# Auxiliary Classes

Details of a vulnerability or report are structured in a few auxiliary data classes that are used in one or both base classes.

Below we describe the main auxiliary classes and their usage. For an exhaustive list, refer to our [API documentation](https://avidml.org/avidtools) or the respective [JSON schema](https://github.com/avidml/avid-db/tree/main/schema).

<details>

<summary><strong><code>description</code></strong></summary>

High-level description of a vulnerability or report. This is relevant for both report and vulnerability.

</details>

<details>

<summary><code>problemtype</code></summary>

Information on the problem a report or vulnerability is concerned with. This has three components:

* `classof`: class of a report or vuln, can take values `AIID Incident`, `ATLAS Case Study`, `CVE Entry`, `Third-party Report`, `LLM Evaluation`, or `Undefined`.
* `type`: whether a report is an `Issue`, `Advisory`, `Measurement`, or `Detection`.
* `description`: details of the problem that has occurred.

</details>

<details>

<summary><code>affects</code></summary>

Information about the AI artifact(s) that have been affected.

* `developer`: information about the developer of the affected artifact(s)
* `deployer`: information about the deployer of the affected artifact(s)
* `artifacts`: list of name and type (dataset, model, or system) of artifacts affected.

</details>

<details>

<summary><code>metrics</code></summary>

This class is only relevant in reports. It is strucured as a list of objects that store quantitative evaluation results for a specific metric.

Each such object has the following components.

* The `name` of the metric being measured
* The `detection_method` if any to determine if the metric value is risky enough, and its type (`static_threshold` or `statistical_test`)

</details>

<details>

<summary><code>references</code></summary>

This class contains a list of references about a vulnerability or report, that contain relevant information about the problem. A reference can be the link to an article, code in an online repository, an uploaded screenshot, or freeform text giving additional details.

</details>

<details>

<summary><code>impact</code></summary>

This class stores impact information, such as different taxonomy mappings, harm and severity scores.

Currently it contains a single field `avid`, which encodes the AVID taxonomy mappings of the vulnerability or report.&#x20;

</details>

<details>

<summary><code>credit</code></summary>

This class stores information about person(s) or entity(s) that can be credited with finding out a report or vulnerability.

</details>