VulnerabilityMatch

Contains details about a vulnerability match.

JSON representation 
{
  "cveId": string,
  "collectionId": string,
  "description": string,
  "technologies": [
    string
  ],
  "cvss3Score": number,
  "riskRating": enum (RiskRating),
  "exploitationState": enum (ExploitationState),
  "associations": [
    {
      object (Association)
    }
  ],
  "epssScore": number,
  "publicExploits": [
    {
      object (PublicExploit)
    }
  ],
  "productFixes": [
    {
      object (ProductFix)
    }
  ],
  "exploitationConsequences": [
    enum (ExploitationConsequence)
  ],
  "exploitationVectors": [
    enum (ExploitationVector)
  ],
  "disclosureTime": string,
  "priority": enum (Priority),
  "matchedTechnologies": [
    string
  ],
  "publiclyAvailableExploit": boolean
}
Fields
cveId

string

Required. The CVE ID of the vulnerability. Ex: "CVE-2025-9876". See https://www.cve.org/ for more information.
collectionId

string

Required. The collection ID of the vulnerability. Ex: "vulnerability--cve-2025-9876".
description

string

Required. A description of the vulnerability.
technologies[]

string

Required. All technologies affected by the vulnerability. Ex: "Apache Struts".
cvss3Score

number

Required. The CVSS score of the vulnerability. Evaluates to CVSS v3 when available with a fallback to v2 and v4. Example: 6.4.
riskRating

enum (RiskRating)

Required. The risk rating of the vulnerability.
exploitationState

enum (ExploitationState)

Required. The exploitation state of the vulnerability.
associations[]

object (Association)

Optional. Associated threat actors, malware, etc. This is embedded as a snapshot because the details of the association at the time of the vulnerability match are important for context and reporting.
epssScore

number

Optional. The EPSS score, representing the probability of exploitation. Example: 0.87.
publicExploits[]

object (PublicExploit)

Optional. List of public exploits.
productFixes[]

object (ProductFix)

Optional. List of product fixes for the vulnerability.
exploitationConsequences[]

enum (ExploitationConsequence)

Optional. List of exploitation consequences for the vulnerability.
exploitationVectors[]

enum (ExploitationVector)

Optional. List of exploitation vectors for the vulnerability.
disclosureTime

string (Timestamp format)

Optional. The disclosure time of the vulnerability.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
priority

enum (Priority)

Optional. The priority level of the vulnerability data. Ex: "P1".
matchedTechnologies[]

string

Optional. The specific technologies from the configured watchlist that triggered the match. Ex: "Apache Struts".
publiclyAvailableExploit

boolean

Output only. Whether a publicly available exploit exists.

Association

Represents an association with a vulnerability.

JSON representation 
{
  "id": string,
  "type": enum (ThreatIntelObjectType)
}
Fields
id

string

Required. The ID of the association.
type

enum (ThreatIntelObjectType)

Required. The type of the association.

ThreatIntelObjectType

The type of threat intel object.

Enums
THREAT_INTEL_OBJECT_TYPE_UNSPECIFIED Unspecified object type.
THREAT_INTEL_OBJECT_TYPE_THREAT_ACTOR Threat actor object type.
THREAT_INTEL_OBJECT_TYPE_MALWARE Malware object type.
THREAT_INTEL_OBJECT_TYPE_REPORT Report object type.
THREAT_INTEL_OBJECT_TYPE_CAMPAIGN Campaign object type.
THREAT_INTEL_OBJECT_TYPE_IOC_COLLECTION IoC Collection object type.
THREAT_INTEL_OBJECT_TYPE_SOFTWARE_AND_TOOLKITS Software and toolkits object type.
THREAT_INTEL_OBJECT_TYPE_VULNERABILITY Vulnerability object type.

PublicExploit

Contains details about a public exploit.

