Skip to content

factionsecurity/default-vulnerabilities

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

default-vulnerabilities

A normalized, self-contained library of vulnerability write-up templates, used by Faction as the seed data for its "Default Vulnerabilities" admin feature.

This is a from-scratch normalization of the dataset originally published at factionsecurity/data. That repo splits each vulnerability across a JSON file plus separate description/<id>.md and fix/<id>.md files linked by $ref (with ref IDs that don't always match the vuln's own ID), and carries no CVSS data. This repo instead stores one flat, complete JSON file per vulnerability, with HTML content and derived CVSS 3.1/4.0 vectors included directly.

Layout

vulnerabilities/
  <slug>.json   # one file per vulnerability, filename is not significant to importers

See schema.json for the full field definitions. Consumers should glob every *.json file under vulnerabilities/ — filenames carry no meaning.

Schema summary

Each file is a single JSON object:

Field Type Notes
name string Vulnerability title
severity string One of CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL
category string Free-text category name; consumers resolve-or-create by name
description string HTML. Includes a trailing references list where applicable
recommendation string HTML remediation guidance
cvss31 object { "vector": "CVSS:3.1/...", "score": number }
cvss40 object { "vector": "CVSS:4.0/...", "score": number }

CVSS vectors and scores are a best-effort characterization of each vulnerability class in the abstract (not tied to any specific finding/instance) — treat them as a sensible starting point, not a precise score for a real-world instance.

About

Normalized default vulnerability write-up templates for Faction

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors