Skip to content

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

License

Notifications You must be signed in to change notification settings

JonathanLEvans/cve-schema

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cve-schema

cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record. Some examples of CVE record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit.

Learn more about the CVE program at cve.org

This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema here

The latest version of the record format is 5.0. It is specified in the JSON schema at CVE_JSON_5.0_schema.json

A single schema file with bundled dependencies is at CVE_JSON_5.0_bundled.json

Documentation about this format is available in docs

A mindmap version of the CVE record structure is at mindmap

A basic example of a full record in 5.0 format with minimally required fields is available at full-record-basic-example.json

An advanced example of a full record in 5.0 format is available at full-record-advanced-example.json

A basic example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-basic-example.json

An advanced example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-advanced-example.json

More details about Product and Version Encodings in CVE JSON 5.0 record is at versions.md

About

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • HTML 82.7%
  • Python 12.6%
  • JavaScript 2.6%
  • CSS 1.1%
  • Other 1.0%