| adp |
One or more ADP containers providing additional vulnerability information |
| adp_tags |
Tags provided by an ADP describing the CVE Record |
| affected |
List of affected products and services |
| assigner_org_id |
The UUID for the organization to which the CVE ID was originally assigned |
| assigner_short_name |
The short name for the organization to which the CVE ID was originally assign... |
| base64_encoded |
If true, the media_value field contains the media data encoded in base64 |
| capec_id |
CAPEC ID that best relates to this impact (e |
| change_at |
The version at which a status change occurs within a range |
| change_status |
The new status in the range starting at the given version |
| cna |
The CNA container holding vulnerability information for this CVE ID |
| cna_source |
Source information (who discovered it, who researched it, etc |
| cna_tags |
Tags provided by a CNA describing the CVE Record |
| collection_url |
URL identifying a package collection (determines the meaning of packageName) |
| configurations_text |
Configurations required for exploiting this vulnerability |
| containers |
A set of containers (CNA and optionally ADP) holding vulnerability informatio... |
| cpe_applicability |
Affected products defined using the CPE Applicability Language |
| cpe_criteria |
CPE 2 |
| cpe_match_criteria |
Array of CPE match criteria within this node |
| cpe_negate |
If true, negates the applicability of this element |
| cpe_nodes |
Array of CPE configuration nodes |
| cpe_operator |
Logical operator (AND/OR) used between CPE criteria in this node |
| cpe_uri |
CPE 2 |
| cpe_vulnerable |
Whether this CPE match describes a vulnerable configuration |
| cpes |
Affected products defined by CPE (Common Platform Enumeration) names in eithe... |
| credit_type |
Type or role of the entity being credited |
| credit_user |
UUID of the user being credited, if present in the CVE User Registry |
| credit_value |
The name or description of the credited party (up to 4096 characters) |
| credits |
Statements acknowledging specific people, organizations, or tools for work re... |
| cve_id |
The CVE identifier assigned by a CVE Numbering Authority (CNA) |
| cve_metadata |
Metadata about the CVE ID |
| cve_references |
Reference data in the form of URLs describing the vulnerability, such as advi... |
| cvss2_access_complexity |
|
| cvss2_access_vector |
|
| cvss2_authentication |
|
| cvss2_availability_impact |
|
| cvss2_availability_requirement |
|
| cvss2_base_score |
CVSS 2 |
| cvss2_collateral_damage_potential |
|
| cvss2_confidentiality_impact |
|
| cvss2_confidentiality_requirement |
|
| cvss2_environmental_score |
CVSS 2 |
| cvss2_exploitability |
|
| cvss2_integrity_impact |
|
| cvss2_integrity_requirement |
|
| cvss2_remediation_level |
|
| cvss2_report_confidence |
|
| cvss2_target_distribution |
|
| cvss2_temporal_score |
CVSS 2 |
| cvss2_vector_string |
CVSS 2 |
| cvss2_version |
CVSS version identifier |
| cvss3_attack_complexity |
|
| cvss3_attack_vector |
|
| cvss3_availability_impact |
|
| cvss3_availability_requirement |
|
| cvss3_base_score |
CVSS 3 |
| cvss3_base_severity |
|
| cvss3_confidentiality_impact |
|
| cvss3_confidentiality_requirement |
|
| cvss3_environmental_score |
CVSS 3 |
| cvss3_environmental_severity |
|
| cvss3_exploit_code_maturity |
|
| cvss3_integrity_impact |
|
| cvss3_integrity_requirement |
|
| cvss3_modified_attack_complexity |
|
| cvss3_modified_attack_vector |
|
| cvss3_modified_availability_impact |
|
| cvss3_modified_confidentiality_impact |
|
| cvss3_modified_integrity_impact |
|
| cvss3_modified_privileges_required |
|
| cvss3_modified_scope |
|
| cvss3_modified_user_interaction |
|
| cvss3_privileges_required |
|
| cvss3_remediation_level |
|
| cvss3_report_confidence |
|
| cvss3_scope |
|
| cvss3_temporal_score |
CVSS 3 |
| cvss3_temporal_severity |
|
| cvss3_user_interaction |
|
| cvss3_vector_string |
CVSS 3 |
| cvss3_version |
CVSS version identifier ('3 |
| cvss4_attack_complexity |
|
| cvss4_attack_requirements |
|
| cvss4_attack_vector |
|
| cvss4_automatable |
|
| cvss4_availability_requirement |
|
| cvss4_base_score |
