docs: adding database schema

doc/MANUAL.md

@@ -5,6 +5,8 @@
   - [Installing](#installing)
   - [Fixing Known Issues / What should I do if it finds something?](#fixing-known-issues--what-should-i-do-if-it-finds-something)
   - [Limitations](#limitations)
+  - [Architecture](#architecture)
+    - [Database Structure](#database-structure)
   - [Optional Arguments](#optional-arguments)
     - [-e EXCLUDE, --exclude EXCLUDE](#-e-exclude---exclude-exclude)
     - [-h, --help](#-h---help)
@@ -320,6 +322,13 @@ The tool does not guarantee that all vulnerabilities are reported as the tool on
 Whilst some validation checks are performed on the data within the vulnerability database, the tool is unable to assert the quality of the data or correct any
 discrepancies if the data is incomplete or inconsistent. This may result, for example, in some vulnerability reports where the severity is reported as UNKNOWN.
 
+## Architecture
+
+### Database Structure
+
+The CVE Binary Tool database comprises three tables: cve_severity, cve_range, and cve_exploited. The cve_range and cve_severity tables are connected. The cve_range has a foreign key referencing the cve_number and data_source in the cve_severity table. The cve_severity table holds information about the severity of vulnerabilities, with the cve_number serving as the primary key. The cve_range table is linked to cve_severity via the cve_number and data_source columns, establishing a relationship between vulnerability severity and affected product ranges. The cve_exploited table tracks exploited vulnerabilities, utilizing the cve_number as the primary key. This database structure enables effective management and analysis of CVE-related data, facilitating identifying and assessing vulnerabilities and their associated exploit instances.
+
+![database structure of CVE Binary Tool](images/cve-bin-tool-database.png)
 
 ## Optional Arguments