KEV Catalog Coverage in Vulnerability-Lookup

Vulnerability-Lookup can explore several Known Exploited Vulnerabilities (KEV) catalogs side by side — the local catalog of your instance as well as external ones such as CISA KEV, EUVD KEV and CIRCL KEV, all conforming to the GCVE BCP-07 standard.

Until now you could browse each catalog on its own, but there was no easy way to compare them. The KEV catalogs page now features a Catalog Coverage matrix that does exactly that.

Known Exploited Vulnerability Catalogs page with one card per catalog and the Catalog coverage matrix below — The Known Exploited Vulnerability Catalogs page, with one card per catalog (CISA KEV, the local CIRCL catalog, EUVD KEV) and the new Catalog coverage matrix below.

One vulnerability, every catalog at a glance

The Catalog Coverage matrix lays the catalogs out as a grid: one row per vulnerability, one column per catalog, with a check mark wherever a catalog references that vulnerability and a dash where it does not.

This makes it immediately clear which exploited vulnerabilities are tracked by which sources — and, just as usefully, where the catalogs disagree. You can see at a glance that CVE-2025-53770 is listed in all three catalogs, while many entries are present in CISA KEV only, and GCVE-1-2026-0020 appears solely in the local CIRCL catalog.

Catalog coverage matrix with vulnerabilities as rows and KEV catalogs as columns — The Catalog coverage matrix: each row is a vulnerability, each column a KEV catalog. A check mark links to the entry in that catalog; a dash means it is not referenced there.

That comparison answers questions that a single catalog cannot: Is this vulnerability tracked beyond CISA? Has the CSIRTs network (via EUVD) flagged it? Which entries are unique to our own catalog? For CSIRTs and security teams comparing exploitation intelligence across sources, the gaps between catalogs are often as informative as the overlaps.

Merged, most recent first

The rows are merged across all catalogs and ordered with the most recently updated first. A vulnerability surfaces as soon as any catalog adds or updates it, so nothing is hidden simply because it lives only in an external source — and an entry that several catalogs have just updated naturally rises to the top.

Every cell is actionable: each check mark links directly to the corresponding entry in that catalog, and each vulnerability identifier links to its full record in Vulnerability-Lookup.

Complete and paginated

The matrix is not limited to a small recent sample: it covers all vulnerabilities across all catalogs — 1,628 at the time of writing — with pagination at the bottom of the table, so you can page through the entire merged set.

It also works seamlessly for both CVE and GCVE identifiers, since GCVE records (GNA entities) follow the same CVE 5.x format. A GCVE tracked only in your own catalog therefore lines up in the matrix next to the public CVEs — directly comparable rather than siloed.

You can explore the catalogs and the new coverage matrix on our public instance: vulnerability.circl.lu/kev-catalogs.