In the vulnerabilities directory there is one json file for each vulnerability. There is one called template.json which is a good starting point for new files and the rest are named according to the name of the vulnerability (with spaces replaced with underscores). All facts need citations, where none is currently available then a [citation-needed] will be printed in the html. As many citations will be reused for multiple facts citations are specified by a reference string and there is a references object with all the details for each reference.
The references object is stored under the key 'references' in the json file. It has a series of key -> object pairs where the key is the reference id and the object is a reference object. The reference object contains key -> string or key -> list string pairs. It contains a url key which lists the url for the reference and may also contain:
In the vulnerability json object dates are either lists of 1 or 2 elements (first being the ISO format date YYYY-MM-DD and second the reference) or they are a date object with a date key pointing to the ISO date string and optionally a bound and a ref key.
Other elements are specified either as a string/list of strings (for authoritative facts like name and submission details) or as 1/2 element lists of value and reference id.
Keys are as follows: