{
  "$schema": "https://json-schema.org/draft/2020-12",
  "$id": "https://ess-api.coalitioninc.com/schemas/cve",
  "title": "Coalition ESS CVE",
  "description": "A CVE record as returned by the Coalition Exploit Scoring System API. Combines vulnerability metadata with Coalition ESS, EPSS, and CVSS score summaries, exploit reference counts, and mention/visibility signals.",
  "type": "object",
  "properties": {
    "cve_id": {
      "type": "string",
      "pattern": "^CVE-[0-9]{4}-[0-9]{4,}$",
      "description": "Canonical CVE identifier (e.g. CVE-2024-12345)."
    },
    "description": {
      "type": "string",
      "description": "Vulnerability description text."
    },
    "published_at": {
      "type": "string",
      "format": "date-time",
      "description": "Date the CVE was first published."
    },
    "modified_at": {
      "type": "string",
      "format": "date-time",
      "description": "Last time the CVE record was modified."
    },
    "ess": {"$ref": "#/$defs/CessScoreSummary"},
    "epss": {"$ref": "#/$defs/EpssScoreSummary"},
    "cvss": {"$ref": "#/$defs/CvssScoreSummary"},
    "exploits": {"$ref": "#/$defs/ExploitsSummary"},
    "mentions": {"$ref": "#/$defs/MentionsSummary"},
    "visibility": {"$ref": "#/$defs/VisibilitySummary"},
    "seen_on_cisa_kev": {
      "type": "boolean",
      "description": "Whether the CVE is listed on the CISA Known Exploited Vulnerabilities catalog."
    },
    "seen_on_vulncheck_kev": {
      "type": "boolean",
      "description": "Whether the CVE is listed on the VulnCheck KEV catalog."
    },
    "seen_on_coalition_honeypots": {
      "type": "boolean",
      "description": "Whether Coalition has observed exploitation attempts against this CVE in its honeypot fleet."
    }
  },
  "required": ["cve_id"],
  "$defs": {
    "CessScoreSummary": {
      "type": "object",
      "description": "Coalition Exploit Scoring System ML-derived likelihood of exploitation in the next 30 days.",
      "properties": {
        "score": {"type": "number", "minimum": 0, "maximum": 1},
        "percentile": {"type": "number", "minimum": 0, "maximum": 1},
        "shifting": {"type": "boolean", "description": "Whether the score has materially shifted recently."}
      }
    },
    "EpssScoreSummary": {
      "type": "object",
      "description": "FIRST EPSS (Exploit Prediction Scoring System) summary.",
      "properties": {
        "score": {"type": "number", "minimum": 0, "maximum": 1},
        "percentile": {"type": "number", "minimum": 0, "maximum": 1}
      }
    },
    "CvssScoreSummary": {
      "type": "object",
      "description": "CVSS base score summary.",
      "properties": {
        "version": {"type": "string", "examples": ["3.1", "4.0"]},
        "base_score": {"type": "number", "minimum": 0, "maximum": 10},
        "severity": {"type": "string", "enum": ["NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL"]},
        "vector": {"type": "string"}
      }
    },
    "ExploitsSummary": {
      "type": "object",
      "description": "Aggregate counts of public exploit references.",
      "properties": {
        "exploitdb_count": {"type": "integer", "minimum": 0},
        "metasploit_count": {"type": "integer", "minimum": 0}
      }
    },
    "MentionsSummary": {
      "type": "object",
      "description": "Aggregate counts of public mentions across feeds.",
      "properties": {
        "twitter_count": {"type": "integer", "minimum": 0},
        "github_repository_count": {"type": "integer", "minimum": 0}
      }
    },
    "VisibilitySummary": {
      "type": "object",
      "description": "Where the CVE has been observed.",
      "properties": {
        "seen_on_cisa_kev": {"type": "boolean"},
        "seen_on_vulncheck_kev": {"type": "boolean"},
        "seen_on_coalition_honeypots": {"type": "boolean"}
      }
    }
  }
}