{ "$schema": "https://web.archive.org/web/20231129074528/http://json-schema.org/draft-04/schema#", "title": "JSON Schema for NVD Vulnerability Data Feed version 0.1_beta", "id": "https://web.archive.org/web/20231129074528/https://scap.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema", "definitions": { "def_node": { "description": "Defines a node or sub-node in an NVD applicability statement.", "properties": { "operator": {"type": "string"}, "negate": {"type": "boolean"}, "children": { "type": "array", "items": {"$ref": "#/definitions/def_node"} }, "cpe": { "type": "array", "items": { "type": "object", "properties": { "vulnerable": {"type": "boolean"}, "cpe22Uri": {"type": "string"}, "cpe23Uri": {"type": "string"}, "versionStartExcluding": {"type": "string"}, "versionStartIncluding": {"type": "string"}, "versionEndExcluding": {"type": "string"}, "versionEndIncluding": {"type": "string"} }, "required": [ "vulnerable", "cpe22Uri", "cpe23Uri" ] } } } }, "def_configurations": { "description": "Defines the set of product configurations for a NVD applicability statement.", "properties": { "CVE_data_version": {"type": "string"}, "nodes": { "type": "array", "items": {"$ref": "#/definitions/def_node"} } }, "required": [ "CVE_data_version" ] }, "def_subscore": { "description": "CVSS subscore.", "type": "number", "minimum": 0, "maximum": 10 }, "def_impact": { "description": "Impact scores for a vulnerability as found on NVD.", "type": "object", "properties": { "baseMetricV3": { "description": "CVSS V3.0 score.", "type": "object", "properties": { "cvssV3": {"$ref": "cvss-v3.0.json"}, "exploitabilityScore": {"$ref": "#/definitions/def_subscore"}, "impactScore": {"$ref": "#/definitions/def_subscore"} } }, "baseMetricV2": { "description": "CVSS V2.0 score.", "type": "object", "properties": { "cvssV2": {"$ref": "cvss-v2.0.json"}, "severity": {"type": "string"}, "exploitabilityScore": {"$ref": "#/definitions/def_subscore"}, "impactScore": {"$ref": "#/definitions/def_subscore"}, "obtainAllPrivilege": {"type": "boolean"}, "obtainUserPrivilege": {"type": "boolean"}, "obtainOtherPrivilege": {"type": "boolean"}, "userInteractionRequired": {"type": "boolean"} } } } }, "def_cve_item": { "description": "Defines a vulnerability in the NVD data feed.", "properties": { "cve": {"$ref": "CVE_JSON_4.0_min.schema"}, "configurations": {"$ref": "#/definitions/def_configurations"}, "impact": {"$ref": "#/definitions/def_impact"}, "publishedDate": {"type": "string"}, "lastModifiedDate": {"type": "string"} }, "required": ["cve"] } }, "type": "object", "properties": { "CVE_data_type": {"type": "string"}, "CVE_data_format": {"type": "string"}, "CVE_data_version": {"type": "string"}, "CVE_data_numberOfCVEs": { "description": "NVD adds number of CVE in this feed", "type": "string" }, "CVE_data_timestamp": { "description": "NVD adds feed date timestamp", "type": "string" }, "CVE_Items": { "description": "NVD feed array of CVE", "type": "array", "items": {"$ref": "#/definitions/def_cve_item"} } }, "required": [ "CVE_data_type", "CVE_data_format", "CVE_data_version", "CVE_Items" ] }