OpenSSF · Schema

OSV Vulnerability

OSV schema record for an open source vulnerability. Mirrors the OSV schema published by the OpenSSF.

Linux FoundationOpen SourceSecuritySupply ChainVulnerabilities

Properties

Name Type Description
schema_version string
id string
modified string
published string
withdrawn string
aliases array
related array
summary string
details string
severity array
affected array
references array
credits array
database_specific object
View JSON Schema on GitHub

JSON Schema

openssf-osv-vulnerability-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/openssf/refs/heads/main/json-schema/openssf-osv-vulnerability-schema.json",
  "title": "OSV Vulnerability",
  "description": "OSV schema record for an open source vulnerability. Mirrors the OSV schema published by the OpenSSF.",
  "type": "object",
  "required": ["schema_version", "id", "modified"],
  "properties": {
    "schema_version": { "type": "string" },
    "id": { "type": "string" },
    "modified": { "type": "string", "format": "date-time" },
    "published": { "type": "string", "format": "date-time" },
    "withdrawn": { "type": "string", "format": "date-time" },
    "aliases": { "type": "array", "items": { "type": "string" } },
    "related": { "type": "array", "items": { "type": "string" } },
    "summary": { "type": "string" },
    "details": { "type": "string" },
    "severity": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": { "type": "string", "enum": ["CVSS_V2", "CVSS_V3", "CVSS_V4"] },
          "score": { "type": "string" }
        },
        "required": ["type", "score"]
      }
    },
    "affected": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "package": {
            "type": "object",
            "properties": {
              "ecosystem": { "type": "string" },
              "name": { "type": "string" },
              "purl": { "type": "string" }
            }
          },
          "ranges": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": { "type": "string", "enum": ["GIT", "SEMVER", "ECOSYSTEM"] },
                "repo": { "type": "string" },
                "events": {
                  "type": "array",
                  "items": { "type": "object" }
                }
              },
              "required": ["type", "events"]
            }
          },
          "versions": { "type": "array", "items": { "type": "string" } },
          "ecosystem_specific": { "type": "object" },
          "database_specific": { "type": "object" }
        }
      }
    },
    "references": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": { "type": "string" },
          "url": { "type": "string", "format": "uri" }
        },
        "required": ["type", "url"]
      }
    },
    "credits": { "type": "array", "items": { "type": "object" } },
    "database_specific": { "type": "object" }
  }
}