1. Drop it in
The widget auto-creates a container if it doesn't find one named threatfilter-widget.
<div id="threatfilter-widget"></div>
<script src="https://threatfilter.dev/embed.js"
data-tf-mode="latest"
data-tf-limit="5"></script>2. Filter by vendor
<div id="threatfilter-widget"></div>
<script src="https://threatfilter.dev/embed.js"
data-tf-mode="latest"
data-tf-vendor="cisco"
data-tf-limit="5"></script>3. Critical-only mode
<div id="threatfilter-widget"></div>
<script src="https://threatfilter.dev/embed.js"
data-tf-mode="critical"
data-tf-severity="critical"
data-tf-limit="3"></script>Configuration
| Attribute | Description | Default |
|---|---|---|
data-tf-mode | latest (default) — pull most-recent items. critical — restrict to critical-severity items. | latest |
data-tf-vendor | Single vendor slug (e.g. cisco, fortinet, microsoft). Matches the slugs at threatfilter.dev. | (none) |
data-tf-sector | Single sector slug for a soft client-side filter (substring match on title+summary). | (none) |
data-tf-severity | Single severity (critical|high|medium|low). Maps to the API severity filter. | (none) |
data-tf-limit | How many items to render. 1 to 20. Defaults to 5. | 5 |
Live demo
Rendered with data-tf-mode="latest" data-tf-limit="5" — i.e. the latest
five items overall. The widget below is the actual production
/embed.js, no special treatment.
Caveats
- The widget makes a single
fetch()at page load and does not poll. Reload (or wire it up yourself) to refresh. - CORS is open on api.threatfilter.dev — no allow-list configuration needed.
- Vendor / severity / exploitation tags shown are heuristic when the API didn't supply them. The widget surfaces real values when present and degrades gracefully otherwise.
- If you self-host the JS, the widget will still call api.threatfilter.dev directly; we don't proxy through your domain.