ResilientX Community Tools is a continuously-updated vulnerability and threat intelligence platform from ResilientX. It pairs the authoritative CVE record with the signals security teams actually prioritise on — exploit prediction, confirmed in-the-wild exploitation, real-world internet exposure, and live multi-feed threat intelligence — so you see not just what a vulnerability is, but whether it is being used and how exposed you are.
Where the data comes from
Vulnerability records
NVD JSON 2.0 — the U.S. National Vulnerability Database: CVE records, descriptions, CVSS v2/v3 scores, CWE weaknesses, references, and affected-product (CPE) configurations.
cve.org (CVE 5.0) — the CNA/ADP record from the source, including CISA's SSVC decision points (Exploitation, Automatable, Technical Impact).
ENISA EUVD — the EU Vulnerability Database: European advisories and EU-side exploitation flags, cross-referenced to CVE.
Exploitation and prediction
FIRST.org EPSS — a daily-refreshed probability that a vulnerability will be exploited in the next 30 days.
CISA KEV — confirmed active in-the-wild exploitation, including the known ransomware-campaign flag.
Public exploit corpora — Exploit-DB, Metasploit and Nuclei templates, distilled into an exploit-maturity ladder: PoC, weaponised, actively exploited, ransomware.
Exposure and dependencies
Shodan InternetDB — a count of internet-exposed hosts running the affected product: the real-world blast radius for a CVE.
OSV and GitHub Advisories — open-source advisories mapped to affected package version ranges across the major language ecosystems.
Linux distro security trackers — Debian, Ubuntu (USN), Red Hat (RHSA), SUSE, Alpine and Amazon: each CVE resolved to the fixed package version per distribution.
Threat intelligence
Live indicator feeds — IPs, domains, URLs and file hashes, corroborated across dozens of independent open-source and community feeds, with confidence scoring, cross-feed agreement, and ASN and geographic enrichment.
How scoring works
Severity follows the CVSS base score: Critical (9.0–10.0), High (7.0–8.9), Medium (4.0–6.9), and Low (0.1–3.9), with CVSS v3 taking precedence over v2. But risk is never reduced to one number — EPSS is a probability, not a severity, so a low-CVSS bug under active ransomware use can outrank a critical one no one is touching. CVSS, EPSS, the CISA KEV and ransomware flags, CISA's SSVC decision, and an exploit-maturity ladder all sit side by side.
Freshness
CVE records sync from the NVD 2.0 feeds on a short interval; EPSS and KEV refresh daily; the exploit, exposure and threat-intel sources each run on their own cadence. The dashboard's Data sources panel shows the last successful sync for every source, so you can always see how current the data is.
Developer API
A JSON API is available for programmatic access: /api/v1/cves (search), /api/v1/cves/{id} (detail), /api/v1/cpe (CPE lookup), and /api/v1/stats.
Need higher limits? The public API is free for everyday use. For high-volume or commercial usage we issue dedicated API keys with elevated rate limits and an SLA — email [email protected] to request a key.
AI integrations — MCP server
We also run a Model Context Protocol (MCP) server, so you can query this intelligence directly from your AI assistant. Connect it to Claude (Claude Desktop and Claude Code), ChatGPT, and any other MCP-compatible product, then ask in natural language — for example “is CVE-2021-44228 actively exploited?” or “list critical CVEs affecting Apache Log4j.” The server exposes CVE search, detail, CPE lookup, and EPSS/KEV signals as tools your assistant can call. To get the MCP endpoint and access, contact [email protected].
Frequently asked questions
Where does the vulnerability data come from?
CVE records come from the U.S. National Vulnerability Database (NVD) 2.0 feeds and cve.org, enriched with FIRST.org EPSS exploit-prediction scores, the CISA Known Exploited Vulnerabilities (KEV) catalog, the ENISA EU Vulnerability Database (EUVD), OSV.dev / GitHub Security Advisories, and a live, multi-feed threat-intelligence corpus.
How often is the data updated?
CVE records sync from the NVD feeds on a short interval; EPSS and CISA KEV refresh daily; the exploit, package, and threat-intel sources each run on their own cadence. The dashboard shows the last successful sync for every source.
Is it free to use?
Yes. The tools and the public API are free for everyday use. For high-volume or commercial usage we issue API keys with elevated rate limits — email [email protected].
Is this affiliated with NIST, FIRST, or CISA?
No. The platform aggregates and enriches public data from those sources but is an independent service built by ResilientX Security.