This document defines the data structure for "Patch Announcement" documents. These documents are typically sourced from official vendor communications, advisories, changelogs, or release bulletins that announce the availability of patches or updates addressing security vulnerabilities.
Field | Type | Description |
| string | Short summary of the patch announcement. |
| string | Title of the patch bulletin or vendor advisory. |
| string (ISO 8601) | Date when the patch was officially announced. |
| string (ISO 8601) | Last updated timestamp from the source. |
| string (ISO 8601) | Date when this patch entry was ingested by our system. |
| string | Source URL pointing to the official patch documentation. |
| string | Name of the vendor or company issuing the patch. |
| string | Release identifier or version tag of the patch. |
| string | Always set to |
Field | Type | Description |
| List[string] | CVE identifiers addressed by this patch. |
| string | Official fix details or update instructions. |
| List[string] | Flat list of affected products the patch addresses. |
| string | Name of the vendor or maintainer of the affected products. |
| List[string] | Related links, changelogs, or patch notes. |
If the vendor or a third-party includes a severity label:
"severities": [{"origin_name": "Vendor Advisory","severity": "High"}]
When CVEs in the announcement contain CVSS data:
"cvss": [{"cve_id": "CVE-2024-12345","cvss_version": "3.1","cvss_risk_assessment": "High","cvss_score": {"value": 7.5,"label": "High"},"cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","parsed_cvss_vector": {"Attack Vector": "Network","Attack Complexity": "Low","Privileges Required": "None","User Interaction": "None","Scope": "Unchanged","Confidentiality": "High","Integrity": "High","Availability": "High"}}]
Match using classification == "Patch Announcement".
Use cvss_score.label or cvss_vector for severity analysis.
solution will always contain guidance, even if minimal.
vulnerable_products supports fast filtering and cross-product matching.
Timestamps use ISO 8601 (e.g., 2025-06-01T00:00:00Z).
references link to supplementary technical or historical context.