Resources & API Reference
WOFA publishes free, machine-readable JSON feeds updated every 6 hours. No API keys, no authentication, no rate limits.
Feed Endpoints
Full security feed — all tracked OS versions with per-release CVE data, exploitation status, and build versions. Updated every 6 hours.
Flat CVE index keyed by CVE ID. Each entry lists severity, CVSS score, exploitation flags, and all affected Windows versions with KB article links. Optimised for client-side search.
Lightweight summary — update hash, last check timestamp, and aggregate counts. Poll this to detect feed changes without downloading the full feed.
RSS 2.0 feed — one item per OS version for the latest security release. Subscribe in any RSS reader to get notified when new patches drop.
Usage Examples
Get the latest build number for Windows 11 24H2:
curl -s https://wofa.jtucker.me.uk/v1/windows_data_feed.json \
| jq '.OSVersions[] | select(.OSVersion == "Windows 11 24H2") | .Latest.ProductVersion'List all actively exploited CVEs across every tracked version:
curl -s https://wofa.jtucker.me.uk/v1/windows_data_feed.json \
| jq '[.OSVersions[].SecurityReleases[].ActivelyExploitedCVEs[]] | unique | sort[]'Check when the feed was last updated:
curl -s https://wofa.jtucker.me.uk/metadata.json | jq '{LastCheck, UpdateHash}'Look up a specific CVE across all versions:
CVE="CVE-2025-21333"
curl -s https://wofa.jtucker.me.uk/v1/cve_index.json \
| jq --arg cve "$CVE" '.[$cve] | {severity, cvss_score, in_kev, affected: [.affected[].os]}'Fetch the feed and print exploited CVEs per OS version:
import requests
FEED_URL = "https://wofa.jtucker.me.uk/v1/windows_data_feed.json"
feed = requests.get(FEED_URL, timeout=30).json()
for os_entry in feed["OSVersions"]:
latest = os_entry["Latest"]
exploited = latest.get("ActivelyExploitedCVEs", [])
print(f"{os_entry['OSVersion']}: {len(exploited)} exploited CVEs")
for cve in exploited:
print(f" {cve}")Alert when a new patch drops by polling the metadata hash:
import requests, time
METADATA_URL = "https://wofa.jtucker.me.uk/metadata.json"
def get_hash():
return requests.get(METADATA_URL, timeout=10).json()["UpdateHash"]
last_hash = get_hash()
print(f"Watching for updates (current hash: {last_hash[:12]})")
while True:
time.sleep(3600) # check every hour
current = get_hash()
if current != last_hash:
print(f"Feed updated! New hash: {current[:12]}")
last_hash = current
# trigger your downstream workflow hereSearch the CVE index for CISA KEV entries:
import requests
INDEX_URL = "https://wofa.jtucker.me.uk/v1/cve_index.json"
index = requests.get(INDEX_URL, timeout=30).json()
kev_cves = {
cve_id: data
for cve_id, data in index.items()
if data.get("in_kev")
}
print(f"CISA KEV CVEs in current feed: {len(kev_cves)}")
for cve_id, data in sorted(kev_cves.items()):
versions = [a["os"] for a in data["affected"]]
print(f" {cve_id} ({data['severity']}) — {', '.join(set(versions))}")Get the latest build number for all tracked versions:
$feed = Invoke-RestMethod "https://wofa.jtucker.me.uk/v1/windows_data_feed.json"
$feed.OSVersions | Select-Object OSVersion, @{
Name = "LatestBuild"; Expression = { $_.Latest.ProductVersion }
}, @{
Name = "ReleaseDate"; Expression = { $_.Latest.ReleaseDate }
} | Format-Table -AutoSizeFind all actively exploited CVEs and output a report:
$feed = Invoke-RestMethod "https://wofa.jtucker.me.uk/v1/windows_data_feed.json"
$feed.OSVersions | ForEach-Object {
$os = $_.OSVersion
$_.SecurityReleases | ForEach-Object {
$rel = $_
$rel.ActivelyExploitedCVEs | ForEach-Object {
[PSCustomObject]@{
OSVersion = $os
CVE = $_
KB = $rel.UpdateName
ReleaseDate = $rel.ReleaseDate
}
}
}
} | Sort-Object CVE -Unique | Format-Table -AutoSizeCheck if a specific CVE affects any tracked version:
$cveId = "CVE-2025-21333"
$index = Invoke-RestMethod "https://wofa.jtucker.me.uk/v1/cve_index.json"
$entry = $index.$cveId
if ($entry) {
Write-Host "$cveId found:" -ForegroundColor Yellow
Write-Host " Severity : $($entry.severity)"
Write-Host " CVSS : $($entry.cvss_score)"
Write-Host " CISA KEV : $($entry.in_kev)"
Write-Host " Affected :"
$entry.affected | ForEach-Object {
Write-Host " $($_.os) — KB$($_.kb) ($($_.release_date))"
}
} else {
Write-Host "$cveId not found in current feed." -ForegroundColor Green
}Feed Schema
Root
| Field | Type | Description |
|---|---|---|
| Version | string | Feed schema version |
| UpdateHash | string | SHA-256 of the canonical feed content — use to detect changes |
| LastCheck | string | ISO 8601 UTC timestamp of last pipeline run |
| OSVersions | array | One entry per tracked Windows version |
OSVersions[ ]
| Field | Type | Description |
|---|---|---|
| OSVersion | string | Human-readable OS name, e.g. Windows 11 24H2 |
| SupportEndDate | object | End-of-servicing dates by edition — see below. null if unavailable. |
| SupportEndDate.HomePro | string | End date for Home/Pro editions (YYYY-MM-DD). null for Server. |
| SupportEndDate.EnterpriseEducation | string | End date for Enterprise/Education editions, or Extended End Date for Server. |
