Component Vulnerability table (component

Column	Type	Description
`actual_date`	timestamp with time zone	Actual date the vulnerability was remediated.
`attack_vector`	text	Attack vector of the vulnerability, which is the context by which vulnerability exploitation is possible. Possible values are: NETWORK ADJACENT LOCAL PHYSICAL
`base_score`	numeric	Base score of the vulnerability based on the CVSS v2 score. This score reflects the overall basic characteristics of a vulnerability that are constant over time and user environments.
`base_score_cvss3`	numeric	Base score of the vulnerability based on the CVSS v3.x score. This score reflects the overall basic characteristics of a vulnerability that are constant over time and user environments.
`comment`	text	Comments entered when remediating the vulnerability.
`component_table_id`	int8	`ID` field in the Component table.
`cwe_ids`	text	List of Common Weakness Enumeration (CWE) IDs for this security vulnerability.
`description`	text	Description of the vulnerability.
`exploit_score`	numeric	Exploitability score of the vulnerability based on the CVSS v2 score. This score measures how the vulnerability is accessed and if extra conditions are required to exploit it, taking into account access vector, complexity, and authentication.
`exploit_score_cvss3`	numeric	Exploitability score of the vulnerability based on the CVSS v3.x score. This score measures how the vulnerability is accessed and if extra conditions are required to exploit it, taking into account access vector, complexity, and authentication.
`exposed_on`	timestamp with time zone	When the vulnerability was mapped to the project.
`impact_score`	numeric	Impact score of the vulnerability based on the CVSS v2 score. This score reflects the possible impact of successfully exploiting the vulnerability, considering the integrity, availability, and confidentiality impacts.
`impact_score_cvss3`	numeric	Impact score of the vulnerability based on the CVSS v3.x score. This score reflects the possible impact of successfully exploiting the vulnerability, considering the integrity, availability, and confidentiality impacts.
`justification`	text	Description of the justification for the remediation used.
`project_version_id`	UUID	ID.
`published_on`	timestamp with time zone	When the vulnerability was published.
`related_vuln_id`	text	Empty except when BDSA has a related CVE vulnerability. If a BDSA vulnerability is mapped to a CVE, the related CVE is listed here; the BDSA vulnerability is listed in the `vuln_id` column.
`remediation_status`	text	Lists the remediation status. The values are: `REMEDIATION_COMPLETE` `NOT_AFFECTED` `MITIGATED` `DUPLICATE` `IGNORED` `PATCHED` `NEW` `UNDER_INVESTIGATION` `NEEDS_REVIEW` `AFFECTED` `REMEDIATION_REQUIRED`
`remediation_updated_at`	timestamp with time zone	When the triage status was updated for this vulnerability.
`severity`	text	Severity level of this vulnerability based on the CVSS v2 score. One of the following values: HIGH MEDIUM LOW
`severity_cvss3`	text	Severity level of this vulnerability based on the CVSS v3.x score. One of the following values: CRITICAL HIGH MEDIUM LOW
`solution_available`	boolean	Indicates whether a solution for the vulnerability is available: "t" indicates a solution is available. "f" indicates a solution is not available.
`target_date`	timestamp with time zone	Target date to remediate the vulnerability
`temporal_score`	numeric	Temporal score of the vulnerability based on the CVSS v2 score. This score represents time-dependent qualities of a vulnerability, taking into account the confirmation of the technical details of a vulnerability, the existence of any patches or workarounds, and the availability of exploit code or techniques. Displays 0 if there is no score.
`temporal_score_cvss3`	numeric	Temporal score of the vulnerability based on the CVSS v3.x score. This score represents time-dependent qualities of a vulnerability, taking into account the confirmation of the technical details of a vulnerability, the existence of any patches or workarounds, and the availability of exploit code or techniques. Displays 0 if there is no score.
`updated_on`	timestamp with time zone	When the vulnerability was last updated.
`vuln_id`	text	Vulnerability ID, such as CVE-2017-1234 or 12345.
`vuln_source`	text	Source of the vulnerability. One of the following values: BDSA NVD
`workaround_available`	boolean	Indicates whether a workaround for the vulnerability is available: "t" indicates a workaround is available. "f" indicates a workaround is not available.

