Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Meetups Schedule a demo Share your story COMPANY The handbook Testimonials
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

sofa_unpatched_cves

click to open the table of contents
macOS logo

sofa​_unpatched​_cves

The CVEs that are unpatched on the device from SOFA.

Column Type Description
actively_exploited text "true" if this CVE is being actively exploited, "false" otherwise
cve text The CVE identifier, like "CVE-2024-1580"
os_version text If not specified, this is the version of the operating system that the device is running
patched_version text The security release that patched this CVE, like "14.4.1"

Example

For historical data, use the os_version predicate

SELECT * FROM sofa_unpatched_cves WHERE os_version="14.4.0"

Notes

This table is from the Mac Admins osquery extension.

  • By default this table will return all unpatched vulnerability data for the running operating system.

  • Use the url constraint (in the WHERE clause) to specify a data source other than the SOFA feed.

Edit page

Questions?

Ask us anything
{{table.title}} evented table