CVSS 4 |
| cvss4_base_severity |
CVSS 4 |
| cvss4_confidentiality_requirement |
|
| cvss4_exploit_maturity |
|
| cvss4_integrity_requirement |
|
| cvss4_modified_attack_complexity |
|
| cvss4_modified_attack_requirements |
|
| cvss4_modified_attack_vector |
|
| cvss4_modified_privileges_required |
|
| cvss4_modified_sub_availability_impact |
|
| cvss4_modified_sub_confidentiality_impact |
|
| cvss4_modified_sub_integrity_impact |
|
| cvss4_modified_user_interaction |
|
| cvss4_modified_vuln_availability_impact |
|
| cvss4_modified_vuln_confidentiality_impact |
|
| cvss4_modified_vuln_integrity_impact |
|
| cvss4_privileges_required |
|
| cvss4_provider_urgency |
|
| cvss4_recovery |
|
| cvss4_safety |
|
| cvss4_sub_availability_impact |
|
| cvss4_sub_confidentiality_impact |
|
| cvss4_sub_integrity_impact |
|
| cvss4_user_interaction |
|
| cvss4_value_density |
|
| cvss4_vector_string |
CVSS 4 |
| cvss4_version |
CVSS version identifier |
| cvss4_vuln_availability_impact |
|
| cvss4_vuln_confidentiality_impact |
|
| cvss4_vuln_integrity_impact |
|
| cvss4_vulnerability_response_effort |
|
| cvss_v2_0 |
CVSS version 2 |
| cvss_v3 |
CVSS version 3 |
| cvss_v4_0 |
CVSS version 4 |
| cwe_id |
CWE identifier for the weakness classification (e |
| data_type |
Indicates the type of information represented in the JSON instance |
| data_version |
The version of the CVE schema used for validating this record |
| date_assigned |
The date/time this CVE ID was associated with a vulnerability by a CNA |
| date_public |
If known, the date/time the vulnerability was disclosed publicly |
| date_published |
The date/time the CVE Record was first published in the CVE List |
| date_rejected |
The date/time the CVE ID was rejected |
| date_reserved |
The date/time this CVE ID was reserved in the CVE automation workgroup servic... |
| date_updated |
The date/time the record was last updated |
| default_status |
The default status for versions not otherwise listed in the versions list |
| description |
Narrative description of the vulnerability |
| description_value |
Plain text description (up to 4096 characters) |
| descriptions |
A list of multi-lingual descriptions of the vulnerability |
| event_time |
Timestamp representing when the event in the timeline occurred |
| event_value |
A summary of the timeline event (up to 4096 characters) |
| exploits |
Information about known exploits of this vulnerability |
| impact |
Impact and severity assessment for this vulnerability |
| impact_descriptions |
Prose description of the impact scenario |
| impacts |
Collection of impacts of this vulnerability, optionally linked to CAPEC IDs |
| lang |
BCP 47 language code indicating the language of accompanying text |
| last_modified_date |
Date and time the vulnerability record was last modified |
| less_than |
The non-inclusive upper limit of the range |
| less_than_or_equal |
The inclusive upper limit of the range |
| match_criteria_id |
UUID identifying the CPE match criteria set |
| media_type |
RFC2046 compliant IANA Media type (e |
| media_value |
Supporting media content, up to 16K characters |
| metric_format |
Name of the scoring format (e |
| metric_scenarios |
Scenarios this metrics object applies to |
| metrics |
Collection of impact scores with attribution (CVSSv2, CVSSv3 |
| modules |
A list of the affected components, features, modules, sub-components, sub-pro... |
| name |
Name of the entity (product, weakness, reference, etc |
| operator |
Logical operator (AND/OR) used in configuration node groupings |
| org_id |
The container provider's organizational UUID |
| other_metric |
A non-standard impact description or score |
| other_metric_content |
Arbitrary JSON-compatible object (or prose string) containing non-standard me... |
| other_metric_type |
Name of the non-standard impact metrics format used |
| package_name |
Name or identifier of the affected software package as used in the package co... |
| package_url |
A Package URL (PURL), a unified URL specification for identifying packages ho... |
| platforms |
Platforms or operating environments affected |
| problem_description |
