---
title: CVE Explorer
description: >-
  The CVE Explorer provides a unified view of all CVEs and security advisories
  tracked by Datadog, with visibility into which ones affect your environment.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Software Composition Analysis > CVE
  Explorer
---

# CVE Explorer

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

The CVE Explorer gives you a searchable catalog of every CVE and security advisory tracked by Datadog, including detailed information about affected packages, exploit availability, and fix guidance. Unlike the [Vulnerabilities explorer](https://docs.datadoghq.com/security/code_security/software_composition_analysis.md), which shows findings scoped to your repositories and services, CVE Explorer shows the full set of CVEs Datadog tracks, so you can proactively assess exposure to newly published vulnerabilities before they appear in your findings.

For CVEs that affect packages detected in your scanned repositories and services, Datadog automatically marks them as impacted. Assets that have not been scanned do not show an impacted status.

To access the CVE Explorer, navigate to [Detection Coverage > CVE Explorer](https://app.datadoghq.com/security/code-security/detection-coverage/advisories).

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/cve-explorer.9ea3f607f3eae1320135b6d2d82b20f2.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/cve-explorer.9ea3f607f3eae1320135b6d2d82b20f2.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="CVE Explorer showing a list of critical advisories filtered by impacted and Maven ecosystem" /%}

## Search and filter CVEs{% #search-and-filter-cves %}

Use the search bar to find a specific CVE or advisory ID (for example, `CVE-2025-24813` or a GHSA identifier), or search by package name to see all advisories affecting a specific library. You can filter the list by:

| Filter                 | Description                                                 |
| ---------------------- | ----------------------------------------------------------- |
| **Severity**           | Base severity score: critical, high, medium, low            |
| **Impacted**           | Indicates whether any asset in your environment is affected |
| **Exploit Available**  | Indicates whether a public exploit has been published       |
| **CISA Known Exploit** | Indicates whether the CVE appears in the CISA KEV catalog   |
| **EPSS Score**         | Exploit Prediction Scoring System probability               |
| **Ecosystem**          | Package ecosystem: Maven, npm, PyPI, Go, and others         |

The **Impacted** filter is the fastest way to focus on CVEs that affect libraries detected in your repositories or running services.

## CVE details panel{% #cve-details-panel %}

Clicking any CVE opens a details panel showing the severity score, publication date, and a summary of impacted repositories, services, and infrastructure resources.

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-header.d9d79739f0bdbbc5dd55fabc0c6c671e.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-header.d9d79739f0bdbbc5dd55fabc0c6c671e.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="CVE details panel header showing impacted repositories, services, and infrastructure resources" /%}

### Summary{% #summary %}

A description of the vulnerability sourced from the NVD and the advisory database, including affected versions and conditions required for exploitation.

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-summary.f8af79d66150e8b94a6f011241a73874.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-summary.f8af79d66150e8b94a6f011241a73874.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="CVE summary section showing vulnerability description and affected versions" /%}

### Risk signals{% #risk-signals %}

Datadog surfaces additional risk context alongside the base severity score:

- **Exploit Available**: Indicates a public exploit exists for this vulnerability, with the date it became available.
- **CISA Known Exploit**: Flags CVEs listed in the CISA Known Exploited Vulnerabilities catalog, with the date added.
- **High Exploitation Risk (EPSS)**: Shows the EPSS probability score, which estimates the likelihood of exploitation in the wild within the next 30 days.

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-risks.40af086e9404967971db5fe1aea27416.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-risks.40af086e9404967971db5fe1aea27416.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="Risk signals showing Exploit Available and EPSS score for a CVE" /%}

### Impacted packages{% #impacted-packages %}

Lists every package affected by the CVE, including:

- **Package name** and a link to the library in your Library Inventory if detected in your environment
- **Ecosystem** (Maven, npm, PyPI, and so on)
- **Impacted versions**: All versions known to be vulnerable
- **Fixed versions**: The earliest versions where the vulnerability is resolved

Use this table to identify which version to upgrade to for remediation.

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-impacted-packages.53f1f2344431d0e91cc951e20a11eef7.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-impacted-packages.53f1f2344431d0e91cc951e20a11eef7.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="Impacted packages table showing package names, ecosystems, impacted versions, and fixed versions" /%}

### Reference links{% #reference-links %}

External references associated with the CVE, including NVD advisories, GitHub Security Advisories, proof-of-concept repositories, and patch commits. Reference types include:

- **Advisory**: Official advisory from NVD or a package registry
- **Web**: External links such as patch commits, blog posts, or PoC repositories

{% image
   source="https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-reference-links.c3ea4f1f21cbbfe7f3c2f448424f41dc.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/security/code_security/cve_explorer/advisory-reference-links.c3ea4f1f21cbbfe7f3c2f448424f41dc.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="Reference links table showing advisory and web links for a CVE" /%}

## Further reading{% #further-reading %}

- [Software Composition Analysis](https://docs.datadoghq.com/security/code_security/software_composition_analysis.md)
- [Library Inventory](https://docs.datadoghq.com/security/code_security/software_composition_analysis/library_inventory.md)