advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md

title	DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema
description	Learn about the software vulnerabilities tracked by Microsoft Defender Vulnerability Management in the DeviceTvmSoftwareVulnerabilitiesKB table of the advanced hunting schema.
search.appverid	met150
ms.service	defender-xdr
ms.subservice	adv-hunting
f1.keywords	NOCSH
ms.author	pauloliveria
author	poliveria
ms.localizationpriority	medium
manager	dansimp
audience	ITPro
ms.collection	m365-security tier3
ms.custom	cx-ti cx-ah
appliesto	Microsoft Defender XDR Microsoft Sentinel in the Microsoft Defender portal
ms.topic	reference
ms.date	03/28/2025

DeviceTvmSoftwareVulnerabilitiesKB

[!INCLUDE Microsoft Defender XDR rebranding]

The DeviceTvmSoftwareVulnerabilitiesKB table in the advanced hunting schema contains the list of vulnerabilities Microsoft Defender Vulnerability Management assesses devices for. Use this reference to construct queries that return information from the table.

This advanced hunting table is populated by records from Microsoft Defender for Endpoint. If your organization hasn’t deployed the service in Microsoft Defender XDR, queries that use the table aren’t going to work or return any results. For more information about how to deploy Defender for Endpoint in Defender XDR, read Deploy supported services.

For information on other tables in the advanced hunting schema, see the advanced hunting reference.

Column name	Data type	Description
CveId	string	Unique identifier assigned to the security vulnerability under the Common Vulnerabilities and Exposures (CVE) system
CvssScore	string	Severity score assigned to the security vulnerability under the Common Vulnerability Scoring System (CVSS)
IsExploitAvailable	boolean	Indicates whether exploit code for the vulnerability is publicly available
VulnerabilitySeverityLevel	string	Severity level assigned to the security vulnerability based on the CVSS score and dynamic factors influenced by the threat landscape
LastModifiedTime	datetime	Date and time the item or related metadata was last modified
PublishedDate	datetime	Date vulnerability was disclosed to the public
VulnerabilityDescription	string	Description of the vulnerability and associated risks
AffectedSoftware	dynamic	List of all software products affected by the vulnerability

Related topics

• Proactively hunt for threats
• Learn the query language
• Use shared queries
• Hunt across devices, emails, apps, and identities
• Understand the schema
• Apply query best practices
• Overview of Microsoft Defender Vulnerability Management [!INCLUDE Microsoft Defender XDR rebranding]