{ "$schema": "http://json-schema.org/draft-07/schema#", "title": "JSON Schema for NVD Vulnerability Data API version 2.2.3", "definitions": { "def_cve_item": { "properties": { "cve": { "$ref": "#/definitions/cve_item" } }, "required": [ "cve" ], "additionalProperties": false }, "cve_item": { "type": "object", "properties": { "id": { "$ref": "#/definitions/cve_id" }, "sourceIdentifier": { "type": "string" }, "vulnStatus": { "type": "string" }, "published": { "type": "string", "format": "date-time" }, "lastModified": { "type": "string", "format": "date-time" }, "evaluatorComment": { "type": "string" }, "evaluatorSolution": { "type": "string" }, "evaluatorImpact": { "type": "string" }, "cisaExploitAdd": { "type": "string", "format": "date" }, "cisaActionDue": { "type": "string", "format": "date" }, "cisaRequiredAction": { "type": "string" }, "cisaVulnerabilityName": { "type": "string" }, "cveTags": { "type": "array", "items": { "type": "object", "properties": { "sourceIdentifier": { "description": "The email address or UUID of the source that contributed the information", "type": "string" }, "tags": { "type": "array", "items": { "type": "string", "enum": [ "unsupported-when-assigned", "exclusively-hosted-service", "disputed" ] } } } } }, "descriptions": { "type": "array", "minItems": 1, "items": { "$ref": "#/definitions/lang_string" } }, "references": { "type": "array", "items": { "$ref": "#/definitions/reference" } }, "metrics": { "description": "Metric scores for a vulnerability as found on NVD.", "type": "object", "properties": { "cvssMetricV40": { "description": "CVSS V4.0 score.", "type": "array", "items": { "$ref": "#/definitions/cvss-v40" } }, "cvssMetricV31": { "description": "CVSS V3.1 score.", "type": "array", "items": { "$ref": "#/definitions/cvss-v31" } }, "cvssMetricV30": { "description": "CVSS V3.0 score.", "type": "array", "items": { "$ref": "#/definitions/cvss-v30" } }, "cvssMetricV2": { "description": "CVSS V2.0 score.", "type": "array", "items": { "$ref": "#/definitions/cvss-v2" } } } }, "weaknesses": { "type": "array", "items": { "$ref": "#/definitions/weakness" } }, "configurations": { "type": "array", "items": { "$ref": "#/definitions/config" } }, "vendorComments": { "type": "array", "items": { "$ref": "#/definitions/vendorComment" } } }, "required": [ "id", "published", "lastModified", "references", "descriptions" ] }, "cvss-v2": { "properties": { "source": { "type": "string" }, "type": { "enum": [ "Primary", "Secondary" ] }, "cvssData": { "$ref": "https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v2.0.json" }, "baseSeverity": { "type": "string" }, "exploitabilityScore": { "$ref": "#/definitions/def_subscore" }, "impactScore": { "$ref": "#/definitions/def_subscore" }, "acInsufInfo": { "type": "boolean" }, "obtainAllPrivilege": { "type": "boolean" }, "obtainUserPrivilege": { "type": "boolean" }, "obtainOtherPrivilege": { "type": "boolean" }, "userInteractionRequired": { "type": "boolean" } }, "required": [ "source", "type", "cvssData" ], "additionalProperties": false }, "cvss-v30": { "properties": { "source": { "type": "string" }, "type": { "enum": [ "Primary", "Secondary" ] }, "cvssData": { "$ref": "https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v3.0.json" }, "exploitabilityScore": { "$ref": "#/definitions/def_subscore" }, "impactScore": { "$ref": "#/definitions/def_subscore" } }, "required": [ "source", "type", "cvssData" ], "additionalProperties": false }, "cvss-v31": { "properties": { "source": { "type": "string" }, "type": { "enum": [ "Primary", "Secondary" ] }, "cvssData": { "$ref": "https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v3.1.json" }, "exploitabilityScore": { "$ref": "#/definitions/def_subscore" }, "impactScore": { "$ref": "#/definitions/def_subscore" } }, "required": [ "source", "type", "cvssData" ], "additionalProperties": false }, "cvss-v40": { "properties": { "source": { "type": "string" }, "type": { "enum": [ "Primary", "Secondary" ] }, "cvssData": { "$ref": "https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v4.0.json" } }, "required": [ "source", "type", "cvssData" ], "additionalProperties": false }, "cve_id": { "type": "string", "pattern": "^CVE-[0-9]{4}-[0-9]{4,}$" }, "lang_string": { "type": "object", "properties": { "lang": { "type": "string" }, "value": { "type": "string", "maxLength": 4096 } }, "required": [ "lang", "value" ], "additionalProperties": false }, "reference": { "type": "object", "properties": { "url": { "type": "string", "format": "uri", "minLength": 1, "maxLength": 2048 }, "source": { "type": "string" }, "tags": { "type": "array", "items": { "type": "string" } } }, "required": [ "url" ] }, "vendorComment": { "type": "object", "properties": { "organization": { "type": "string" }, "comment": { "type": "string" }, "lastModified": { "type": "string", "format": "date-time" } }, "required": [ "organization", "comment", "lastModified" ], "additionalProperties": false }, "weakness": { "properties": { "source": { "type": "string" }, "type": { "type": "string" }, "description": { "type": "array", "minItems": 0, "items": { "$ref": "#/definitions/lang_string" } } }, "required": [ "source", "type", "description" ], "additionalProperties": false }, "config": { "properties": { "operator": { "type": "string", "enum": [ "AND", "OR" ] }, "negate": { "type": "boolean" }, "nodes": { "type": "array", "items": { "$ref": "#/definitions/node" } } }, "required": [ "nodes" ] }, "node": { "description": "Defines a configuration node in an NVD applicability statement.", "properties": { "operator": { "type": "string", "enum": [ "AND", "OR" ] }, "negate": { "type": "boolean" }, "cpeMatch": { "type": "array", "items": { "$ref": "#/definitions/cpe_match" } } }, "required": [ "operator", "cpeMatch" ] }, "cpe_match": { "description": "CPE match string or range", "type": "object", "properties": { "vulnerable": { "type": "boolean" }, "criteria": { "type": "string" }, "matchCriteriaId": { "type": "string", "format": "uuid" }, "versionStartExcluding": { "type": "string" }, "versionStartIncluding": { "type": "string" }, "versionEndExcluding": { "type": "string" }, "versionEndIncluding": { "type": "string" } }, "required": [ "vulnerable", "criteria", "matchCriteriaId" ] }, "def_subscore": { "description": "CVSS subscore.", "type": "number", "minimum": 0, "maximum": 10 } }, "type": "object", "properties": { "resultsPerPage": { "type": "integer" }, "startIndex": { "type": "integer" }, "totalResults": { "type": "integer" }, "format": { "type": "string" }, "version": { "type": "string" }, "timestamp": { "type": "string", "format": "date-time" }, "vulnerabilities": { "description": "NVD feed array of CVE", "type": "array", "items": { "$ref": "#/definitions/def_cve_item" } } }, "required": [ "resultsPerPage", "startIndex", "totalResults", "format", "version", "timestamp", "vulnerabilities" ], "additionalProperties": false }