{ "type": "object", "properties": { "summary": { "type": "string", "description": "A short summary of the advisory.", "maxLength": 1024 }, "description": { "type": "string", "description": "A detailed description of what the advisory impacts.", "maxLength": 65535 }, "cve_id": { "type": [ "string", "null" ], "description": "The Common Vulnerabilities and Exposures (CVE) ID." }, "vulnerabilities": { "type": "array", "description": "A product affected by the vulnerability detailed in a repository security advisory.", "items": { "type": "object", "properties": { "package": { "description": "The name of the package affected by the vulnerability.", "type": "object", "properties": { "ecosystem": { "type": "string", "description": "The package's language or package management ecosystem.", "enum": [ "rubygems", "npm", "pip", "maven", "nuget", "composer", "go", "rust", "erlang", "actions", "pub", "other", "swift" ] }, "name": { "type": [ "string", "null" ], "description": "The unique package name within its ecosystem." } }, "required": [ "ecosystem" ] }, "vulnerable_version_range": { "type": [ "string", "null" ], "description": "The range of the package versions affected by the vulnerability." }, "patched_versions": { "type": [ "string", "null" ], "description": "The package version(s) that resolve the vulnerability." }, "vulnerable_functions": { "type": [ "array", "null" ], "description": "The functions in the package that are affected.", "items": { "type": "string" } } }, "required": [ "package" ], "additionalProperties": false } }, "cwe_ids": { "type": [ "array", "null" ], "description": "A list of Common Weakness Enumeration (CWE) IDs.", "items": { "type": "string" } }, "credits": { "type": [ "array", "null" ], "description": "A list of users receiving credit for their participation in the security advisory.", "items": { "type": "object", "properties": { "login": { "type": "string", "description": "The username of the user credited." }, "type": { "type": "string", "description": "The type of credit the user is receiving.", "enum": [ "analyst", "finder", "reporter", "coordinator", "remediation_developer", "remediation_reviewer", "remediation_verifier", "tool", "sponsor", "other" ] } }, "required": [ "login", "type" ], "additionalProperties": false } }, "severity": { "type": [ "string", "null" ], "description": "The severity of the advisory. You must choose between setting this field or `cvss_vector_string`.", "enum": [ "critical", "high", "medium", "low", null ] }, "cvss_vector_string": { "type": [ "string", "null" ], "description": "The CVSS vector that calculates the severity of the advisory. You must choose between setting this field or `severity`." }, "start_private_fork": { "type": "boolean", "description": "Whether to create a temporary private fork of the repository to collaborate on a fix.", "default": false } }, "required": [ "summary", "description", "vulnerabilities" ], "additionalProperties": false, "$schema": "https://json-schema.org/draft/2019-09/schema" }