Search Syntax

score

Search against a CVE's current score. If you are an Empirical.Models.Global customer, the current global score will be used. If you are an Empirical.Models.EPSS customer, the current EPSS score will be used. In both situations, scores from the latest version of the model will be used. Syntax for specifying score constraints (all scores are specified on a 0-100 scale and may contain decimals):

• >N

• >=N

• <N

• <=N

• [N M] Alias for score:>=N score:<=M

If multiple score terms are given for a constraint, the final term is used. For example, score:>80 score:>60 is equivalent to score:>60.

exp_activity

Alias for exploitation_activity

exploitation_activity

One of the following values:

• true Return CVEs for which Empirical has observed exploitation activity at any time.

• cisa_kev Return CVEs that appear in the CISA Known Exploited Vulnerabilities list.

• 0-7 Return CVEs for which Empirical has observed exploitation activity 0 to 7 days ago.

• last_7_days Alias for 0-7.

• 8-30 Return CVEs for which Empirical has observed exploitation activity 8 to 30 days ago.

• 31-90 Return CVEs for which Empirical has observed exploitation activity 31 to 90 days ago.

• 91-365 Return CVEs for which Empirical has observed exploitation activity 91 to 365 days ago.

• 366+ Return CVEs for which Empirical has observed exploitation activity over 365 days ago.

vendor

The name of the software vendor responsible for the affected software. Spaces in vendor names should be replaced with underscores, for example: trend_micro

product

The name of the affected software product. Spaces in product names should be replaced with underscores, for example: airflow_hive_provider

recently_updated

• past_day Return CVEs which Empirical has updated in the past 24 hours.

• past_week Return CVEs which Empirical has updated in the past 7 days.

• past_month Return CVEs which Empirical has updated in the past 1 month.