This document defines the data structure for "Vulnerability Discovery" documents. These are extracted from early reports, third-party blogs, research posts, or unofficial sources. They offer visibility into newly discovered or publicly discussed vulnerabilities before patches are available.

🧱 Core Fields

Field	Type	Description
`summary`	string	Short description of the discovery advisory.
`title`	string	Title of the original article or discovery source.
`published_date`	string (ISO 8601)	Date when the advisory was first published.
`last_updated_date`	string (ISO 8601)	Last updated date from the source.
`scraped_date`	string (ISO 8601)	Date when we ingested the data.
`url`	string	Link to the original article or discovery post.
`publishing_company`	string	Name of the organization that published the advisory.
`version_info`	string	Version or revision tag of the advisory.
`classification`	string	Always set to `Vulnerability Discovery` for this type.

🧠 Discovery-Specific Fields

Field	Type	Description
`CVEs`	List[string]	List of CVE identifiers, if available.
`solution`	string	Description of any available workaround or mitigation.
`vulnerable_products`	List[string]	Flat list of mentioned affected products.
`product_vendor`	string	Vendor name of affected products.
`references`	List[string]	List of related references and URLs.

🧬 Product Features (Structured Affected Components)

If structure extraction was successful, this field will be populated as follows:

"product_features": [
  {
    "vendor": "ExampleVendor",
    "product": "ExampleProduct",
    "version": ["1.0", "1.1"],
    "criterias": {
      "operator": "AND",
      "criterion": [
        ">= 1.0",
        "< 2.0"
      ]
    },
    "resolution": {
      "product_fix": ["2.0"],
      "other_fix": ["Mitigation steps published"]
    },
    "meta_data": [
      {
        "source_snippet": "Versions before 2.0 are affected",
        "confidence": "medium"
      }
    ]
  }
]

Fields explained:

vendor: Name of the vendor.
product: Affected product name.
version: Explicit versions mentioned.
criterias: Logical operator and constraints.
resolution: Suggested fixes or mitigations.
meta_data: Additional evidence and confidence annotations.

📊 Severity Ratings (Optional)

"severities": [
  {
    "origin_name": "Blog Author",
    "severity": "Critical"
  }
]

Used when the original article provides a severity label.

📈 CVSS Scores (Optional)

If CVEs are referenced and contain CVSS metadata:

"cvss": [
  {
    "cve_id": "CVE-2024-12345",
    "cvss_version": "3.1",
    "cvss_risk_assessment": "High",
    "cvss_score": {
      "value": 8.0,
      "label": "High"
    },
    "cvss_vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "parsed_cvss_vector": {
      "Attack Vector": "Network",
      "Attack Complexity": "Low",
      "Privileges Required": "None",
      "User Interaction": "None",
      "Scope": "Unchanged",
      "Confidentiality": "High",
      "Integrity": "High",
      "Availability": "High"
    }
  }
]

✅ Integration Guidance

Use classification == "Vulnerability Discovery" to classify this type.
Use cvss_score.label or cvss_vector to estimate risk level.
solution is always present, even if it's "No fix yet".
references may offer additional insight or corroborating reports.
vulnerable_products provides a quick reference for search.
Dates conform to ISO 8601 (e.g., 2025-06-01T00:00:00Z).