Meta pixel
Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Device management (MDM) Endpoint operations Vulnerability management Integrations
Docs REST API Built-in queries Data tables SUPPORT Chat Hosting Release notes Get your license Contribute
Community
Chat News Podcasts Articles COMPANY Handbook Logos/artwork Why open source?
Pricing Start now
All platforms
Windows
Linux
macOS
ChromeOS
search

A menu icon Tables {{numberOfTablesDisplayed}}

right chevron down chevron

Tables{{numberOfTablesDisplayed}}

macOS logo Windows logo Linux logo macOS logo

sofa​_unpatched​_cves

The CVEs that are unpatched on the device from SOFA.

Column Type Description
actively_exploited text "true" if this CVE is being actively exploited, "false" otherwise
cve text The CVE identifier, like "CVE-2024-1580"
os_version text If not specified, this is the version of the operating system that the device is running
patched_version text The security release that patched this CVE, like "14.4.1"

Example

For historical data, use the os_version predicate

SELECT * FROM sofa_unpatched_cves WHERE os_version="14.4.0"

Notes

This table is from the Mac Admins osquery extension.

  • By default this table will return all unpatched vulnerability data for the running operating system.

  • Use the url constraint (in the WHERE clause) to specify a data source other than the SOFA feed.

Edit page

Need more help?

Slack logo Ask the community on Slack