A normalized, self-contained library of vulnerability write-up templates, used by Faction as the seed data for its "Default Vulnerabilities" admin feature.
This is a from-scratch normalization of the dataset originally published at factionsecurity/data. That repo splits each vulnerability across a JSON file plus separate description/<id>.md and fix/<id>.md files linked by $ref (with ref IDs that don't always match the vuln's own ID), and carries no CVSS data. This repo instead stores one flat, complete JSON file per vulnerability, with HTML content and derived CVSS 3.1/4.0 vectors included directly.
vulnerabilities/
<slug>.json # one file per vulnerability, filename is not significant to importers
See schema.json for the full field definitions. Consumers should glob every *.json file under vulnerabilities/ — filenames carry no meaning.
Each file is a single JSON object:
| Field | Type | Notes |
|---|---|---|
name |
string | Vulnerability title |
severity |
string | One of CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL |
category |
string | Free-text category name; consumers resolve-or-create by name |
description |
string | HTML. Includes a trailing references list where applicable |
recommendation |
string | HTML remediation guidance |
cvss31 |
object | { "vector": "CVSS:3.1/...", "score": number } |
cvss40 |
object | { "vector": "CVSS:4.0/...", "score": number } |
CVSS vectors and scores are a best-effort characterization of each vulnerability class in the abstract (not tied to any specific finding/instance) — treat them as a sensible starting point, not a precise score for a real-world instance.