NullScore™ CVE Dashboard
The core product. A ranked, filterable feed of every CVE that matters, fused from 7 sources into one list, ordered by real-world risk. No security degree required to understand it.
- NullScore™ composite ranking (CVSS + EPSS + KEV + PoC)
- Plain English severity labels : "Patch in 24 hours" not "CVSS 9.8"
- CISA KEV badges : actively exploited vulnerabilities flagged instantly
- Tech stack filter : see only CVEs affecting your environment
- Role-based views for Analyst, Developer, and IT/Compliance
- Built-in glossary : every term explained on first use
"data": [
{
"cve_id": "CVE-2025-21298",
"null_score": 98,
"severity": "CRITICAL",
"cvss": 9.8,
"epss": 0.97,
"is_kev": true,
"poc_available": true,
"action": "Patch in 24 hours"
}
]
REST API
Integrate NullCVE data directly into your security tooling, SIEM, ticketing system, or internal dashboards. Clean JSON, consistent schema, NullScore on every record.
- Full NullScore™ + EPSS data on every CVE record
- Filter by severity, KEV status, PoC, EPSS threshold, stack
- Daily JSON and CSV bulk export
- Webhook support for new KEV additions and score changes
- Versioned API with deprecation notices
- Rate limits matched to your plan tier
Compliance Mapping
Automatically map your CVEs to the compliance frameworks your auditors actually care about. Generate evidence packs without touching a spreadsheet.
- PCI-DSS 4.0 : Requirements 6.x, 8.x, 10.x, 11.x, 12.x
- SOC 2 Type II : Trust Service Criteria mapping
- HIPAA : Technical Safeguards section
- NIST CSF 2.0 : Including the new Govern function
- One-click audit export PDF
- Remediation status tracking per control
Smart Alerts
Get notified the moment something critical drops that actually affects your environment. No noise, no manual checking, just the signal that requires action.
- Email, Slack, and Microsoft Teams delivery
- Configurable NullScore threshold : only alert when it matters
- Stack-filtered : never alerted about software you don't run
- Instant KEV alerts : notified within 1hr of CISA additions
- PoC publish alerts : know when exploit code goes public
- Weekly digest : top 10 CVEs every Monday morning
Enterprise Plan
For organizations that need team management, custom contracts, and the compliance documentation to get NullCVE through procurement. Everything in Pro, plus the enterprise layer.
- SSO via SAML 2.0 / OIDC (Okta, Azure AD, Google)
- Role-based access for your whole team
- Custom compliance frameworks
- Guaranteed SLA with uptime commitment
- Data Processing Agreement for GDPR/CCPA
- Dedicated support Slack channel
- On-premise deployment option
NullCVE vs. the alternatives.
| Feature | NullCVE | CVEDetails | NVD / NIST | Recorded Future |
|---|---|---|---|---|
| Composite risk score | ✓ | — | — | ✓ |
| CISA KEV integration | ✓ | ✓ | ✓ | ✓ |
| EPSS scoring | ✓ | ✓ | — | ✓ |
| Live PoC tracking | Pro | Partial | — | ✓ |
| Tech stack filtering | ✓ | Partial | — | ✓ |
| Plain English for non-security users | ✓ | — | — | — |
| Compliance mapping (PCI, SOC2, HIPAA) | Pro | — | — | Enterprise |
| Free tier | ✓ | ✓ | ✓ | — |
| Starting price | $0 / $29 Pro | $0 / ~$99 Business | Free | $25,000+/yr |
Ready to get started?
Free forever. No credit card. Set up in under 2 minutes.