AIS
CVE Priority Kit · v1.0

Patch the CVEs that actually matter this week.

A daily-regeneratable prioritization report that ranks active CVEs using Plan B scoring — KEV, EPSS, CVSS, vendor advisories, and patch availability. $49. One-time purchase. Yours forever after checkout.

Frozen sample shows Patch Tuesday May 12, 2026. Daily-regeneratable CLI ships with purchase.

How it works

01

Pull

Pull CVE data from NVD, CISA KEV catalog, and EPSS scores. Bring your NVD API key.

02

Score

Plan B formula weights signals: 35% KEV, 25% EPSS percentile, 15% EPSS probability bucket, 10% CVSS severity, 10% vendor advisory recency, 5% patch availability, -10% rejected/disputed.

03

Ship

One bundle per run: markdown, JSON, PDF, and ranked CSV — all in the same output directory. Sort, filter, paste into your patch-Tuesday ticket. Done.

Plan B scoring — the methodology

Plan B is an opinionated linear weighting of public CVE signals. It is built for engineering teams that need an actionable patch order, not a perfect academic prioritization model.

This isn’t the only way to score CVEs. It is a defensible one that surfaces the patch-this-week list in under a minute, keeps the logic inspectable, and makes tradeoffs explicit enough to tune for your environment.

Source: Companion CLI (MIT-licensed) reproduces this scoring at github.com/aislabs-ai/cve-rank.

score = 35*kev
      + 25*epss_percentile
      + 15*epss_probability_bucket
      + 10*cvss_severity_bucket
      + 10*recent_vendor_advisory
      +  5*patch_available
      - 10*rejected_or_disputed

Quickstart

After purchase, you get a Python package (requires Python 3.12) and a CLI. Bring your own NVD API key (free from NIST).

# requires Python 3.12
pip install aislabs_cve_priority-<version>.whl

# point at your NVD API key (free at https://nvd.nist.gov/developers/request-an-api-key)
export NVD_API_KEY=your_key_here

# regenerate today's report bundle (Markdown, JSON, PDF, and ranked CSV)
ais-cve-priority run --output ./reports/today

Wire it into cron or your CI of choice. Reports regenerate from scratch each day — no state to manage.

Frozen sample · Patch Tuesday May 12, 2026

This is the exact format you get every day. The frozen sample is from Patch Tuesday May 12, 2026 — the daily-regeneratable version ships with purchase.

Rank CVE ID Score KEV EPSS pct CVSS Summary
1 CVE-2026-18473 94 Yes 99 9.8 Authentication bypass in edge device admin panel
2 CVE-2026-24119 91 Yes 97 9.4 Remote command execution in backup appliance API
3 CVE-2026-30952 88 Yes 95 9.1 Privilege escalation in endpoint management agent
4 CVE-2026-12345 85 No 98 10.0 Buffer overflow in OpenSSL TLS handshake
5 CVE-2026-27701 82 No 94 9.0 Authentication bypass in Apache Tomcat manager UI
6 CVE-2026-33864 79 No 92 8.8 SQL injection in helpdesk ticket search endpoint
7 CVE-2026-41288 76 No 89 8.6 Path traversal in file transfer gateway
8 CVE-2026-50813 73 No 86 8.1 Deserialization flaw in Java message broker plugin
9 CVE-2026-61970 71 No 83 7.8 Stored XSS in internal dashboard widget renderer
10 CVE-2026-73126 70 No 80 7.5 Access control bypass in container registry proxy

Want the manifest? See what’s in the kit →

What you get

01

The CLI

Python package (aislabs_cve_priority) + ais-cve-priority CLI. Runs offline once data is fetched.

02

Daily-regeneratable reports

Markdown, JSON, PDF, and ranked CSV in one output directory. Sort, filter, paste, or pipe into your tooling.

03

Methodology docs

Plan B scoring explained in 20 minutes. Every weight justified. Tweak it for your environment if you want.

04

Companion CLI (MIT)

cve-rank for ad-hoc one-off scoring. Public, open, hackable.

How this is different

Other tools either show you everything (overwhelming) or hide their logic behind a sales call (unauditable). This is the middle path.

Vanilla NVD / CISA KEV feed

  • Free, but unranked
  • You’re the prioritization layer
  • No defensible patch-this-first output

AIS CVE Priority Kit

$49 · one-time
  • Plan B scoring (auditable formula above)
  • Daily report regen (you run it; data stays local)
  • $49, yours forever
  • MIT companion CLI for ad-hoc

Enterprise vulnerability platforms

  • $20k-$80k/yr
  • Black-box scoring
  • Sales call to see pricing
  • Locks your data into their cloud

Pricing

$49

CVE Priority Kit — $49

One-time purchase. No subscription. No upsells.

  • The full Python package + CLI
  • Daily-regeneratable Plan B prioritization
  • Methodology docs (every weight justified)
  • MIT companion CLI (cve-rank)
  • Email support at support@aislabs.ai
Buy — $49 →

Pay once via Gumroad. Yours forever after checkout.

License

What you can do: Use the kit internally for your team or organization, on as many machines as you need. Modify scoring weights for your environment. Pipe outputs into your internal tooling. Run it on a schedule. Keep using it indefinitely after purchase.

What you can’t do: Resell the kit, redistribute it as your own product, or strip the attribution and re-publish. The companion CLI (cve-rank) is MIT-licensed and unrestricted — use it however you want.

Defensive use only

The CVE Priority Kit and the companion CLI (cve-rank) are intended for defensive security work — patch prioritization, internal vulnerability triage, and engineering team workflows. The Plan B scoring is designed to surface the patches that protect your systems, not to prioritize offensive operations against systems you do not have authorization to test.

By purchasing or using the kit, you agree to use it only on systems you own or have explicit written authorization to assess. Compliance with applicable laws (CFAA, GDPR, and your local equivalents) is your responsibility.

Support

Email

support@aislabs.ai — For purchase questions, install issues, or anything else. Reply within two business days.

GitHub

github.com/aislabs-ai/cve-rank — For issues with the open-source companion CLI. Issues and PRs welcome.

Ready to stop scrolling NVD on Patch Tuesday?

$49. One purchase. Pays itself back the first time you skip patching a low-priority CVE that turns out to be hype.

Buy the CVE Priority Kit — $49 →