Skip to content

Latest commit

 

History

History
25 lines (13 loc) · 2.36 KB

README.md

File metadata and controls

25 lines (13 loc) · 2.36 KB

cve-schema

cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record. Some examples of CVE record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit.

Learn more about the CVE program at cve.org

This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema here

The latest version of the record format is 5.0. It is specified in the JSON schema at CVE_JSON_5.0_schema.json

A single schema file with bundled dependencies is at CVE_JSON_5.0_bundled.json

Documentation about this format is available in docs

A mindmap version of the CVE record structure is at mindmap

A basic example of a full record in 5.0 format with minimally required fields is available at full-record-basic-example.json

An advanced example of a full record in 5.0 format is available at full-record-advanced-example.json

A basic example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-basic-example.json

An advanced example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-advanced-example.json

More details about Product and Version Encodings in CVE JSON 5.0 record is at versions.md