Frequently Asked Questions

CVEalert helps teams monitor the software they use, find relevant CVEs, and route alerts to the people responsible for triage and remediation.

Start with internet-facing systems, business-critical applications, operating systems, browsers, frameworks, databases, and infrastructure components your team owns.

See First Steps for the recommended onboarding flow.

No. CVEalert does not install agents or scan your systems. You tell CVEalert which software to monitor, and it matches that software against vulnerability data.

No. An alert means a CVE matches monitored software and meets your threshold. Confirm affected versions, deployment context, compensating controls, and remediation status in your own environment.

Alert thresholds control notifications. Lower-severity CVEs can still appear in Software CVEs even when they do not create alerts.

Start with Critical and High alerts. Then use KEV, PoC, EPSS, affected software, exposure, and business impact to decide what needs action first.

See Alerts and CVE Detail for triage guidance.

Slack and Telegram are enabled for alert delivery. Email is marked as coming soon. Custom API, RSS, CSV Export, and MS Teams are planned. Discord is optional.

See Integrations for setup guidance.

An organization is the shared workspace for monitoring, alerts, members, billing, and integrations. Roles control what each member can view or change.

See Organization and Roles.

Yes. Enable 2FA for accounts that manage monitoring, alert status, integrations, billing, or organization membership.

See Two-Factor Authentication.

Contact support at info@cvealert.io. Include the page, organization, and CVE ID if the question is about a specific alert or vulnerability.