AIS
CVE Priority Kit · v1.0

Patch the CVEs that actually matter this week.

A daily-regeneratable prioritization report that ranks active CVEs using Plan B scoring — KEV, EPSS, CVSS, vendor advisories, and patch availability. $49. One-time purchase. Yours forever after checkout.

Buy — $49 →See the frozen sample →

Frozen sample shows Patch Tuesday May 12, 2026. Daily-regeneratable CLI ships with purchase.

How it works

01
Pull

Pull CVE data from NVD, CISA KEV catalog, and EPSS scores. Bring your NVD API key.

02
Score

Plan B formula weights signals: 35% KEV, 25% EPSS percentile, 15% EPSS probability bucket, 10% CVSS severity, 10% vendor advisory recency, 5% patch availability, -10% rejected/disputed.

03
Ship

One bundle per run: markdown, JSON, PDF, and ranked CSV — all in the same output directory. Sort, filter, paste into your patch-Tuesday ticket. Done.

Plan B scoring — the methodology

Plan B is an opinionated linear weighting of public CVE signals. It is built for engineering teams that need an actionable patch order, not a perfect academic prioritization model.

This isn’t the only way to score CVEs. It is a defensible one that surfaces the patch-this-week list in under a minute, keeps the logic inspectable, and makes tradeoffs explicit enough to tune for your environment.

Source: Companion CLI (MIT-licensed) reproduces this scoring at github.com/aislabs-ai/cve-rank.

score = 35*kev
      + 25*epss_percentile
      + 15*epss_probability_bucket
      + 10*cvss_severity_bucket
      + 10*recent_vendor_advisory
      +  5*patch_available
      - 10*rejected_or_disputed

Quickstart

After purchase, you get a Python package (requires Python 3.12) and a CLI. Bring your own NVD API key (free from NIST).

# requires Python 3.12
pip install aislabs_cve_priority-<version>.whl

# point at your NVD API key (free at https://nvd.nist.gov/developers/request-an-api-key)
export NVD_API_KEY=your_key_here

# regenerate today's report bundle (Markdown, JSON, PDF, and ranked CSV)
ais-cve-priority run --output ./reports/today

Wire it into cron or your CI of choice. Reports regenerate from scratch each day — no state to manage.

Frozen sample · Patch Tuesday May 12, 2026

This is the exact format you get every day. The frozen sample is from Patch Tuesday May 12, 2026 — the daily-regeneratable version ships with purchase.

RankCVE IDScoreKEVEPSS pctCVSSSummary
1CVE-2026-1847394Yes999.8Authentication bypass in edge device admin panel
2CVE-2026-2411991Yes979.4Remote command execution in backup appliance API
3CVE-2026-3095288Yes959.1Privilege escalation in endpoint management agent
4CVE-2026-1234585No9810.0Buffer overflow in OpenSSL TLS handshake
5CVE-2026-2770182No949.0Authentication bypass in Apache Tomcat manager UI
6CVE-2026-3386479No928.8SQL injection in helpdesk ticket search endpoint
7CVE-2026-4128876No898.6Path traversal in file transfer gateway
8CVE-2026-5081373No868.1Deserialization flaw in Java message broker plugin
9CVE-2026-6197071No837.8Stored XSS in internal dashboard widget renderer
10CVE-2026-7312670No807.5Access control bypass in container registry proxy

Want the manifest? See what’s in the kit →

What you get

01
The CLI
Python package (aislabs_cve_priority) + ais-cve-priority CLI. Runs offline once data is fetched.
02
Daily-regeneratable reports
Markdown, JSON, PDF, and ranked CSV in one output directory. Sort, filter, paste, or pipe into your tooling.
03
Methodology docs
Plan B scoring explained in 20 minutes. Every weight justified. Tweak it for your environment if you want.
04
Companion CLI (MIT)
cve-rank for ad-hoc one-off scoring. Public, open, hackable.

How this is different

Other tools either show you everything (overwhelming) or hide their logic behind a sales call (unauditable). This is the middle path.

Vanilla NVD / CISA KEV feed
  • Free, but unranked
  • You’re the prioritization layer
  • No defensible patch-this-first output
AIS CVE Priority Kit
$49 · one-time
  • Plan B scoring (auditable formula above)
  • Daily report regen (you run it; data stays local)
  • $49, yours forever
  • MIT companion CLI for ad-hoc
Enterprise vulnerability platforms
  • $20k-$80k/yr
  • Black-box scoring
  • Sales call to see pricing
  • Locks your data into their cloud

Pricing

$49
CVE Priority Kit — $0
One-time purchase. No subscription. No upsells.
  • The full Python package + CLI
  • Daily-regeneratable Plan B prioritization
  • Methodology docs (every weight justified)
  • MIT companion CLI (cve-rank)
  • Email support at support@aislabs.ai
Buy — $49 →

Pay once via Gumroad. Yours forever after checkout.

License

What you can do: Use the kit internally for your team or organization, on as many machines as you need. Modify scoring weights for your environment. Pipe outputs into your internal tooling. Run it on a schedule. Keep using it indefinitely after purchase.

What you can’t do: Resell the kit, redistribute it as your own product, or strip the attribution and re-publish. The companion CLI (cve-rank) is MIT-licensed and unrestricted — use it however you want.

Defensive use only

The CVE Priority Kit and the companion CLI (cve-rank) are intended for defensive security work — patch prioritization, internal vulnerability triage, and engineering team workflows. The Plan B scoring is designed to surface the patches that protect your systems, not to prioritize offensive operations against systems you do not have authorization to test.

By purchasing or using the kit, you agree to use it only on systems you own or have explicit written authorization to assess. Compliance with applicable laws (CFAA, GDPR, and your local equivalents) is your responsibility.

Support

Email
support@aislabs.ai — For purchase questions, install issues, or anything else. Reply within two business days.
GitHub
github.com/aislabs-ai/cve-rank — For issues with the open-source companion CLI. Issues and PRs welcome.

Ready to stop scrolling NVD on Patch Tuesday?

$49. One purchase. Pays itself back the first time you skip patching a low-priority CVE that turns out to be hype.

Buy the CVE Priority Kit — $49 →