actual_date

timestamp with time zone

Actual date the vulnerability was remediated.

attack_vector

text

Attack vector of the vulnerability, which is the context by which vulnerability exploitation is possible. Possible values are:

NETWORK
ADJACENT
LOCAL
PHYSICAL

base_score

numeric

Base score of the vulnerability based on the CVSS v2 score. This score reflects the overall basic characteristics of a vulnerability that are constant over time and user environments.

base_score_cvss3

numeric

Base score of the vulnerability based on the CVSS v3.x score. This score reflects the overall basic characteristics of a vulnerability that are constant over time and user environments.

comment

text

Comments entered when remediating the vulnerability.

component_table_id

int8

ID field in the Component table.

cwe_ids

text

List of Common Weakness Enumeration (CWE) IDs for this security vulnerability.

description

text

Description of the vulnerability.

exploit_score

numeric

Exploitability score of the vulnerability based on the CVSS v2 score. This score measures how the vulnerability is accessed and if extra conditions are required to exploit it, taking into account access vector, complexity, and authentication.

exploit_score_cvss3

numeric

Exploitability score of the vulnerability based on the CVSS v3.x score. This score measures how the vulnerability is accessed and if extra conditions are required to exploit it, taking into account access vector, complexity, and authentication.

exposed_on

timestamp with time zone

When the vulnerability was mapped to the project.

impact_score

numeric

Impact score of the vulnerability based on the CVSS v2 score. This score reflects the possible impact of successfully exploiting the vulnerability, considering the integrity, availability, and confidentiality impacts.

impact_score_cvss3

numeric

Impact score of the vulnerability based on the CVSS v3.x score. This score reflects the possible impact of successfully exploiting the vulnerability, considering the integrity, availability, and confidentiality impacts.

justification

text

Description of the justification for the remediation used.

project_version_id

UUID

ID.

published_on

timestamp with time zone

When the vulnerability was published.

related_vuln_id

text

Empty except when BDSA has a related CVE vulnerability. If a BDSA vulnerability is mapped to a CVE, the related CVE is listed here; the BDSA vulnerability is listed in the vuln_id column.

remediation_status

text

Lists the remediation status. The values are:

REMEDIATION_COMPLETE
NOT_AFFECTED
MITIGATED
DUPLICATE
IGNORED
PATCHED
NEW
UNDER_INVESTIGATION
NEEDS_REVIEW
AFFECTED
REMEDIATION_REQUIRED

remediation_updated_at

timestamp with time zone

When the triage status was updated for this vulnerability.

severity

text

Severity level of this vulnerability based on the CVSS v2 score. One of the following values:

HIGH
MEDIUM
LOW

severity_cvss3

text

Severity level of this vulnerability based on the CVSS v3.x score. One of the following values:

CRITICAL
HIGH
MEDIUM
LOW

solution_available

boolean

Indicates whether a solution for the vulnerability is available:

"t" indicates a solution is available.
"f" indicates a solution is not available.

target_date

timestamp with time zone

Target date to remediate the vulnerability

temporal_score

numeric

Temporal score of the vulnerability based on the CVSS v2 score. This score represents time-dependent qualities of a vulnerability, taking into account the confirmation of the technical details of a vulnerability, the existence of any patches or workarounds, and the availability of exploit code or techniques.

Displays 0 if there is no score.

temporal_score_cvss3

numeric

Temporal score of the vulnerability based on the CVSS v3.x score. This score represents time-dependent qualities of a vulnerability, taking into account the confirmation of the technical details of a vulnerability, the existence of any patches or workarounds, and the availability of exploit code or techniques.

Displays 0 if there is no score.

updated_on

timestamp with time zone

When the vulnerability was last updated.

vuln_id

text

Vulnerability ID, such as CVE-2017-1234 or 12345.

vuln_source

text

Source of the vulnerability. One of the following values:

BDSA
NVD

workaround_available

boolean

Indicates whether a workaround for the vulnerability is available:

"t" indicates a workaround is available.
"f" indicates a workaround is not available.

Component Vulnerability table (component_vulnerability)

Component Vulnerability table (`component_vulnerability`)