This document defines the data structure for "Exploit Discovery" documents. These are extracted from sources reporting on proof-of-concept exploits, attack techniques, or real-world exploit sightings related to known vulnerabilities.
Field | Type | Description |
| string | Short summary of the exploit or technique described. |
| string | Title of the original article or exploit report. |
| string (ISO 8601) | Date when the article was first published. |
| string (ISO 8601) | Last updated date from the source. |
| string (ISO 8601) | Date when the exploit was publicly disclosed (if different). |
| string (ISO 8601) | Date when we ingested the data. |
| string | Link to the original article or report. |
| string | Name of the organization or researcher publishing the report. |
| string | Always set to |
Field | Type | Description |
| List[string] | List of referenced CVE identifiers, if available. |
| string | Known mitigation or detection strategies. |
| List[string] | Flat list of affected product mentions. |
| string | Vendor of the affected products. |
| string | Name or alias of the exploit author or source. |
| List[string] | Related URLs or technical references. |
Use classification == "Exploit Discovery" to group this category.
exploit_creator may refer to an individual, group, or alias (e.g., "Shadow Brokers").
solution may be empty if no known fix or detection is proposed.
Dates follow ISO 8601 (e.g., 2025-06-01T00:00:00Z).
disclosed_date can differ from published_date in coordinated disclosure scenarios.