Skip to content
/ cve-schema Public

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

License

CC0-1.0 license
367 stars 208 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CVEProject/cve-schema

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

562 Commits
.github/workflows
.github/workflows
 
 
rfds
rfds
 
 
schema
schema
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

CVE Record Format

GitHub Tag GitHub License

The CVE Record Format is the JSON schema defining the structure of CVE records. It was previously called the "CVE Schema." This repository is maintained by the CVE Quality Working Group (QWG) under the QWG Charter.

This repository is part of the CVE Project and is governed by CVE's Professional Code of Conduct.

Read the Record Format

The version of the schema found on the main branch of this repository is the current production version used by CVE Services. The development version, which reflects work-in-progress changes planned for future production versions, is found on the develop branch.

Production Version

The current production version of the CVE Record Format is available in several forms:

Additionally, the CVE Record Format incorporates mechanisms for encoding product identity and version information, which are documented in greater detail.

Development Version

The development version of the CVE Record Format can be found in the develop branch:

Examples

Known Issues

The CVE Services page on the CVE site tracks known issues with the CVE Record Format.

Contributing

Work in this repository is managed by the CVE Quality Working Group. QWG meetings are open to CVE authorized program members, including:

On a case-by-case basis, the QWG can invite to participate, through consensus, individuals who are not CVE program members. To request admission to the QWG, please contact one of the QWG Co-Chairs, currently Chris Coffin (MITRE), MegaZone (F5), or David Waltermire (GSA FedRAMP).

Any individual is welcome to participate via Issues, Discussions, and Pull Requests, including opening issues, creating proposals, commenting on existing proposals in Pull Requests, and asking questions about the Record Format. Decisions on how to proceed with any proposal are made by the Quality Working Group via consensus. Final authority for approving or rejecting changes to the CVE Record Format lies with the CVE Board.

All participation in this project is subject to the rules and procedures of the CVE Professional Code of Conduct.

About

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

Resources

Readme

License

CC0-1.0 license
Activity
Custom properties

Stars

367 stars

Watchers

41 watching

Forks

208 forks
Report repository

Releases 19

CVE Record Format version 5.2.0 Latest
Oct 29, 2025
+ 18 releases

Packages

No packages published

Contributors 28
+ 14 contributors

Languages