cve-schema specifies the CVE JSON record format. This is the blueprint for a rich set of JSON data that can be submitted by CVE Numbering Authorities (CNAs) and Authorized Data Publishers (ADPs) to describe a CVE record. Some examples of CVE record data include CVE ID number, affected product(s), affected version(s), and public references. While those specific items are required when assigning a CVE, there are many other optional data in the schema that can be used to enrich CVE records for community benefit.
Learn more about the CVE program at cve.org
This CVE JSON record format is defined using JSON Schema. Learn more about JSON Schema here
The latest version of the record format is 5.0. It is specified in the JSON schema at CVE_JSON_5.0_schema.json
A single schema file with bundled dependencies is at CVE_JSON_5.0_bundled.json
Documentation about this format is available in docs
A mindmap version of the CVE record structure is at mindmap
A basic example of a full record in 5.0 format with minimally required fields is available at full-record-basic-example.json
An advanced example of a full record in 5.0 format is available at full-record-advanced-example.json
A basic example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-basic-example.json
An advanced example of a cnaContainer, to be used with CVE Services, is available at cnaContainer-advanced-example.json
More details about Product and Version Encodings in CVE JSON 5.0 record is at versions.md