Trends
Four lenses on what's changing in the published vulnerability landscape.
Each lens has a time-series view of a different layer of the security stack — what's published, what's exploited, how we defend, and where it lands.
Last updated: 2026-05-14 14:53 UTC
Vulnerability trends
How is the CVE corpus changing over time?
All charts here derive from the CVE corpus our pipeline ingests (NVD + EPSS + per-CVE annotations). These are vulnerability-side signals — what is published, when, with what severity. Real-world exploitation lives in the Threat trends page.
Threat trends
What threat-side signals — exploitation, attribution, KEV listings — are moving?
Charts here derive from CISA's KEV catalog (confirmed exploited), vendor advisory attribution, and ATT&CK technique tags on CVEs. They are not live attacker telemetry; the page measures what is publicly observable about threat activity through CVE-side signals.
Control trends
How is defensive coverage evolving?
NIST 800-53 controls and the CWEs / ATT&CK techniques they address. Configuration-management rule coverage (CIS Benchmarks, AWS Config conformance, STIGs) will plug into reserved chart slots when that data is ingested.
Asset trends
Where do vulnerabilities land — by vendor, by product class?
Vendor and product taxonomy derived from CPE strings on each CVE. Customer asset coverage (per-portfolio CVE matches) is reserved for when the auth-service inventory feed is plumbed in.