The CVEs that are unpatched on the device from SOFA.
Column | Type | Description |
---|---|---|
actively_exploited | text | "true" if this CVE is being actively exploited, "false" otherwise |
cve | text | The CVE identifier, like "CVE-2024-1580" |
os_version | text | If not specified, this is the version of the operating system that the device is running |
patched_version | text | The security release that patched this CVE, like "14.4.1" |
For historical data, use the os_version
predicate
SELECT * FROM sofa_unpatched_cves WHERE os_version="14.4.0"
This table is from the Mac Admins osquery extension.
By default this table will return all unpatched vulnerability data for the running operating system.
Use the url
constraint (in the WHERE clause) to specify a data source other than the SOFA feed.