kev.cr
A Crystal library that parses, queries, fetches, and serializes the CISA Known Exploited Vulnerabilities (KEV) catalog.
| Surface | Status | Notes |
|---|---|---|
| Parser | ✅ | Strict, schema-bound against the official CISA JSON schema |
| Queries | ✅ | Vendor, product, CWE, ransomware, due-date filters |
| Client | ✅ | HTTPS, ETag / If-Modified-Since, configurable timeouts |
| JSON | ✅ | Lossless round-trip with the upstream feed (verified against live data) |
Quick Links
- Getting Started — installation and first parse
- Basic Usage — catalog, lookups, predicates
- Queries & Filters — chainable query builder
- Fetching the Live Feed — HTTPS client + conditional GETs
- JSON Round-Trip — serialization shape, byte parity with CISA
- API Reference — every class and method
Highlights
- Schema-bound parser: missing required fields surface as typed exceptions, not silent nulls.
- Verified lossless round-trip against the live CISA feed (1,500+ entries).
CatalogisEnumerable+Indexable;VulnerabilityisComparable.- Chainable
Queryforvendor/product/cwe/ransomware/due_withinfilters. - Built-in
ClientwithETag/If-Modified-Sinceshort-circuiting for polling. - Non-raising
KEV.parse?for input validation paths.
Installation
Add the dependency to your shard.yml:
dependencies:
kev:
github: hahwul/kev.cr
Then run:
shards install
Quick Example
require "kev"
catalog = KEV.parse(File.read("known_exploited_vulnerabilities.json"))
catalog.size # => 1592
catalog["CVE-2021-44228"].vendor_project # => "Apache"
catalog.query.ransomware.year(2024).to_a # ransomware-flagged 2024 CVEs
# Or fetch the live feed directly:
live = KEV.fetch