A vulnerability under active exploitation is one for which there is reliable evidence that execution of malicious code was performed by an actor on a system without permission of the system owner.
Now it’s unrealistic to assume CISA is monitoring all exploited vulnerabilities, and that’s not what the point of KEV is.
It is more focused on the most critical vulnerabilities being exploited so that organisations can priorities remediation/patches effectively;
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.
You’ll see it currently returns around 1100 results, which I would say is suspiciously close to the amount you have in the STIX objects you’ve created using cve2stix. Can you share the exact number of reports directories you see in the reports/ folder?