🛡️ Free during public beta, no credit card needed

Know which vulnerabilities
to fix first.

NullCVE ranks every security vulnerability by real-world risk, not just a raw score. Built for security teams, developers, and IT professionals who need clarity, not more noise.

No security degree required. Start with your tech stack and we'll show you exactly what's at risk and what to do about it.

Data from: NVD / NIST CISA KEV EPSS Trickest PoC GitHub Advisory CVEDetails
335k+
CVEs indexed
7
Data sources fused
< 1hr
CISA KEV latency
$0
To start, forever
1
Score to rule them all
Why NullCVE

Everything you need to
prioritize vulnerabilities, fast.

We pull from 7 data sources so you don't have to. One ranked list, filtered to your environment, in plain English.

🎯
NullScore™: One Number to Act On
We combine CVSS severity, EPSS exploit probability, CISA KEV status, and live PoC availability into one score. Higher = fix it sooner. No security background needed to understand it.
Free
CISA KEV Tracking: Actively Exploited
CISA's Known Exploited Vulnerabilities list tells you which CVEs attackers are using right now. We flag these instantly and surface them at the top of your feed.
Free
🗂️
Tech Stack Filter: Your Environment Only
Tell us what software you run. We filter out everything else. Instead of 300 daily CVEs, see the 8 that actually affect your servers, apps, and infrastructure.
Free
🔬
Live PoC Tracking: Exploit Went Public
A Proof of Concept is working exploit code anyone can download. When one drops for a CVE, your patch timeline compresses from weeks to hours. We track them in real time.
Pro
📋
Compliance Mapping: Audit Ready
Map CVEs to PCI-DSS, SOC 2, HIPAA, and NIST CSF controls automatically. Generate the evidence your auditor needs in one click, without manually cross-referencing spreadsheets.
Pro
🔔
Smart Alerts: Only What Matters
Set a risk threshold once. Get notified via email, Slack, or Teams only when something crosses it and matches your stack. Zero alert fatigue, no manual checking.
Pro
Pricing

Start free. Upgrade when you're ready.

No credit card required to start. No hidden costs. Cancel anytime.

Free
$0
forever · no card required
  • Live CVE feed (50 per day)
  • NullScore™ ranking
  • CISA KEV flagging
  • Tech stack filter (up to 3 components)
  • Email alerts
  • CSV export
  • Full API access
  • Compliance reports
  • Unlimited stack components
Most popular
Pro
$29
per month · or $249/year (save 28%)
  • Unlimited CVE feed
  • Full NullScore™ + EPSS data
  • Live PoC tracking
  • Unlimited stack components
  • Slack / Teams / webhook alerts
  • PCI-DSS & SOC 2 compliance maps
  • Full REST API access
  • Daily JSON & CSV export
  • Priority email support
Enterprise
Custom
annual contract · custom SLA
  • Everything in Pro
  • SSO / SAML 2.0 login
  • Team roles & permissions
  • Custom compliance frameworks
  • Dedicated support channel
  • Data Processing Agreement
  • Guaranteed uptime SLA
  • On-premise option
Stay Ahead

Get the weekly
critical CVE digest.

Every Monday: the 10 highest-risk CVEs of the week in plain English. What they are, who's affected, and what to do. Free forever.

No spam. No jargon. Unsubscribe anytime.
Live Application
Live
👋 Welcome to NullCVE: here's where to start
1
Add your tech stack
Tell us what software you run so we can filter out everything irrelevant.
2
Browse your personalized feed
See only CVEs that affect your environment, ranked by real-world risk.
3
Upgrade for alerts Pro
Get notified the moment a critical CVE matches your stack, email, Slack, or Teams.
Critical, Fix immediately
CVSS ≥ 9.0 · patch within 24h
High, Fix this week
CVSS 7.0–8.9 · schedule patch
CISA KEV, Being Exploited Now
Confirmed active exploitation
High EPSS, Likely to Be Exploited
≥ 10% exploitation probability
Live PoC, Exploit Code Published
Public exploit code available now
Vulnerability Feed
NullScore™ ranked
🔒 Alerts, Pro →
My Tech Stack
Free
Edit
Search to add software
🔍
Your components
Windows Server 2022 8
Fortinet FortiOS 3
nginx 1.24 2
OpenSSL 3.1 1
Node.js 20 LTS 0
PostgreSQL 14 0
+ Add component
Matches this week
CRITICALCVE-2025-21298Windows OLE RCE
CRITICALCVE-2024-55591FortiOS Auth Bypass
HIGHCVE-2025-21376LDAP Race Condition
HIGHCVE-2025-1974nginx Ingress RCE
HIGHCVE-2025-0994OpenSSL Memory Corruption
📖 What does this mean?
Full glossary →
CVE
Common Vulnerability & Exposure. A unique ID for a specific security flaw in software.
CVSS
Severity score 0–10. Rates how bad a vulnerability is technically. Doesn't tell you if it's actually being exploited.
EPSS
Exploitation probability. 90% EPSS means a 90% chance attackers will try to exploit this within 30 days.
KEV
Known Exploited Vulnerability. CISA confirmed real attackers are using this right now. Patch immediately.
PoC
Proof of Concept. Working exploit code is publicly available. Anyone can download and use it.
NullScore™
Our composite risk score 0–100. Combines CVSS + EPSS + KEV + PoC. The higher it is, the sooner you should act.
🔒 Compliance Reports, Pro Feature
Automatically map CVEs to PCI-DSS, SOC 2, HIPAA, and NIST CSF. Generate audit-ready exports without touching a spreadsheet.
🏠
Home
Feed
🗂️
My Stack
🔔
Alerts
💳
Pricing
NullScore™
Composite risk rank
CVSS Severity
Technical severity score
EPSS Risk
Exploitation probability
Status
AI Explanation PRO
🛠
What To Do PRO
AI explanations are generated by Claude. Always verify with official vendor advisories before taking action.