vulnerability-core
Shared base schema for security vulnerabilities. Provides common types, enumerations, slots, and abstract classes imported by the KEV Catalog, MITRE CVE, and NIST NVD schemas.
URI: https://w3id.org/lmodel/vulnerability-core
Name: vulnerability-core
Classes
| Class |
Description |
| Configuration |
Logical grouping of CPE match expressions |
| Impact |
Assessment of the vulnerability's impact and severity |
| Product |
Software or hardware entity affected by the vulnerability |
| Reference |
External reference such as an advisory or article |
| Vulnerability |
Abstract base representation of a security vulnerability |
| Weakness |
Weakness classification from CWE or a similar taxonomy |
Slots
| Slot |
Description |
| cpe_uri |
CPE 2 |
| cve_id |
The CVE identifier assigned by a CVE Numbering Authority (CNA) |
| cwe_id |
CWE identifier for the weakness classification (e |
| description |
Narrative description of the vulnerability |
| impact |
Impact and severity assessment for this vulnerability |
| last_modified_date |
Date and time the vulnerability record was last modified |
| name |
Name of the entity (product, weakness, reference, etc |
| operator |
Logical operator (AND/OR) used in configuration node groupings |
| platforms |
Platforms or operating environments affected |
| products |
Products affected by this vulnerability |
| published_date |
Date and time the vulnerability was first published |
| references |
External references such as advisories and articles |
| score |
Numeric vulnerability score (e |
| severity |
Qualitative severity rating |
| source |
Source or origin of the reference or data |
| status |
Current lifecycle state of the vulnerability record |
| title |
Short human-readable title or name for this entity |
| url |
URL pointing to the reference resource |
| vector |
CVSS vector string or equivalent scoring vector expression |
| vendor |
Name of the vendor or organization responsible for the product |
| version |
Version string of the affected product |
| weaknesses |
Weakness classifications (e |
Enumerations
Types
| Type |
Description |
| Boolean |
A binary (true or false) value |
| Curie |
a compact URI |
| CveId |
A CVE identifier assigned by a CVE Numbering Authority (CNA) |
| Date |
a date (year, month and day) in an idealized calendar |
| DateOrDatetime |
Either a date or a datetime |
| Datetime |
The combination of a date and time |
| Decimal |
A real number with arbitrary precision that conforms to the xsd:decimal speci... |
| Double |
A real number that conforms to the xsd:double specification |
| Float |
A real number that conforms to the xsd:float specification |
| Integer |
An integer |
| IsoDate |
A calendar date in ISO 8601 format (YYYY-MM-DD) |
| Jsonpath |
A string encoding a JSON Path |
| Jsonpointer |
A string encoding a JSON Pointer |
| Ncname |
Prefix part of CURIE |
| Nodeidentifier |
A URI, CURIE or BNODE that represents a node in a model |
| Objectidentifier |
A URI or CURIE that represents an object in the model |
| Sparqlpath |
A string encoding a SPARQL Property Path |
| String |
A character string |
| Time |
A time object represents a (local) time of day, independent of any particular... |
| Uri |
a complete URI |
| Uriorcurie |
a URI or a CURIE |
Subsets
| Subset |
Description |
| Core |
Cross-program vulnerability metadata |
| Metadata |
Identification and reference fields |