WOFA

Windows Organised Feed for Admins

WOFA icon

WOFA is inspired by SOFA (Simple Organized Feed for Apple), the Mac admins community tool that publishes structured, machine-readable Apple OS update data. WOFA brings the same idea to the Windows world — aggregating Windows cumulative security update data from the MSRC CVRF API and CISA KEV into clean, versioned JSON feeds suitable for automation, MDM tooling, and compliance pipelines.

What it does

WOFA pulls data from two public, unauthenticated sources on a 6-hour schedule and publishes the results as static files:

MSRC CVRF API (api.msrc.microsoft.com/cvrf/v3.0/) — Microsoft's monthly security update documents in Common Vulnerability Reporting Framework format. Provides CVE IDs, severity ratings, CVSS scores, and KB article mappings.
CISA KEV Catalog (cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json) — CISA's authoritative list of CVEs confirmed exploited in the wild. Used to flag in_kev: true on any matching CVE.

OS versions are discovered automatically from the MSRC ProductTree — no manual config needed when Microsoft adds a new version.

WOFA dashboard showing Windows update data by OS version with CVE counts and exploitation status

Usage examples

# Get the latest build for Windows 11 24H2
curl -s https://wofa.jtucker.me.uk/v1/windows_data_feed.json \
  | jq '.OSVersions[] | select(.OSVersion == "Windows 11 24H2") | .Latest.ProductVersion'

# List all actively exploited CVEs across every tracked version
curl -s https://wofa.jtucker.me.uk/v1/windows_data_feed.json \
  | jq '[.OSVersions[].SecurityReleases[].ActivelyExploitedCVEs[]] | unique | sort[]'

# Check when the feed was last updated
curl -s https://wofa.jtucker.me.uk/metadata.json | jq '{LastCheck, UpdateHash}'

# Look up a specific CVE across all versions
CVE="CVE-2025-21333"
curl -s https://wofa.jtucker.me.uk/v1/cve_index.json \
  | jq --arg cve "$CVE" '.[$cve] | {severity, cvss_score, in_kev, affected: [.affected[].os]}'

# Get latest build for all tracked versions
$feed = Invoke-RestMethod "https://wofa.jtucker.me.uk/v1/windows_data_feed.json"
$feed.OSVersions | Select-Object OSVersion, @{Name="LatestBuild"; Expression={$_.Latest.ProductVersion}} | Format-Table

Key features

Automatic OS discovery — no manual config when Microsoft adds a new version
CISA KEV cross-reference — flags actively exploited CVEs with in_kev: true
Out-of-band and preview update support — covers non-Patch-Tuesday releases
Machine-readable + human-readable — JSON feeds plus a browseable HTML site
Static, cacheable outputs — runs on a schedule, commits results, serves from GitHub Pages
SHA-256 change detection — poll metadata.json to detect new data without downloading the full feed

Related resources

Resource	URL
SOFA (inspiration)	sofa.macadmins.io
MSRC Security Update Guide	msrc.microsoft.com/update-guide
MSRC CVRF API	api.msrc.microsoft.com/cvrf/v3.0/
CISA KEV Catalog	cisa.gov/known-exploited-vulnerabilities-catalog
NIST NVD	nvd.nist.gov
Windows 11 Release Health	learn.microsoft.com/.../windows11-release-information
Windows Server Release Health	learn.microsoft.com/.../windows-server-release-info