Text description of the problem type, or title from CWE or OWASP |
| problem_references |
References supporting this specific problem type |
| problem_source_type |
Problem type source format (e |
| problem_type_descriptions |
One or more problem type descriptions (e |
| problem_types |
Problem type information such as CWE identifiers |
| products |
Products affected by this vulnerability |
| program_files |
A list of the affected source code files |
| program_routines |
A list of the affected source code functions, methods, subroutines, or proced... |
| provider_metadata |
Details related to the information container provider (CNA or ADP) |
| published_date |
Date and time the vulnerability was first published |
| published_state |
State of the CVE Record |
| record_cve_id |
The CVE identifier that this record pertains to |
| reference_tags |
An array of tags describing the resource referenced by the URL |
| references |
External references such as advisories and articles |
| rejected_reasons |
Reasons for rejecting this CVE Record |
| rejected_state |
State of the CVE Record |
| relationship_name |
A description of the relationship between the taxonomy item and the CVE |
| relationship_value |
The target of the relationship |
| replaced_by |
CVE IDs that this CVE ID was rejected in favor of because this CVE ID was inc... |
| repo |
The URL of the source code repository, for informational purposes and/or to r... |
| requester_user_id |
The user that requested the CVE identifier |
| routine_name |
Name of the affected source code function, method, subroutine, or procedure |
| scenario_value |
Description of the scenario this metrics object applies to |
| score |
Numeric vulnerability score (e |
| serial |
Monotonically increasing integer, starting at 1, incremented each time a subm... |
| severity |
Qualitative severity rating |
| short_name |
The container provider's organizational short name (2-32 characters) |
| solutions |
Information about solutions or remediations available for this vulnerability |
| source |
Source or origin of the reference or data |
| source_advisory |
Advisory identifier associated with the vulnerability discovery |
| source_defects |
Bug tracking system IDs (e |
| source_discovery |
How the vulnerability was discovered (e |
| status |
Current lifecycle state of the vulnerability record |
| supporting_media |
Supporting media data for the description such as markdown, diagrams, etc |
| taxonomy_id |
Identifier of the item in the taxonomy |
| taxonomy_mappings |
List of taxonomy items (e |
| taxonomy_name |
The name of the taxonomy (e |
| taxonomy_relations |
List of relationships to the taxonomy for this vulnerability |
| taxonomy_version |
The version of the taxonomy the identifiers come from |
| timeline |
Timeline information for significant events about the vulnerability or change... |
| title |
Short human-readable title or name for this entity |
| url |
URL pointing to the reference resource |
| vector |
CVSS vector string or equivalent scoring vector expression |
| vendor |
Name of the vendor or organization responsible for the product |
| version |
Version string of the affected product |
| version_changes |
A list of status changes that take place during the version range |
| version_end_excluding |
The end of a version range, exclusive (versions strictly less than this) |
| version_end_including |
The end of a version range, inclusive (versions less than or equal to this) |
| version_start_excluding |
The start of a version range, exclusive (versions strictly greater than this) |
| version_start_including |
The start of a version range, inclusive (versions greater than or equal to th... |
| version_status |
The vulnerability status for the version or range of versions |
| version_type |
The version numbering system used for specifying the range (e |
| version_value |
The single version being described, or the version at the start of the range |
| versions |
Set of product versions or version ranges related to the vulnerability |
| weaknesses |
Weakness classifications (e |
| workarounds |
Workarounds and mitigations for this vulnerability |