Skip to main content
Back to Tags

Vulnerability

11 items tagged with "vulnerability"

Filter by type:

Glossaries11

Glossary

Common Vulnerabilities and Exposures (CVE)

CVE is a public, standardized catalog that assigns a unique identifier to each publicly disclosed cybersecurity vulnerability, enabling consistent reference across tools and organizations.

Glossary

Common Vulnerability Scoring System (CVSS)

CVSS is an open standard for rating the severity of security vulnerabilities, producing a numerical score from 0 to 10 based on their characteristics and potential impact.

Glossary

RiskScore

RiskScore is Vibgrate’s 0–100 measure of security and business exposure — the probability and consequence of harm right now — where 0 is safest and 100 is maximum risk.

Glossary

Exploit Prediction Scoring System (EPSS)

EPSS is a daily-updated probability estimate from FIRST, scoring each CVE from 0 to 1 on how likely it is to be exploited in the wild within the next 30 days.

Glossary

Known Exploited Vulnerabilities (KEV) Catalog

The KEV catalog is CISA’s authoritative list of vulnerabilities with reliable evidence of active exploitation in the wild — confirmed fact, not prediction.

Glossary

Likely Exploited Vulnerabilities (LEV)

LEV is a proposed NIST metric (CSWP 41) that estimates, from a CVE’s EPSS history, the cumulative probability the vulnerability has ever been exploited — a conservative lower bound.

Glossary

Open Source Vulnerabilities (OSV)

OSV is a distributed vulnerability database and schema for open-source software, aggregating ecosystem advisory feeds with precise, package-native version matching.

Glossary

GitHub Security Advisories (GHSA)

GHSA is GitHub’s curated database of security advisories for open-source packages, with maintainer-reviewed affected-version ranges and fix versions.

Glossary

National Vulnerability Database (NVD)

The NVD is NIST’s database that enriches CVE records with CVSS severity scores, product identifiers, and reference data.

Glossary

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC is a decision-tree methodology from CMU SEI and CISA that prioritizes vulnerabilities by contextual facts — exploitation status, automatability, and mission impact — rather than a single severity number.

Glossary

Reachability Analysis

Reachability analysis determines whether the vulnerable code inside a dependency is actually invoked by your application, separating exploitable findings from theoretical ones.