public sealed class VulnerabilityOccurrence : IMessage<VulnerabilityOccurrence>, IEquatable<VulnerabilityOccurrence>, IDeepCloneable<VulnerabilityOccurrence>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class VulnerabilityOccurrence.
An occurrence of a severity vulnerability on a resource.
The distro assigned severity for this vulnerability when it is available,
otherwise this is the note provider assigned severity.
When there are multiple PackageIssues for this vulnerability, they can have
different effective severities because some might be provided by the distro
while others are provided by the language ecosystem for a language pack.
For this reason, it is advised to use the effective severity on the
PackageIssue level. In the case where multiple PackageIssues have differing
effective severities, this field should be the highest severity for any of
the PackageIssues.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eVulnerabilityOccurrence\u003c/code\u003e class in the Grafeas v1 API represents an instance of a severity vulnerability on a resource, with the latest version being 3.7.0.\u003c/p\u003e\n"],["\u003cp\u003eThis class includes detailed information on the vulnerability such as CVSS scores (v2 and v3), severity levels, and whether a fix is available.\u003c/p\u003e\n"],["\u003cp\u003eIt provides properties to access affected locations, related URLs, and descriptions of the vulnerability, and the package type (native/non-native).\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eVulnerabilityOccurrence\u003c/code\u003e class implements interfaces like \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherits from \u003ccode\u003eobject\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe class also includes the ability to determine if the vulnerability has a fix available and provides fields for detailed descriptions, including short descriptions.\u003c/p\u003e\n"]]],[],null,["# Grafeas v1 API - Class VulnerabilityOccurrence (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence)\n- [3.8.0](/dotnet/docs/reference/Grafeas.V1/3.8.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.7.0](/dotnet/docs/reference/Grafeas.V1/3.7.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.6.0](/dotnet/docs/reference/Grafeas.V1/3.6.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.5.0](/dotnet/docs/reference/Grafeas.V1/3.5.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.4.0](/dotnet/docs/reference/Grafeas.V1/3.4.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.3.0](/dotnet/docs/reference/Grafeas.V1/3.3.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.2.0](/dotnet/docs/reference/Grafeas.V1/3.2.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.1.0](/dotnet/docs/reference/Grafeas.V1/3.1.0/Grafeas.V1.VulnerabilityOccurrence)\n- [3.0.0](/dotnet/docs/reference/Grafeas.V1/3.0.0/Grafeas.V1.VulnerabilityOccurrence)\n- [2.4.0](/dotnet/docs/reference/Grafeas.V1/2.4.0/Grafeas.V1.VulnerabilityOccurrence)\n- [2.3.0](/dotnet/docs/reference/Grafeas.V1/2.3.0/Grafeas.V1.VulnerabilityOccurrence)\n- [2.2.0](/dotnet/docs/reference/Grafeas.V1/2.2.0/Grafeas.V1.VulnerabilityOccurrence) \n\n public sealed class VulnerabilityOccurrence : IMessage\u003cVulnerabilityOccurrence\u003e, IEquatable\u003cVulnerabilityOccurrence\u003e, IDeepCloneable\u003cVulnerabilityOccurrence\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Grafeas v1 API class VulnerabilityOccurrence.\n\nAn occurrence of a severity vulnerability on a resource. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e VulnerabilityOccurrence \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Grafeas.V1](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1)\n\nAssembly\n--------\n\nGrafeas.V1.dll\n\nConstructors\n------------\n\n### VulnerabilityOccurrence()\n\n public VulnerabilityOccurrence()\n\n### VulnerabilityOccurrence(VulnerabilityOccurrence)\n\n public VulnerabilityOccurrence(VulnerabilityOccurrence other)\n\nProperties\n----------\n\n### CvssScore\n\n public float CvssScore { get; set; }\n\nOutput only. The CVSS score of this vulnerability. CVSS score is on a\nscale of 0 - 10 where 0 indicates low severity and 10 indicates high\nseverity.\n\n### CvssV2\n\n public CVSS CvssV2 { get; set; }\n\nThe cvss v2 score for the vulnerability.\n\n### CvssVersion\n\n public CVSSVersion CvssVersion { get; set; }\n\nOutput only. CVSS version used to populate cvss_score and severity.\n\n### Cvssv3\n\n public CVSS Cvssv3 { get; set; }\n\nThe cvss v3 score for the vulnerability.\n\n### EffectiveSeverity\n\n public Severity EffectiveSeverity { get; set; }\n\nThe distro assigned severity for this vulnerability when it is available,\notherwise this is the note provider assigned severity.\n\nWhen there are multiple PackageIssues for this vulnerability, they can have\ndifferent effective severities because some might be provided by the distro\nwhile others are provided by the language ecosystem for a language pack.\nFor this reason, it is advised to use the effective severity on the\nPackageIssue level. In the case where multiple PackageIssues have differing\neffective severities, this field should be the highest severity for any of\nthe PackageIssues.\n\n### ExtraDetails\n\n public string ExtraDetails { get; set; }\n\nOccurrence-specific extra details about the vulnerability.\n\n### FixAvailable\n\n public bool FixAvailable { get; set; }\n\nOutput only. Whether at least one of the affected packages has a fix\navailable.\n\n### LongDescription\n\n public string LongDescription { get; set; }\n\nOutput only. A detailed description of this vulnerability.\n\n### PackageIssue\n\n public RepeatedField\u003cVulnerabilityOccurrence.Types.PackageIssue\u003e PackageIssue { get; }\n\nRequired. The set of affected locations and their fixes (if available)\nwithin the associated resource.\n\n### RelatedUrls\n\n public RepeatedField\u003cRelatedUrl\u003e RelatedUrls { get; }\n\nOutput only. URLs related to this vulnerability.\n\n### Severity\n\n public Severity Severity { get; set; }\n\nOutput only. The note provider assigned severity of this vulnerability.\n\n### ShortDescription\n\n public string ShortDescription { get; set; }\n\nOutput only. A one sentence description of this vulnerability.\n\n### Type\n\n public string Type { get; set; }\n\nThe type of package; whether native or non native (e.g., ruby gems, node.js\npackages, etc.).\n\n### VexAssessment\n\n public VulnerabilityOccurrence.Types.VexAssessment VexAssessment { get; set; }"]]
