The Known Exploited Vulnerabilities Catalog is provided by cisa.gov.

The content is public "For the benefit of the cybersecurity community and network defenders[...]
Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework."

See https://www.cisa.gov/known-exploited-vulnerabilities-catalog.