Updated
Jul 10, 2021, 12:19:55 AM

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "definitions": {
        "def_configurations": {
            "description": "Defines the set of product configurations for a NVD applicability statement.",
            "properties": {
                "CVE_data_version": {
                    "type": "string"
                },
                "nodes": {
                    "items": {
                        "$ref": "#/definitions/def_node"
                    },
                    "type": "array"
                }
            },
            "required": [
                "CVE_data_version"
            ]
        },
        "def_cpe_match": {
            "description": "CPE match string or range",
            "properties": {
                "cpe22Uri": {
                    "type": "string"
                },
                "cpe23Uri": {
                    "type": "string"
                },
                "cpe_name": {
                    "items": {
                        "$ref": "#/definitions/def_cpe_name"
                    },
                    "type": "array"
                },
                "versionEndExcluding": {
                    "type": "string"
                },
                "versionEndIncluding": {
                    "type": "string"
                },
                "versionStartExcluding": {
                    "type": "string"
                },
                "versionStartIncluding": {
                    "type": "string"
                },
                "vulnerable": {
                    "type": "boolean"
                }
            },
            "required": [
                "vulnerable",
                "cpe23Uri"
            ],
            "type": "object"
        },
        "def_cpe_name": {
            "description": "CPE name",
            "properties": {
                "cpe22Uri": {
                    "type": "string"
                },
                "cpe23Uri": {
                    "type": "string"
                },
                "lastModifiedDate": {
                    "type": "string"
                }
            },
            "required": [
                "cpe23Uri"
            ],
            "type": "object"
        },
        "def_cve_item": {
            "description": "Defines a vulnerability in the NVD data feed.",
            "properties": {
                "configurations": {
                    "$ref": "#/definitions/def_configurations"
                },
                "cve": {
                    "$ref": "CVE_JSON_4.0_min_1.1_beta.schema"
                },
                "impact": {
                    "$ref": "#/definitions/def_impact"
                },
                "lastModifiedDate": {
                    "type": "string"
                },
                "publishedDate": {
                    "type": "string"
                }
            },
            "required": [
                "cve"
            ]
        },
        "def_impact": {
            "description": "Impact scores for a vulnerability as found on NVD.",
            "properties": {
                "baseMetricV2": {
                    "description": "CVSS V2.0 score.",
                    "properties": {
                        "acInsufInfo": {
                            "type": "boolean"
                        },
                        "cvssV2": {
                            "$ref": "cvss-v2.0_beta.json"
                        },
                        "exploitabilityScore": {
                            "$ref": "#/definitions/def_subscore"
                        },
                        "impactScore": {
                            "$ref": "#/definitions/def_subscore"
                        },
                        "obtainAllPrivilege": {
                            "type": "boolean"
                        },
                        "obtainOtherPrivilege": {
                            "type": "boolean"
                        },
                        "obtainUserPrivilege": {
                            "type": "boolean"
                        },
                        "severity": {
                            "type": "string"
                        },
                        "userInteractionRequired": {
                            "type": "boolean"
                        }
                    },
                    "type": "object"
                },
                "baseMetricV3": {
                    "description": "CVSS V3.x score.",
                    "properties": {
                        "cvssV3": {
                            "$ref": "cvss-v3.x_beta.json"
                        },
                        "exploitabilityScore": {
                            "$ref": "#/definitions/def_subscore"
                        },
                        "impactScore": {
                            "$ref": "#/definitions/def_subscore"
                        }
                    },
                    "type": "object"
                }
            },
            "type": "object"
        },
        "def_node": {
            "description": "Defines a node or sub-node in an NVD applicability statement.",
            "properties": {
                "children": {
                    "items": {
                        "$ref": "#/definitions/def_node"
                    },
                    "type": "array"
                },
                "cpe_match": {
                    "items": {
                        "$ref": "#/definitions/def_cpe_match"
                    },
                    "type": "array"
                },
                "negate": {
                    "type": "boolean"
                },
                "operator": {
                    "type": "string"
                }
            }
        },
        "def_subscore": {
            "description": "CVSS subscore.",
            "maximum": 10,
            "minimum": 0,
            "type": "number"
        }
    },
    "id": "https://scap.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1_beta.schema",
    "properties": {
        "CVE_Items": {
            "description": "NVD feed array of CVE",
            "items": {
                "$ref": "#/definitions/def_cve_item"
            },
            "type": "array"
        },
        "CVE_data_format": {
            "type": "string"
        },
        "CVE_data_numberOfCVEs": {
            "description": "NVD adds number of CVE in this feed",
            "type": "string"
        },
        "CVE_data_timestamp": {
            "description": "NVD adds feed date timestamp",
            "type": "string"
        },
        "CVE_data_type": {
            "type": "string"
        },
        "CVE_data_version": {
            "type": "string"
        }
    },
    "required": [
        "CVE_data_type",
        "CVE_data_format",
        "CVE_data_version",
        "CVE_Items"
    ],
    "title": "JSON Schema for NVD Vulnerability Data Feed version 1.1",
    "type": "object"
}