VulnerabilityDetailsResponse

The CVSS score of this vulnerability. CVSS score is on a scale of 0-10 where 0 indicates low severity and 10 indicates high severity.

The CVSS v2 score of this vulnerability.

The CVSS v3 score of this vulnerability.

CVSS version used to populate cvss_score and severity.

The distro assigned severity for this vulnerability when that is available and note provider assigned severity when distro has not yet assigned a severity for this vulnerability. When there are multiple package issues for this vulnerability, they can have different effective severities because some might come from the distro and some might come from installed language packs (e.g. Maven JARs or Go binaries). For this reason, it is advised to use the effective severity on the PackageIssue level, as this field may eventually be deprecated. In the case where multiple PackageIssues have different effective severities, the one set here will be the highest severity of any of the PackageIssues.

The set of affected locations and their fixes (if available) within the associated resource.

The note provider assigned Severity of the vulnerability.

The type of package; whether native or non native(ruby gems, node.js packages etc). This may be deprecated in the future because we can have multiple PackageIssues with different package types.

VexAssessment provides all publisher provided Vex information that is related to this vulnerability for this resource.