public sealed class VulnerabilityNote : IMessage<VulnerabilityNote>, IEquatable<VulnerabilityNote>, IDeepCloneable<VulnerabilityNote>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class VulnerabilityNote.
A security vulnerability that can be found in resources.
The time this information was last changed at the source. This is an
upstream timestamp from the underlying information source - e.g. Ubuntu
security tracker.
public RepeatedField<VulnerabilityNote.Types.WindowsDetail> WindowsDetails { get; }
Windows details get their own format because the information format and
model don't match a normal detail. Specifically Windows updates are done as
patches, thus Windows vulnerabilities really are a missing package, rather
than a package being at an incorrect version.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page provides reference documentation for the \u003ccode\u003eVulnerabilityNote\u003c/code\u003e class within the Grafeas v1 API, detailing its structure and properties.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eVulnerabilityNote\u003c/code\u003e represents a security vulnerability found in resources, and the page lists available versions, from the latest 3.7.0 down to 2.2.0, with links to specific documentation for each.\u003c/p\u003e\n"],["\u003cp\u003eThe class includes properties for CVSS scoring (CvssScore, CvssV2, CvssV3, CvssVersion), details of affected distros and packages, the assigned severity of the vulnerability, and the source update time.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eVulnerabilityNote\u003c/code\u003e class also contains details regarding Windows vulnerabilities, which are structured as missing patches rather than incorrect package versions.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eVulnerabilityNote\u003c/code\u003e class implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and also details the constructors \u003ccode\u003eVulnerabilityNote()\u003c/code\u003e and \u003ccode\u003eVulnerabilityNote(VulnerabilityNote other)\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Grafeas v1 API - Class VulnerabilityNote (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityNote)\n- [3.8.0](/dotnet/docs/reference/Grafeas.V1/3.8.0/Grafeas.V1.VulnerabilityNote)\n- [3.7.0](/dotnet/docs/reference/Grafeas.V1/3.7.0/Grafeas.V1.VulnerabilityNote)\n- [3.6.0](/dotnet/docs/reference/Grafeas.V1/3.6.0/Grafeas.V1.VulnerabilityNote)\n- [3.5.0](/dotnet/docs/reference/Grafeas.V1/3.5.0/Grafeas.V1.VulnerabilityNote)\n- [3.4.0](/dotnet/docs/reference/Grafeas.V1/3.4.0/Grafeas.V1.VulnerabilityNote)\n- [3.3.0](/dotnet/docs/reference/Grafeas.V1/3.3.0/Grafeas.V1.VulnerabilityNote)\n- [3.2.0](/dotnet/docs/reference/Grafeas.V1/3.2.0/Grafeas.V1.VulnerabilityNote)\n- [3.1.0](/dotnet/docs/reference/Grafeas.V1/3.1.0/Grafeas.V1.VulnerabilityNote)\n- [3.0.0](/dotnet/docs/reference/Grafeas.V1/3.0.0/Grafeas.V1.VulnerabilityNote)\n- [2.4.0](/dotnet/docs/reference/Grafeas.V1/2.4.0/Grafeas.V1.VulnerabilityNote)\n- [2.3.0](/dotnet/docs/reference/Grafeas.V1/2.3.0/Grafeas.V1.VulnerabilityNote)\n- [2.2.0](/dotnet/docs/reference/Grafeas.V1/2.2.0/Grafeas.V1.VulnerabilityNote) \n\n public sealed class VulnerabilityNote : IMessage\u003cVulnerabilityNote\u003e, IEquatable\u003cVulnerabilityNote\u003e, IDeepCloneable\u003cVulnerabilityNote\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Grafeas v1 API class VulnerabilityNote.\n\nA security vulnerability that can be found in resources. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e VulnerabilityNote \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[VulnerabilityNote](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityNote), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[VulnerabilityNote](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityNote), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[VulnerabilityNote](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityNote), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Grafeas.V1](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1)\n\nAssembly\n--------\n\nGrafeas.V1.dll\n\nConstructors\n------------\n\n### VulnerabilityNote()\n\n public VulnerabilityNote()\n\n### VulnerabilityNote(VulnerabilityNote)\n\n public VulnerabilityNote(VulnerabilityNote other)\n\nProperties\n----------\n\n### CvssScore\n\n public float CvssScore { get; set; }\n\nThe CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10\nwhere 0 indicates low severity and 10 indicates high severity.\n\n### CvssV2\n\n public CVSS CvssV2 { get; set; }\n\nThe full description of the v2 CVSS for this vulnerability.\n\n### CvssV3\n\n public CVSSv3 CvssV3 { get; set; }\n\nThe full description of the CVSSv3 for this vulnerability.\n\n### CvssVersion\n\n public CVSSVersion CvssVersion { get; set; }\n\nCVSS version used to populate cvss_score and severity.\n\n### Details\n\n public RepeatedField\u003cVulnerabilityNote.Types.Detail\u003e Details { get; }\n\nDetails of all known distros and packages affected by this vulnerability.\n\n### Severity\n\n public Severity Severity { get; set; }\n\nThe note provider assigned severity of this vulnerability.\n\n### SourceUpdateTime\n\n public Timestamp SourceUpdateTime { get; set; }\n\nThe time this information was last changed at the source. This is an\nupstream timestamp from the underlying information source - e.g. Ubuntu\nsecurity tracker.\n\n### WindowsDetails\n\n public RepeatedField\u003cVulnerabilityNote.Types.WindowsDetail\u003e WindowsDetails { get; }\n\nWindows details get their own format because the information format and\nmodel don't match a normal detail. Specifically Windows updates are done as\npatches, thus Windows vulnerabilities really are a missing package, rather\nthan a package being at an incorrect version."]]
