Common CVE Reference Tags

CVEs often include tags on references that describe what the external resource represents. cve.report uses both source-provided tags and site-generated tags.

• Issue Tracking: the reference points to an ongoing issue or tracking page.
• Patch: the reference points to a patch, fix, or remediation notice.
• Product: the reference points to vendor or product detail material.
• US Government Resource: the reference is published by a U.S. government source.
• Vendor Advisory: the reference is a vendor-published advisory.
• Third Party Advisory: the reference is a non-vendor, non-government advisory.
• sub.domain.tld: the domain label shown for a reference.
• text/html: the reference resolved as an HTML page.
• text/xml: the reference resolved as XML content.
• video/*: the reference resolved as video content.
• VDB Entry: the link points to a vulnerability database entry.
• Permissions Required: the linked content requires access or login.
• Broken Link: a source-provided tag that may be stale or inaccurate.
• Inactive Link: cve.report could not reach the source page.
• Not Archived: the source appears unavailable and no archive copy is known.
• Archived: the source appears unavailable but an archive copy exists.
• Depreciated Link: a historic link is no longer valid for public use.
• cve.report (archive): cve.report stored an archival copy while the reference was available.
• Proof of Concept: the reference points to exploit or demonstration material.