{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/cybersecurity-and-infrastructure-security-agency/refs/heads/main/json-schema/cisa-kev-vulnerability-schema.json",
  "title": "KevVulnerability",
  "description": "A single entry in the CISA Known Exploited Vulnerabilities catalog.",
  "type": "object",
  "required": [
    "cveID",
    "vendorProject",
    "product",
    "vulnerabilityName",
    "dateAdded",
    "shortDescription",
    "requiredAction",
    "dueDate",
    "knownRansomwareCampaignUse"
  ],
  "properties": {
    "cveID": {
      "type": "string",
      "pattern": "^CVE-\\d{4}-\\d{4,}$"
    },
    "vendorProject": { "type": "string" },
    "product": { "type": "string" },
    "vulnerabilityName": { "type": "string" },
    "dateAdded": { "type": "string", "format": "date" },
    "shortDescription": { "type": "string" },
    "requiredAction": { "type": "string" },
    "dueDate": { "type": "string", "format": "date" },
    "knownRansomwareCampaignUse": {
      "type": "string",
      "enum": ["Known", "Unknown"]
    },
    "notes": { "type": "string" },
    "cwes": {
      "type": "array",
      "items": {
        "type": "string",
        "pattern": "^CWE-\\d+$"
      }
    }
  }
}