Please make sure that the configured header value is a valid http header line. The configured value will be used as is, only any new line characters in the configured header will be removed. Configured header values will be stored in encrypted format. Please make sure that the user/access token/token has minimal permissions at the target service, e.g do not use an administrator account which has full access to the target service.

Webhooks/callbacks will include at most 50 CVEs per execution, even if there were more matching CVEs. Narrow down your alert criteria if you think your alert would match more CVEs.

Only one alert callback per day will be executed per alert configuration, even if the alert configuration would lead to multiple calls per day.
If you have for example 10 alert configurations, you will receive 10 API calls per day, one for each, if/when all alert configurations lead to an alert on that day.

Make sure you are authorized to initiate http requests to target endpoints. Do not configure webhooks pointing to urls you are not authorized to. Otherwise your alerts might be disabled/removed.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!