Add Ubuntu severity type to the schema and docs#337
Merged
oliverchang merged 2 commits intoossf:mainfrom Mar 3, 2025
Merged
Conversation
Relates to issue ossf#323 Signed-off-by: Eduardo Barretto <eduardo.barretto@canonical.com>
oliverchang
reviewed
Feb 20, 2025
docs/schema.md
Outdated
| | `CVSS_V2` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v2/guide#Metric-Groups) that is == 2.0 (e.g.`"AV:L/AC:M/Au:N/C:N/I:P/A:C"`).| | ||
| | `CVSS_V3` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v3.0/specification-document#Vector-String) that is >= 3.0 and < 4.0 (e.g.`"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"`).| | ||
| | `CVSS_V4` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version on the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v4.0/specification-document#Vector-String) that is >= 4.0 and < 5.0 (e.g. `"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"`). | | ||
| | `Ubuntu` | The [Ubuntu priority](https://ubuntu.com/security/cves/about#priority) is based on many factors including severity, importance, risk, estimated number of affected users, software configuration, active exploitation, and other factors. |
Collaborator
There was a problem hiding this comment.
Can you add more details on the expected string formatting? Form the json schema it seems like we expect these to be lowercased?
Collaborator
|
friendly ping @dodys :) |
Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com> Signed-off-by: Eduardo Barretto <edusbarretto@gmail.com>
oliverchang
approved these changes
Mar 2, 2025
cuixq
added a commit
to google/osv.dev
that referenced
this pull request
Jun 20, 2025
ossf/osv-schema#337 introduces Ubuntu severity type to the schema and this PR adds this severity type to `vulnerability.proto`.
another-rex
pushed a commit
that referenced
this pull request
Jul 15, 2025
Ubuntu severity type was added to the schema in #337 and this PR updates the constants in Go bindings with Ubuntu severity type. Signed-off-by: Xueqin Cui <cuixq@google.com>
progval
added a commit
to progval/osv
that referenced
this pull request
Dec 19, 2025
Includes: * 1.6.6: ossf/osv-schema#276 * 1.6.7: nothing * 1.7.0: ossf/osv-schema#312 ossf/osv-schema#319 ossf/osv-schema#337 * 1.7.1: nothing * 1.7.2: ossf/osv-schema#351 ossf/osv-schema#347 ossf/osv-schema#358 * 1.7.3: ossf/osv-schema#394 * 1.7.4: ossf/osv-schema#434 ossf/osv-schema#357
progval
added a commit
to progval/osv
that referenced
this pull request
Dec 19, 2025
Includes: * 1.6.6: ossf/osv-schema#276 * 1.6.7: nothing * 1.7.0: ossf/osv-schema#312 ossf/osv-schema#319 ossf/osv-schema#337 * 1.7.1: nothing * 1.7.2: ossf/osv-schema#351 ossf/osv-schema#347 ossf/osv-schema#358 * 1.7.3: ossf/osv-schema#394 * 1.7.4: ossf/osv-schema#434 ossf/osv-schema#357
progval
added a commit
to progval/osv
that referenced
this pull request
Dec 19, 2025
Includes: * 1.7.0: ossf/osv-schema#312 (`upstream` field) ossf/osv-schema#319 ossf/osv-schema#337 (`Ubuntu` as `severity` score) * 1.7.1: nothing * 1.7.2: ossf/osv-schema#351 ossf/osv-schema#347 ossf/osv-schema#358 * 1.7.3: ossf/osv-schema#394 * 1.7.4: ossf/osv-schema#434 ossf/osv-schema#357
progval
added a commit
to progval/osv
that referenced
this pull request
Dec 19, 2025
Includes: * 1.7.0: * ossf/osv-schema#312 (`upstream` field) * ossf/osv-schema#319 * ossf/osv-schema#337 (`Ubuntu` as `severity` score) * 1.7.1: nothing * 1.7.2: * ossf/osv-schema#351 * ossf/osv-schema#347 * ossf/osv-schema#358 * 1.7.3: * ossf/osv-schema#394 * 1.7.4: ossf/osv-schema#434 * ossf/osv-schema#357
tiegz
pushed a commit
to tiegz/osv-schema
that referenced
this pull request
Jan 28, 2026
Relates to issue ossf#323 --------- Signed-off-by: Eduardo Barretto <eduardo.barretto@canonical.com> Signed-off-by: Eduardo Barretto <edusbarretto@gmail.com> Co-authored-by: Oliver Chang <oliverchang@users.noreply.github.com>
tiegz
pushed a commit
to tiegz/osv-schema
that referenced
this pull request
Jan 28, 2026
Ubuntu severity type was added to the schema in ossf#337 and this PR updates the constants in Go bindings with Ubuntu severity type. Signed-off-by: Xueqin Cui <cuixq@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Relates to issue #323