Cybersecurity and Infrastructure Security Agency · Schema

KevVulnerability

A single entry in the CISA Known Exploited Vulnerabilities catalog.

AdvisoriesAISBinding Operational DirectiveCSAFCVECWECybersecurityFederal GovernmentGovernmentICS-CERTInformation SharingKEVKnown Exploited VulnerabilitiesRisk ManagementSecuritySTIXTAXIIThreat IntelligenceVulnerability Management

Properties

Name Type Description
cveID string
vendorProject string
product string
vulnerabilityName string
dateAdded string
shortDescription string
requiredAction string
dueDate string
knownRansomwareCampaignUse string
notes string
cwes array
View JSON Schema on GitHub

JSON Schema

cisa-kev-vulnerability-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/cybersecurity-and-infrastructure-security-agency/refs/heads/main/json-schema/cisa-kev-vulnerability-schema.json",
  "title": "KevVulnerability",
  "description": "A single entry in the CISA Known Exploited Vulnerabilities catalog.",
  "type": "object",
  "required": [
    "cveID",
    "vendorProject",
    "product",
    "vulnerabilityName",
    "dateAdded",
    "shortDescription",
    "requiredAction",
    "dueDate",
    "knownRansomwareCampaignUse"
  ],
  "properties": {
    "cveID": {
      "type": "string",
      "pattern": "^CVE-\\d{4}-\\d{4,}$"
    },
    "vendorProject": { "type": "string" },
    "product": { "type": "string" },
    "vulnerabilityName": { "type": "string" },
    "dateAdded": { "type": "string", "format": "date" },
    "shortDescription": { "type": "string" },
    "requiredAction": { "type": "string" },
    "dueDate": { "type": "string", "format": "date" },
    "knownRansomwareCampaignUse": {
      "type": "string",
      "enum": ["Known", "Unknown"]
    },
    "notes": { "type": "string" },
    "cwes": {
      "type": "array",
      "items": {
        "type": "string",
        "pattern": "^CWE-\\d+$"
      }
    }
  }
}