CISA CVE Dataset with CVSS and SSVC Scores

CISA's CVE Vulnrichment Dataset provides standardized vulnerability information. It includes Common Vulnerability Scoring System (CVSS) metrics and Stakeholder-Specific Vulnerability Categorization (SSVC) scores. The dataset is maintained by the U.S. Cybersecurity and Infrastructure Security Agency.

Use Cases

• Prioritize patch deployment by analyzing CVSS base scores and SSVC decision trees.
• Track vulnerability trends over time using CVE publication dates and associated CVSS metrics.
• Correlate vulnerability severity with exploit availability data if present in the enrichment.
• Benchmark organizational vulnerability posture against industry-wide CVE data.

Strengths

• Includes standardized CVSS metrics for consistent severity assessment.
• Incorporates SSVC scores for stakeholder-specific vulnerability prioritization.
• Aggregates data from the authoritative CVE List managed by CISA.

Limitations

• Specific row count, column details, and update frequency are unknown.
• The scope of enrichment beyond CVSS and SSVC scores is unspecified.
• Potential temporal staleness if not updated frequently with new CVE entries.

Provenance

Source

U.S. Cybersecurity and Infrastructure Security Agency (CISA)

Collection Method

Aggregation and enrichment of records from the Common Vulnerabilities and Exposures (CVE) List.