Coalition · JSON Structure
Coalition Ess Cve Structure
Field-level documentation for the Coalition Exploit Scoring System CVE record.
Type: object
Properties: 0
Cyber InsuranceInsuranceInsurtechRisk ManagementCybersecurityVulnerability ManagementCVEExploit ScoringThreat IntelligenceIncident ResponseAttack Surface ManagementBrokersMGAExecutive RisksTechnology E&OActive Insurance
Coalition Ess Cve Structure is a JSON Structure definition published by Coalition.
Meta-schema:
JSON Structure
{
"title": "Coalition ESS CVE Structure",
"description": "Field-level documentation for the Coalition Exploit Scoring System CVE record.",
"type": "object",
"fields": [
{
"name": "cve_id",
"type": "string",
"required": true,
"description": "CVE identifier in the form CVE-YYYY-NNNN(+)."
},
{
"name": "description",
"type": "string",
"required": false,
"description": "Free-text vulnerability description."
},
{
"name": "published_at",
"type": "string (date-time)",
"required": false,
"description": "When the CVE was first published."
},
{
"name": "modified_at",
"type": "string (date-time)",
"required": false,
"description": "When the CVE record was last modified."
},
{
"name": "ess",
"type": "CessScoreSummary",
"required": false,
"description": "Coalition Exploit Scoring System score, percentile, and shift flag.",
"fields": [
{"name": "score", "type": "number (0..1)", "description": "ML-derived likelihood of exploitation in the next 30 days."},
{"name": "percentile", "type": "number (0..1)", "description": "Score percentile across all scored CVEs."},
{"name": "shifting", "type": "boolean", "description": "Whether the score has materially shifted recently."}
]
},
{
"name": "epss",
"type": "EpssScoreSummary",
"required": false,
"description": "FIRST EPSS score and percentile.",
"fields": [
{"name": "score", "type": "number (0..1)", "description": "EPSS probability of exploitation in the next 30 days."},
{"name": "percentile", "type": "number (0..1)", "description": "EPSS score percentile."}
]
},
{
"name": "cvss",
"type": "CvssScoreSummary",
"required": false,
"description": "CVSS base score and severity.",
"fields": [
{"name": "version", "type": "string", "description": "CVSS version (3.1, 4.0)."},
{"name": "base_score", "type": "number (0..10)", "description": "CVSS base score."},
{"name": "severity", "type": "string", "description": "NONE | LOW | MEDIUM | HIGH | CRITICAL."},
{"name": "vector", "type": "string", "description": "CVSS vector string."}
]
},
{
"name": "exploits",
"type": "ExploitsSummary",
"required": false,
"description": "Counts of public exploit references.",
"fields": [
{"name": "exploitdb_count", "type": "integer", "description": "Number of ExploitDB entries."},
{"name": "metasploit_count", "type": "integer", "description": "Number of Metasploit modules."}
]
},
{
"name": "mentions",
"type": "MentionsSummary",
"required": false,
"description": "Counts of public mentions across feeds.",
"fields": [
{"name": "twitter_count", "type": "integer", "description": "Number of Twitter mentions."},
{"name": "github_repository_count", "type": "integer", "description": "Number of GitHub repositories mentioning the CVE."}
]
},
{
"name": "visibility",
"type": "VisibilitySummary",
"required": false,
"description": "Where the CVE has been observed.",
"fields": [
{"name": "seen_on_cisa_kev", "type": "boolean", "description": "Present on CISA KEV."},
{"name": "seen_on_vulncheck_kev", "type": "boolean", "description": "Present on VulnCheck KEV."},
{"name": "seen_on_coalition_honeypots", "type": "boolean", "description": "Exploitation observed on Coalition honeypots."}
]
}
]
}