VulnerabilityMatch

JSON representation
RiskRating

Contains details about a vulnerability match.

JSON representation
{ "cveId": string, "collectionId": string, "description": string, "technologies": [ string ], "cvss3Score": number, "riskRating": enum (`RiskRating`), "exploitationState": enum (`ExploitationState`) }

Fields
`cveId`	`string` Output only. The CVE ID of the vulnerability. Ex: "CVE-2025-9876". See https://www.cve.org/ for more information.
`collectionId`	`string` Output only. The collection ID of the vulnerability. Ex: "vulnerability--cve-2025-9876".
`description`	`string` Output only. A description of the vulnerability.
`technologies[]`	`string` Output only. The affected technologies. Ex: "Apache Struts".
`cvss3Score`	`number` Output only. The CVSS v3 score of the vulnerability. Example: 6.4.
`riskRating`	`enum (RiskRating)` Output only. The risk rating of the vulnerability.
`exploitationState`	`enum (ExploitationState)` Output only. The exploitation state of the vulnerability.

RiskRating

Represents the risk rating of a vulnerability.

Enums
`RISK_RATING_UNSPECIFIED`	Unspecified risk rating. This is the default value when the risk rating is not set.
`LOW`	Low risk rating.
`MEDIUM`	Medium risk rating.
`HIGH`	High risk rating.
`CRITICAL`	Critical risk rating.
`UNRATED`	The vulnerability has been assessed, but a specific risk rating could not be determined or assigned.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-10 UTC.