Daily CVE Intelligence & Prioritization Notifier

Security teams often struggle to keep up with the volume of newly published CVEs and manually determine which vulnerabilities are actually relevant to their environment.

This workflow automates daily CVE intelligence and prioritization using n8n. It fetches newly published CVEs from NVD, matches them against a customizable technology watchlist, enriches findings with EPSS exploit probability and CISA KEV actively exploited status, removes duplicate alerts, and sends a clean prioritized digest to Slack and Email.

The workflow is designed to be simple to customize while remaining useful for security teams, SOC teams, MSPs, DevSecOps teams, and self-hosted n8n users.

Features

• Fetches newly published CVEs from NVD
• Matches vulnerabilities against your technology stack
• Supports keyword-based technology watchlists
• Enriches findings with EPSS scores
• Flags actively exploited vulnerabilities using CISA KEV
• Deduplicates already-sent alerts
• Sends prioritized Slack and Email digests
• Works well on self-hosted n8n instances
• Beginner-friendly setup with CSV/Google Sheets support

Use Cases

• Daily vulnerability monitoring
• Internal security operations
• MSP vulnerability intelligence
• SOC alert enrichment
• Technology-specific CVE tracking
• Prioritizing vulnerabilities likely to be exploited

Requirements

• n8n
• NVD API key
• Slack account (optional)
• Gmail account (optional)
• Google Sheet or CSV watchlist

Setup

The workflow includes detailed setup notes directly inside the canvas, including:

• Sample CSV format
• Google Sheets setup
• NVD API configuration
• Slack configuration
• Gmail configuration

Notes

The workflow uses the official CISA GitHub KEV mirror instead of the standard CISA feed to avoid common access issues on some self-hosted/cloud n8n deployments.

Built for technical teams using n8n to automate vulnerability intelligence and security operations.