Instead of displaying the CPEs as part of the CVE node (as it is handled in the original source), we have decided to integrate them as a separate node and then link them to the AffectedProduct node.

What is an CPE node?

A CPE (Common Platform Enumeration) is a standardized method for naming and identifying software, hardware, and firmware products. It is part of the NIST Security Content Automation Protocol (SCAP) and is widely used in cybersecurity to consistently reference products in vulnerability management and compliance systems.

Where do the CPE information come from?

The information is extracted from the CVE object and created as a separate node. The definition can be found here in the cpe sections.

Which CPE information is available in the graph?

Which relations does the CPE node has in the graph?

• AffectedProduct