CVE Object Reference

The CVE object is the canonical data structure returned by all CVE detail endpoints.

Top-Level Fields

Field	Type	Description
cve_id	string	CVE identifier (CVE-YYYY-NNNNN)
bsid	string	BreachSpider unique ID (BS-YYYY-NNNNNN-S)
title	string	Vulnerability title
description	string	Full vulnerability description
scoring	object	All scoring data (CVSS, EPSS, BCS)
exploitation	object	Active exploitation signals
affected	object	Affected vendors, products, protocols
patch	object	Patch availability and details
classification	object	CWEs, attack vector, layer
sage	object	SAGE AI analysis
temporal	object	All timestamps
references	object	External URLs
_links	object	HATEOAS navigation links

scoring Object

scoring.cvss

Field	Type	Example
score	float	10.0
vector	string	CVSS:3.1/AV:N/AC:L/...
version	string	3.1
severity	string	CRITICAL
attack_vector	string	NETWORK
attack_complexity	string	LOW
privileges_required	string	NONE
user_interaction	string	NONE
scope	string	CHANGED
confidentiality_impact	string	HIGH
integrity_impact	string	HIGH
availability_impact	string	HIGH

scoring.epss

Field	Type	Description
score	float	0.0-1.0 probability of exploitation
percentile	float	0.0-1.0 relative to all CVEs
interpretation	string	Human-readable percentile label

scoring.bcs

BCS (BreachSpider Confidence Score) is BreachSpider's proprietary exploitation priority score combining CVSS, EPSS, KEV status, PoC availability, and ICS relevance.

Field	Type	Description
score	float	0.0-10.0
tier	string	CRITICAL, HIGH, MEDIUM, LOW
factors.kev_flagged	boolean	In KEV catalog
factors.poc_available	boolean	Public PoC exists
factors.has_public_exploit	boolean	Functional exploit public
factors.patch_available	boolean	Vendor patch released
factors.ics_relevance	float	0.0-1.0 ICS/OT relevance score

exploitation Object

Field	Type	Description
kev_flagged	boolean	KEV-confirmed active exploitation
kev_added_at	string	ISO 8601 date added to KEV
has_public_exploit	boolean	Functional exploit publicly available
poc_available	boolean	Proof-of-concept code available
exploit_maturity	string	NONE, POC, FUNCTIONAL, WEAPONIZED
actively_exploited	boolean	True when kev_flagged is true

Exploit Maturity Tiers

Maturity	Meaning
NONE	No exploit or PoC available
POC	Proof-of-concept code published
FUNCTIONAL	Working exploit available
WEAPONIZED	Confirmed active exploitation in the wild (KEV)

affected Object

Field	Type	Description
vendors	array	List of affected vendor names
products	array	List of affected product names
primary_vendor	string	Primary/most relevant vendor
primary_product	string	Primary/most relevant product
vendor_count	integer	Total number of affected vendors
device_types	array	ICS device type classifications
protocols	array	Affected ICS protocols
ics_relevance_score	float	0.0-1.0 ICS/OT relevance
ics_relevant	boolean	True when ics_relevance_score >= 0.5

patch Object

Field	Type	Description
status	string	patched, unpatched, partial, unknown
patch_available	boolean	True when status is patched
patch_version	string	Fixed version (if known)
patch_url	string	Link to patch download (if known)
patch_notes	string	Remediation notes

sage Object

Field	Type	Description
model	string	SAGE model version
tier	string	full or blurred
executive_summary	string	AI-generated summary (all tiers)
ics_context	string	ICS/OT specific context (full tier)
remediation_guidance	string	Remediation steps (full tier)
confidence_score	float	SAGE confidence 0.0-1.0 (full tier)
confidence_tier	string	SOVEREIGN_AUDIT_PASS or lower
_upgrade_required	boolean	True when tier is blurred
_upgrade_url	string	Upgrade URL when blurred

temporal Object

Field	Type	Description
published_at	string	NVD publication date (ISO 8601)
modified_at	string	Last NVD modification date
enriched_at	string	BreachSpider enrichment timestamp
kev_added_at	string	Date added to KEV catalog