New Features: Critical Indicators & Known Exploitation Calendar Heatmap

We built critical indicators to explain the reasoning behind any CVE’s Empirical Score (0% to 100% real-world exploitation risk). Every CVE we analyze is modeled against over 2,000 data points. We took these model weight contributions and grouped them into the following categories: Chatter, Exploitation, Threat Intelligence, Vulnerability Attributes, Exploit Code, References, and Vendor. This makes it easier than ever to see why a vulnerability matters.

How to read Critical Indicators

In our web UI, we use a combination of color, icons, and text to visually show the impact for each critical indicator category. In the example shown below, Exploit Code strongly increases this CVE’s score because our GitHub Exploit model has identified many published code examples. Attackers could discover these code snippets and weaponize this vulnerability.

Not all evidence increases a CVE’s score. We also show how critical indicator contributions can reduce a CVE’s score. Our goal is to provide transparency and clearly show the evidence that supports our models.

Known Exploitation Calendar Heatmap

We also released a new heatmap that shows the past 365 days of exploitation activity for every CVE in our database. This timeline is updated daily, so our users can make informed decisions. Darker colored squares indicate more known exploitation activity has been recorded on that day compared to other days.