Exploited Security Vulnerabilities (2014 to 2022)

The dataset is sourced from the CISA Known Exploited Vulnerabilities (KEV) catalog, documents security vulnerabilities that were actively exploited in during the period 2014 and 2022. The dataset comprises of 629 records, capturing detailed information on software supply chain vulnerabilities. Each entry includes a unique CVE identifier (cve_id), the vendor or project affected, the product name, and a description of the vulnerability. Our vulnerability dataset is rich with 16 columns of information. For each vulnerability, we capture critical timelines (date added, publication date, action due date) and detailed severity insights through CVSS scores, attack vectors, complexity, and overall severity ratings. Complementary data includes CWE codes, recommended remediation steps, the impacted cloud component (e.g., IaaS), and the specific vulnerability type (e.g., \Network,\ \Data\). Fifteen columns are categorical or textual, with the sole exception of the numerical CVSS score.