CVE is a JSON Structure definition published by Red Hat Enterprise Linux 8.
{
"name": "CVE",
"description": "Common Vulnerability and Exposure record from Red Hat Security Data API",
"fields": [
{ "name": "CVE", "type": "string", "description": "CVE identifier (e.g. CVE-2024-1234)", "pattern": "^CVE-\\d{4}-\\d+$" },
{ "name": "severity", "type": "string", "enum": ["Critical", "Important", "Moderate", "Low"], "description": "Red Hat severity rating" },
{ "name": "public_date", "type": "datetime", "description": "Public disclosure date" },
{ "name": "cvss_score", "type": "number", "description": "CVSS v2 score (0-10)" },
{ "name": "cvss3_score", "type": "number", "description": "CVSS v3 score (0-10)" },
{ "name": "cwe", "type": "string", "description": "CWE identifier" },
{ "name": "bugzilla", "type": "string", "description": "Bugzilla URL" },
{ "name": "details", "type": "array", "description": "Vulnerability description paragraphs" },
{
"name": "affected_release",
"type": "array",
"description": "Affected Red Hat product releases",
"items": {
"fields": [
{ "name": "product_name", "type": "string" },
{ "name": "release_date", "type": "datetime" },
{ "name": "advisory", "type": "string", "description": "RHSA/RHBA advisory ID" },
{ "name": "package", "type": "string", "description": "Fixed package NVR" },
{ "name": "cpe", "type": "string", "description": "CPE identifier" }
]
}
}
]
}