Simple, Transparent Pricing
Full vulnerability intelligence on every plan — upgrade for capacity and professional output
Free
Full core functionality for individuals
- 5 device graphs
- 50 components
- 50 AI chat messages/mo
- 200 AI credits/mo
- All import methods
- Watchlists & monitoring
- Email alerts
- Spellbook
- Analysis hub
- CVE search
Pro
Remove limits and unlock professional output
- Everything in Free
- Unlimited device graphs
- Unlimited components
- 500 AI chat messages/mo
- 2,500 AI credits/mo
- Export reports
- Collections
Enterprise
For organizations and security teams
- Everything in Pro
- 5,000 AI chat messages/mo
- 50,000 AI credits/mo
- Team seats
- SSO integration
What VulnXplorer Is (and Isn't)
What you get
- Vulnerability intelligence from NVD, CISA KEV, and EPSS — updated daily
- Coverage of known CVEs — the vast majority of real-world attacks exploit disclosed vulnerabilities, not zero-days
- Topology-aware analysis of your full device stack
- Attack path narratives that explain real-world risk
- Zero deployment — model your stack in the browser
- All import methods: SBOM, repo, CSV, scanner, Docker, SARIF, paste, collector
What we don't do
No active scanning
We can't discover assets you haven't told us about.
No runtime detection
We track disclosed vulnerabilities, not live exploits.
No patch deployment
We tell you what to fix and link to patches, but don't push updates.
Known vulnerabilities only
VulnXplorer tracks publicly disclosed CVEs from NVD. Zero-day vulnerabilities — flaws that are exploited before the vendor knows about them — cannot appear here until they are publicly disclosed and assigned a CVE. There is always a gap between discovery and disclosure.
Relies on public data
NVD, CISA, and EPSS operate on their own timelines. Severity scores and exploit predictions may change as sources update their assessments.