The vulnerability disclosure document is also often referred to as a "security advisory," particularly if published by the vendor.
This is an example of a vulnerability disclosure document based on CERT/CC's Vulnerability Notes format. It is not meant to be exhaustive of all scenarios.
Please modify the sections and format as necessary to better suit your needs.
CVE ID for this Vulnerability:
Type of Vulnerability, if known: (see MITRE's CWE site for list of common types of vulnerabilities)
Provide the full CVSS vector, not only the score. If possible, provide guidance on the temporal and environmental metrics, not only the base metrics. See https://www.first.org/cvss/.
This vulnerability was reported/discovered by _____________.
For more information or questions, please contact:
(List more dates here as necessary to document your communication attempts.)
(List reference URLs here: for example, vendor advisory, other disclosures, and links to advice on mitigating problems.)