{"$schema":"https://json-schema.org/draft/2020-12/schema","$id":"https://fedramp.gov/schemas/fedramp-accepted-vulnerability-info-schema-2026-06-24.json","$schemaVersion":"0.0.1","type":"object","title":"FedRAMP Accepted Vulnerability Info (VER-RPT-AVI)","description":"Accepted vulnerability information required when reporting vulnerability detection and response activity per VER-RPT-AVI.","required":["certificationPackageOverviewUri","reportPeriod","acceptedVulnerabilities"],"properties":{"certificationPackageOverviewUri":{"$ref":"https://fedramp.gov/schemas/fedramp-common-definitions-schema-2026-06-24.json/$defs/certificationPackageOverviewUri"},"reportPeriod":{"$ref":"https://fedramp.gov/schemas/fedramp-common-definitions-schema-2026-06-24.json/$defs/reportPeriodDateTime","title":"Report Period","description":"Period summarized by this report. Per VER-RPT-PER, must cover all activity since the previous report."},"acceptedVulnerabilities":{"type":"array","title":"Accepted Vulnerabilities","description":"Accepted vulnerabilities with activity in this period. Non-accepted vulnerabilities are reported under VER-RPT-VDT.","items":{"$ref":"https://fedramp.gov/schemas/fedramp-common-definitions-schema-2026-06-24.json/$defs/acceptedVulnerabilityInfo"}}}}