JSON representation 
{
  "exploitName": string,
  "uri": string,
  "exploitReliability": enum (ExploitReliability),
  "exploitGrade": enum (ExploitGrade),
  "sizeBytes": string,
  "releaseTime": string
}
Fields
exploitName

string

Required. The name of the exploit. Ex: "Magentounauth.php.txt".
uri

string

Optional. The URI of the exploit.
exploitReliability

enum (ExploitReliability)

Optional. The reliability of the exploit. Ex: "Unreviewed".
exploitGrade

enum (ExploitGrade)

Optional. The grade of the exploit. Ex: "non-weaponized".
sizeBytes

string (int64 format)

Optional. The size of the exploit.
releaseTime

string (Timestamp format)

Optional. The release time of the exploit.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

ExploitReliability

Represents exploit reliability.

Enums
EXPLOIT_RELIABILITY_UNSPECIFIED Unspecified exploit reliability.
UNREVIEWED Confirmed exploit reliability.
REVIEWED Uncorroborated exploit reliability.
TESTED Unconfirmed exploit reliability.

ExploitGrade

Represents exploit grade.

Enums
EXPLOIT_GRADE_UNSPECIFIED Unspecified exploit grade.
UNEVALUATED Unevaluated exploit grade.
PROOF_OF_CONCEPT Proof-of-concept exploit grade.
NON_WEAPONIZED Non-weaponized exploit grade.
WEAPONIZED Weaponized exploit grade.
SCANNER Scanner exploit grade.
FAKE Fake exploit grade.

ProductFix

Contains details about a product fix.

JSON representation 
{
  "displayName": string,
  "uri": string,
  "sourceId": string,
  "publishTime": string
}
Fields
displayName

string

Required. The name of the fix. Ex: "Magento".
uri

string

Optional. The URI of the fix.
sourceId

string

Required. The source ID of the fix. Ex: "APPSEC-1420".
publishTime

string (Timestamp format)

Optional. The published time of the fix.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

ExploitationConsequence

Represents the consequence of exploitation.

Enums
EXPLOITATION_CONSEQUENCE_UNSPECIFIED Unspecified exploitation consequence.
CODE_EXECUTION Code execution consequence.
COMMAND_EXECUTION Command execution consequence.
DATA_LOSS Data loss consequence.
DATA_MANIPULATION Data manipulation consequence.
DENIAL_OF_SERVICE Denial-of-Service consequence.
INFORMATION_DISCLOSURE Information disclosure consequence.
UNAUTHORIZED_ACCESS Unauthorized access consequence.
PRIVILEGE_ESCALATION Privilege escalation consequence.
SANDBOX_ESCAPE Sandbox escape consequence.
SECURITY_BYPASS Security bypass consequence.
CONTAINER_ESCAPE Container escape consequence.
SPOOFING Spoofing consequence.

ExploitationVector

Represents the vector of exploitation.

Enums
EXPLOITATION_VECTOR_UNSPECIFIED Unspecified exploitation vector.
ADMINISTRATIVE_INTERFACE Administrative interface vector.
BLUETOOTH_ACCESS Bluetooth access vector.
BROWSER Browser vector.
COMPROMISED_COMMUNICATION_CHANNEL Compromised communication channel vector.
EMAIL Email vector.
EXPOSED_WEB_APPLICATION Exposed web application vector.
LOCAL_NETWORK_ACCESS Local network access vector.
MALICIOUS_APPLICATION Malicious application vector.
MALICIOUS_FILE Malicious file vector.
MALICIOUS_SERVER Malicious server vector.
OPEN_PORT Open port vector.
PHYSICAL_ACCESS Physical access vector.
SHORT_RANGE_RADIO Short range radio vector.
UNSPECIFIED_LOCAL_VECTOR Unspecified local vector.
UNSPECIFIED_REMOTE_VECTOR Unspecified remote vector.
VPN_ACCESS VPN access vector.
WIFI_ACCESS WiFi access vector.