CISA KEV Dashboard in Japanese — Browse the Actively Exploited Catalog

A Japanese-localized dashboard for CISA's Known Exploited Vulnerabilities catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) maintains the KEV (Known Exploited Vulnerabilities) catalog — a daily-updated list of vulnerabilities that have been observed being exploited in the wild. As of today, 1,603 entries. The recent LiteSpeed cPanel flaw and the Chrome WebGPU zero-day both landed in this list within days of disclosure.

CISA's official page is an English table, sorted by date added, hard to filter by vendor or product, and gives no visibility into which entries hit Japanese-market vendors. This dashboard provides a Japanese UI with full-text search, vendor filtering, ransomware-related extraction, and a dedicated filter for Japan-market vendors. Browser-only, no signup, no install.

First try the dashboard below, then read on for "what KEV actually is," "why a Japanese version was needed," "how it works under the hood," and "what this tool cannot show."

CISA KEV Dashboard (Japanese-localized)

Data source: cisagov/kev-data (CISA's official GitHub mirror, US federal government work). Browser fetches around once a day; ETag matches skip the redownload.

Quick glossary — what CVE, KEV, NVD, CWE, and BOD 22-01 actually mean

If you came here without prior context on the terms CVE, KEV, NVD, CWE, or BOD 22-01, here is the one-level-down explanation. CSIRT, SOC, and SRE folks who use KEV at work can skip this section.

In short, KEV is "a roster of vulnerabilities CISA confirmed are being exploited by aggregating worldwide attack telemetry." US federal agencies must remediate within the deadline; everyone else uses it as an indicator of "where the global defender community is focusing its budget right now."

Why a Japanese-localized dashboard?

CISA's official page is an English table sorted by date added. Day-to-day work needs additional slicing:

• ▸ "Show me only my vendors." Reading all 1,603 entries isn't realistic.
• ▸ "Extract just the ransomware ones." Reporting to executives goes much faster with "this was used in actual ransom campaigns" as the framing.
• ▸ "Highlight Japan-market products." A US-centric list buries Cybozu, Fujitsu, and other Japan-only vendors.
• ▸ "Split out the overdue ones." Vulnerabilities still listed past their CISA remediation deadline have been exposed for an unusually long time.

Each of these otherwise requires manual eyeballing of the English page, which steadily drains CSIRT, SOC, and SRE time. A Japanese UI with these filters in one screen handles it.

A note on existing tooling: vulncheck and commercial vulnerability managers already wrap KEV. They are paid, gated by accounts, and need internal approval. This dashboard fits the "paste-and-glance" / "individual lookup" rung below that.

How it works — fetching CISA's official mirror straight from the browser

There is no backend. HTML and JavaScript fetch the entire KEV JSON from CISA's official GitHub mirror and do all filtering, sorting, and pagination in the browser.

Two implementation points worth surfacing. First, CORS. CISA's cisa.gov/sites/.../known_exploited_vulnerabilities.json does not return Access-Control-Allow-Origin, which blocks browser fetches. The same data is published by CISA themselves at github.com/cisagov, served by GitHub with access-control-allow-origin: *, so this dashboard fetches from there. Data integrity is verified by comparing catalogVersion and dateReleased against the canonical CISA source.

Second, the 1.5 MB first-load cost. We accept that for the initial fetch, then cache in IndexedDB. The ETag goes into localStorage, and the next visit sends an If-None-Match header. A 304 means we trust the cache. KEV adds a handful of entries per day, so re-downloads are rare.

The "Japan-only" and "Japan market" classifications live in a hand-coded JS dictionary. Because KEV is sourced from US-observed attacks, Japan-only vendors like Cybozu and Fujitsu rarely appear, while Japan-popular foreign vendors (Microsoft, Apple, Cisco, Adobe, Google) appear in large numbers. Both filters are exposed so the user picks the slice they need.

