This repository contains a Python script that downloads the CISA Known Exploited Vulnerabilities (KEV) Catalog and converts each entry into a GCVE-BCP-07 Known Exploited Vulnerability (KEV) Assertion JSON object.
The goal is to transform a list-based KEV feed into attributable, structured exploitation assertions suitable for ingestion into GCVE-compatible systems, vulnerability databases, or analytical pipelines.
The idea is to validate the current specification against a known KEV source.
Sample entry
{
"vulnerability": {
"vulnId": "CVE-2020-29583"
},
"status": {
"exploited": true,
"status_reason": "confirmed",
"status_updated_at": "2021-11-03T00:00:00Z"
},
"timestamps": {
"first_seen_at": "2021-11-03T00:00:00Z",
"asserted_at": "2021-11-03T00:00:00Z",
"recorded_at": "2026-01-21T05:36:54Z"
},
"evidence": [
{
"type": "vendor_report",
"signal": "successful_exploitation",
"confidence": 0.8,
"source": "cisa-kev",
"details": {
"feed": "CISA Known Exploited Vulnerabilities Catalog",
"date_added": "2021-11-03",
"due_date": "2022-05-03",
"vendorProject": "Zyxel",
"product": "Multiple Products",
"vulnerabilityName": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability",
"knownRansomwareCampaignUse": "Unknown"
}
}
],
"references": [
{
"id": "CVE-2020-29583",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29583"
}
],
"scope": {
"notes": "KEV entry: Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability | Affected: Zyxel / Multiple Products | Description: Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account (\"zyfwp\") with an unchangeable password. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-29583"
}
}