Common CVE Reference Tags

CVEs which reference external content often have tags associated with those references. These tags on our website are pulled both from the CVE data and structured from our own analysis. An ongoing list of the most common tags and their descriptions is below.

  • Issue Tracking: Notes a webpage that has been established for ongoing discoveries and updates on the CVE.
  • Patch: Reference contains information on a known patch for the vulnerability listed in the CVE.
  • Product: Reference contains information on the vulnerable product.
  • US Government Resource: Reference contains information provided from the US Government
  • Vendor Advisory: Reference contains information provided from the Vendor
  • Third Party Advisory: Reference contains information provided from a third party, outside of the government resources or Vendor.
  • sub.domain.tld: Notes the domain that the reference is linking to.
  • text/html: Notes the reference is linking to a standard html web page.
  • text/xml: Notes the reference is linking to an xml webpage.
  • video/*: Notes the reference is linking to some type of video content.
  • VDB Entry: The reference is linking to information on the CVE’s Vulnerability Database entry.
  • Permissions Required: The reference is linking to material which requires certain permissions to view, and may not available to the public.
  • Broken Link: A CVE provided data tag. It is often incorrect, links may still be valid. Check for our Inactive Link tag to be sure.
  • Inactive Link: Our applications have found the referenced link to resolve to a broken domain. Domain may still be archived.
  • Not Archived: The link has been found to resolve to a broken domain and is not archived. Information is likely no longer available 🙁
  • Archived: The link has been found to resolve to a broken domain but is archived! Our reference will link to the archived domain.
  • Depreciated Link: The domain is no longer valid or available to the public. Data may be available in our cve.report archive and will link to it if cve.report (archive) is present.
  • cve.report (archive): Reference links to material that is may no longer be available, but cve.report created an archive of the data while it was still present.
  • Proof of Concept: Reference links to a possible patch for the vulnerability or a demonstration for newly discovered vulnerabilities.

Leave a comment

Your email address will not be published. Required fields are marked *