What is the Common Vulnerability Reporting Framework (CVRF)?

Document created by osantos on Nov 5, 2015Last modified by osantos on Jan 24, 2017
Version 4Show Document
  • View in full screen mode

The Common Vulnerability Reporting Framework (CVRF) is an XML-based standard that enables security professionals and organizations to share security vulnerability information in a single format, speeding up information exchange and digestion. Cisco has been a major contributor to this standard. CVRF is a common and consistent framework for exchanging not just vulnerability information, but any security-related documentation. More information about CVRF is available at: https://cvrf.github.io



CVRF has been transitioned to the OASIS Common Security Advisory Framework (CSAF) Technical Committee.


The Cisco Product Security Incident Response Team (PSIRT) drives and follows open, global standards and makes decisions to develop and implement new technologies based on customers’ current and anticipated requirements.


CVRF files at Cisco can be obtained via any of the following methods:

You can essentially create your own advisory and/or pick the sections of security advisories that are more relevant to you by parsing each CVRF file.A Python library and CLI tool (cvrfparse) for extracting data out of a CVRF document is available at GitHub.You can also install cvrfparse from source or by using pip:pip install cvrfparseMore information about this tool can be obtained from the following link: