Send a daily prioritized CVE digest from NVD to Slack and Gmail with EPSS and CISA KEV

Description

Daily CVE Intelligence & Prioritization Notifier

Security teams often struggle to keep up with the volume of newly published CVEs and manually determine which vulnerabilities are actually relevant to their environment.

This workflow automates daily CVE intelligence and prioritization using n8n. It fetches newly published CVEs from NVD, matches them against a customizable technology watchlist, enriches findings with EPSS exploit probability and CISA KEV actively exploited status, removes duplicate alerts, and sends a clean prioritized digest to Slack and Email.

The workflow is designed to be simple to customize while remaining useful for security teams, SOC teams, MSPs, DevSecOps teams, and self-hosted n8n users.

Features

Fetches newly published CVEs from NVD
Matches vulnerabilities against your technology stack
Supports keyword-based technology watchlists
Enriches findings with EPSS scores
Flags actively exploited vulnerabilities using CISA KEV
Deduplicates already-sent alerts
Sends prioritized Slack and Email digests
Works well on self-hosted n8n instances
Beginner-friendly setup with CSV/Google Sheets support

Use Cases

Daily vulnerability monitoring
Internal security operations
MSP vulnerability intelligence
SOC alert enrichment
Technology-specific CVE tracking
Prioritizing vulnerabilities likely to be exploited

Requirements

n8n
NVD API key
Slack account (optional)
Gmail account (optional)
Google Sheet or CSV watchlist

Setup

The workflow includes detailed setup notes directly inside the canvas, including:

Sample CSV format
Google Sheets setup
NVD API configuration
Slack configuration
Gmail configuration

Notes

The workflow uses the official CISA GitHub KEV mirror instead of the standard CISA feed to avoid common access issues on some self-hosted/cloud n8n deployments.

Built for technical teams using n8n to automate vulnerability intelligence and security operations.