Filter behavior in detail

Text search

Substring match across CVE ID, vendor, product, vulnerability name, short description, and notes fields. Case insensitive. Multiple keywords separated by spaces become AND search (e.g. Cisco router).

Vendor filter

The dropdown is auto-populated from vendorProject values that actually appear in the catalog (about 120 vendors today). The top vendors are Microsoft (377), Apple (93), Cisco (90), Adobe (79), Google (71), Oracle (42).

Japan-only / Japan market vendors

Two layers:

• ▸ Japan-only: Cybozu / Fujitsu / NEC / Nintendo / Panasonic / Sony / Canon / Trend Micro / Ricoh / Hitachi / Toshiba / Brother / Sharp / Epson / Buffalo / I-O DATA / ELECOM / JustSystems / Yamaha / SoftBank / Rakuten / IIJ / Bandai Namco / Konica Minolta (exact match, 25 vendors)
• ▸ Japan market presence: Microsoft / Apple / Cisco / Google / Adobe / Oracle / VMware / Fortinet / F5 / Citrix / Atlassian / Apache / Linux / Synology / QNAP / Ivanti / Palo Alto Networks / SonicWall / TP-Link / D-Link / Zoho / PostgreSQL / WordPress (exact match, 23 vendors)

The dictionary is hand-maintained in the page source. Drop a comment if a vendor you care about is missing.

Ransomware-related / Past due

The ransomware filter shows entries CISA flagged knownRansomwareCampaignUse: "Known". The past-due filter selects entries where dueDate is earlier than today — strictly meaningful for US federal agencies, but useful elsewhere as a "the world's defenders should have moved by now" marker.

What this dashboard cannot show

Worth listing the blind spots so the tool is not over-trusted:

• ? Undisclosed or unobserved vulnerabilities. KEV entries land after exploitation has been confirmed. The zero-day window itself is unprotected.
• ? Registration lag. CISA typically takes days to weeks from intelligence gathering to publication. "Not in KEV" is not "safe."
• ? Low coverage for Japan-only vendors. KEV is sourced from US-observed attacks; Japan-only products like Cybozu and Fujitsu are under-represented. Pair this with JPCERT/CC and IPA advisories.
• ? Impact details require NVD. KEV is about the "it was exploited" fact; CVSS scores and affected version ranges live on NVD. Each row deep-links to NVD.
• ? Matching against your own assets is a separate job. Whether a flagged CVE actually exists in your environment requires asset-inventory reconciliation. This tool only makes catalog browsing efficient.

Linking past incident articles to KEV entries

Several of our recent CVE incident articles have a KEV entry. Some were "already in KEV at publication," others "added to KEV shortly after our write-up."

For the dependency-side of supply chain attacks, pair this with our OSS Supply Chain Scanner: your project's dependency vulnerabilities (offensive side) plus the world's actively-exploited catalog (defensive side) in one mental view.

Roadmap and requests

Current scope ends at the present screen. Next pass under consideration:

• ▸ RSS output of the current filter set (subscribable in CSIRT/SOC feed readers)
• ▸ Browser Push notifications when a new KEV entry is added
• ▸ Dynamic "currently in KEV" badge injected into our existing 28 CVE incident articles
• ▸ Semi-automated maintenance of the Japan-only vendor dictionary, cross-referencing JPCERT/CC, IPA, and JVN feeds

Missing something useful for your workflow? Drop a comment or use the contact form.

Sources and licensing

• • KEV catalog: CISA Known Exploited Vulnerabilities Catalog (US federal government work, U.S. Government Works)
• • GitHub mirror: cisagov/kev-data (CISA-operated, CORS-enabled)
• • BOD 22-01: CISA Binding Operational Directive 22-01
• • NVD links: National Vulnerability Database (operated by US NIST)
• • Japan-relevant feeds: JPCERT/CC, IPA, JVN

The KEV catalog is US federal government work, not subject to US copyright, but operated by CISA. This dashboard is an independent client, not a CISA or US government service.