| Latest | object | Snapshot of the most recent release's key fields |
| SecurityReleases | array | All tracked monthly security releases, newest first |
SecurityReleases[ ]
| Field | Type | Description |
|---|---|---|
| UpdateName | string | KB article title, e.g. 2025-03 Cumulative Update for Windows 11 (KB5053598) |
| ReleaseDate | string | Release date in YYYY-MM-DD format |
| ProductVersion | string | Full OS build string, e.g. 10.0.26100.3476 |
| SecurityInfo | string | URL to the Microsoft KB support article |
| CVEs | object | Map of CVE ID → CVE detail object |
| ActivelyExploitedCVEs | array | CVE IDs that are actively exploited in the wild |
| UniqueCVEsCount | number | Total distinct CVEs patched in this release |
| DaysSincePreviousRelease | number | Days elapsed since the previous release for this OS version |
| Supersedes | string | KB number of the update this release supersedes |
| PatchTuesdayRelease | boolean | true for regular monthly Patch Tuesday releases; false for out-of-band updates |
CVEs{ "CVE-YYYY-NNNNN": … }
| Field | Type | Description |
|---|---|---|
| severity | string | Critical, Important, Moderate, or Low |
| cvss_score | number | CVSS v3 base score (0.0–10.0) |
| actively_exploited | boolean | true if exploitation in the wild is confirmed |
| in_kev | boolean | true if listed in the CISA Known Exploited Vulnerabilities catalog |
| nist_url | string | Direct link to the NVD entry at nvd.nist.gov |
Example Response (abbreviated)
{
"Version": "1.0",
"UpdateHash": "a3f9c2...",
"LastCheck": "2025-03-12T06:00:00+00:00",
"OSVersions": [
{
"OSVersion": "Windows 11 24H2",
"SupportEndDate": {
"HomePro": "2026-10-13",
"EnterpriseEducation": "2027-10-13"
},
"Latest": {
"ReleaseDate": "2025-03-11",
"ProductVersion": "10.0.26100.3476",
"SecurityInfo": "https://support.microsoft.com/help/5053598",
"UniqueCVEsCount": 41,
"ActivelyExploitedCVEs": ["CVE-2025-24985", "CVE-2025-24993"]
},
"SecurityReleases": [
{
"UpdateName": "2025-03 Cumulative Update for Windows 11 (KB5053598)",
"ReleaseDate": "2025-03-11",
"ProductVersion": "10.0.26100.3476",
"SecurityInfo": "https://support.microsoft.com/help/5053598",
"UniqueCVEsCount": 41,
"ActivelyExploitedCVEs": ["CVE-2025-24985", "CVE-2025-24993"],
"CVEs": {
"CVE-2025-24985": {
"severity": "Important",
"cvss_score": 7.8,
"actively_exploited": true,
"in_kev": true,
"nist_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24985"
}
},
"DaysSincePreviousRelease": 28,
"Supersedes": "5051987",
"PatchTuesdayRelease": true
}
]
}
]
}Essential Resources
Microsoft Official
-
Microsoft Security Update Guide
Authoritative source for all Microsoft security advisories and KB articles
-
MSRC CVRF API
Public API used to source WOFA data — monthly security update documents in CVRF format
-
Windows 11 Release Health
Official release history and known issues for Windows 11
-
Windows Server Release Health
Official release history and known issues for Windows Server editions
-
Microsoft Update Catalog
Download individual updates and get supersedence information
Security Intelligence
-
CISA Known Exploited Vulnerabilities
Authoritative catalog of CVEs confirmed exploited in the wild — highest patching priority
-
NIST National Vulnerability Database
CVSS scores, CWE classifications, and detailed technical analysis per CVE
-
CVE.org
The official CVE Program — authoritative CVE IDs and descriptions
-
MSRC Blog
In-depth technical write-ups on critical vulnerabilities from Microsoft's security team
Patch Management & Deployment
-
Windows Update for Business
Microsoft's built-in policy-based update management for enterprise
-
Intune Windows Update Policies
Configure update rings and deferral policies via Microsoft Intune
-
Windows Server Update Services (WSUS)
On-premises update distribution and approval management
-
PDQ Deploy
Third-party tool for silent software and patch deployment across Windows endpoints
Understanding Windows Updates
-
Windows as a Service overview
Microsoft's servicing model — quality updates, feature updates, and servicing channels explained
-
Quality Update overview
How cumulative updates work, what "B", "C", "D" week releases mean, and preview vs. stable
-
Servicing Channels
General Availability, Long-Term Servicing Channel (LTSC), and Windows Insider explained
-
Windows IT Pro Blog
Patch Tuesday announcements, deployment guidance, and known issue tracking
Data Sources
WOFA aggregates data from two public sources, refreshed every 6 hours. No authentication or API keys are required to access either source.
api.msrc.microsoft.com/cvrf/v3.0/
Microsoft's monthly security update documents in Common Vulnerability Reporting Framework (CVRF) format. Provides CVE IDs, severity ratings, CVSS scores, and KB article mappings.
cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
CISA's authoritative list of CVEs with confirmed exploitation in the wild. Used to flag in_kev: true on any CVE present in the catalog.