{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "JSON Schema for NVD Vulnerability Data Feed version 1.1", "id": "https://scap.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1.schema", "definitions": { "def_cpe_name": { "description": "CPE name", "type": "object", "properties": { "cpe22Uri": { "type": "string" }, "cpe23Uri": { "type": "string" }, "lastModifiedDate": { "type": "string" } }, "required": [ "cpe23Uri" ] }, "def_cpe_match": { "description": "CPE match string or range", "type": "object", "properties": { "vulnerable": { "type": "boolean" }, "cpe22Uri": { "type": "string" }, "cpe23Uri": { "type": "string" }, "versionStartExcluding": { "type": "string" }, "versionStartIncluding": { "type": "string" }, "versionEndExcluding": { "type": "string" }, "versionEndIncluding": { "type": "string" }, "cpe_name": { "type": "array", "items": { "$ref": "#/definitions/def_cpe_name" } } }, "required": [ "vulnerable", "cpe23Uri" ] }, "def_node": { "description": "Defines a node or sub-node in an NVD applicability statement.", "properties": { "operator": {"type": "string"}, "negate": {"type": "boolean"}, "children": { "type": "array", "items": {"$ref": "#/definitions/def_node"} }, "cpe_match": { "type": "array", "items": {"$ref": "#/definitions/def_cpe_match"} } } }, "def_configurations": { "description": "Defines the set of product configurations for a NVD applicability statement.", "properties": { "CVE_data_version": {"type": "string"}, "nodes": { "type": "array", "items": {"$ref": "#/definitions/def_node"} } }, "required": [ "CVE_data_version" ] }, "def_subscore": { "description": "CVSS subscore.", "type": "number", "minimum": 0, "maximum": 10 }, "def_impact": { "description": "Impact scores for a vulnerability as found on NVD.", "type": "object", "properties": { "baseMetricV3": { "description": "CVSS V3.x score.", "type": "object", "properties": { "cvssV3": {"$ref": "cvss-v3.x.json"}, "exploitabilityScore": {"$ref": "#/definitions/def_subscore"}, "impactScore": {"$ref": "#/definitions/def_subscore"} } }, "baseMetricV2": { "description": "CVSS V2.0 score.", "type": "object", "properties": { "cvssV2": {"$ref": "cvss-v2.0.json"}, "severity": {"type": "string"}, "exploitabilityScore": {"$ref": "#/definitions/def_subscore"}, "impactScore": {"$ref": "#/definitions/def_subscore"}, "acInsufInfo": {"type": "boolean"}, "obtainAllPrivilege": {"type": "boolean"}, "obtainUserPrivilege": {"type": "boolean"}, "obtainOtherPrivilege": {"type": "boolean"}, "userInteractionRequired": {"type": "boolean"} } } } }, "def_cve_item": { "description": "Defines a vulnerability in the NVD data feed.", "properties": { "cve": {"$ref": "CVE_JSON_4.0_min_1.1.schema"}, "configurations": {"$ref": "#/definitions/def_configurations"}, "impact": {"$ref": "#/definitions/def_impact"}, "publishedDate": {"type": "string"}, "lastModifiedDate": {"type": "string"} }, "required": ["cve"] } }, "type": "object", "properties": { "CVE_data_type": {"type": "string"}, "CVE_data_format": {"type": "string"}, "CVE_data_version": {"type": "string"}, "CVE_data_numberOfCVEs": { "description": "NVD adds number of CVE in this feed", "type": "string" }, "CVE_data_timestamp": { "description": "NVD adds feed date timestamp", "type": "string" }, "CVE_Items": { "description": "NVD feed array of CVE", "type": "array", "items": {"$ref": "#/definitions/def_cve_item"} } }, "required": [ "CVE_data_type", "CVE_data_format", "CVE_data_version", "CVE_Items" ] }