Releases: bawbel/ave
AVE v1.1.0 — 51 records, schema v1.0.0
AVE v1.1.0 — 51 records, schema v1.0.0, full detection coverage
Released: 2026-06-21
What changed
All 48 original records migrated to schema v1.0.0.
Every record now validates against the canonical schema. Fields promoted to top level,
references converted to structured objects, evidence declaration fields backfilled on
all records. The --skip-validation flag is no longer needed in ave-site builds.
3 new records — 51 total.
| AVE ID | Title | Severity | AIVSS |
|---|---|---|---|
| AVE-2026-00049 | HTTP Host Header Injection (BadHost) | HIGH | 7.2 |
| AVE-2026-00050 | Parasitic Toolchain — Silent Tool Registration | HIGH | 7.2 |
| AVE-2026-00051 | OAuth Discovery Rebinding | HIGH | 7.2 |
Identified as confirmed genuine gaps from a benchmark across MCPSecBench, FSF-MCP,
MCP-SafetyBench, and Hou et al. 2025. Each ships with a detection rule and
positive/negative fixtures.
Detection rules and fixtures for every record.
102 tests passing — 51 records x 2 fixtures each. Every record now has a rule
in bawbel/scanner and both a positive fixture (must trigger) and a negative
fixture (must not trigger).
AIVSS score corrections on 6 records.
Formula was not applied correctly and some ThM values were outside the valid set
{0.75, 0.90, 1.0}. All 51 records now pass formula verification.
| Record | Old | New | Reason |
|---|---|---|---|
| AVE-2026-00046 | 9.1 | 9.2 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00047 | 7.8 | 7.6 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00048 | 8.2 | 7.7 | ThM corrected to 0.90 (PoC exists) |
| AVE-2026-00049 | 7.5 | 7.2 | ThM corrected to 1.0 (in-the-wild) |
| AVE-2026-00050 | 7.8 | 7.2 | ThM corrected to 0.90 (PoC exists) |
| AVE-2026-00051 | 8.1 | 7.2 | ThM corrected; cvss_base raised to 9.5 |
AVE-in-SARIF convention published.
docs/specs/ave-in-sarif.md defines how AVE findings travel as SARIF into the
GitHub Security tab and CI systems. Covers required fields, severity mapping,
taxonomies block, and a complete minimal SARIF example.
Research benchmark published.
docs/agents/research/benchmark-2026-06.md maps 87 classes across 6 external
datasets against the AVE record set. Identifies 1 genuine remaining gap
(resource exhaustion / agentic DoS) and confirms Hou et al. 2025 is fully
covered (16/16).
Offline record set
All 51 records as a single downloadable JSON array — for air-gapped environments,
bundled scanner installs, and offline tooling:
ave-records-v1.1.0.json
(51 records, schema v1.0.0, ~220KB)
Links
- Registry: https://ave.bawbel.io/registry.html
- Schema reference: https://ave.bawbel.io/schema.html
- Threat intel API: https://api.piranha.bawbel.io
- Scanner (reference implementation): https://github.com/bawbel/scanner
- Implementer guide: docs/specs/ave-implementer-guide.md
Full changelog: CHANGELOG.md
AVE v1.0.0 — first stable schema release
AVE v1.0.0 — Release notes
Date: 2026-06-18
Tag: v1.0.0
Schema: ave-record-1.0.0.schema.json
Registry: https://ave.bawbel.io
Repo: https://github.com/bawbel/ave
The first stable release of the AVE standard
AVE (Agentic Vulnerability Enumeration) is an open behavioral vulnerability standard for agentic AI components — skill files, MCP servers, plugins, and agent tools. v1.0.0 is the first production-ready release: canonical schema, 48 published records, a public registry, crosswalks to the tools the field already uses, and a complete governance structure for the open-source community.
Records
48 records published. The full record set covers attack classes from prompt injection and credential exfiltration through rug-pull, cross-app escalation, MCP tool hook hijacking, and unsafe agent delegation chains.
| Severity | Count |
|---|---|
| CRITICAL | 1 |
| HIGH | 6 |
| MEDIUM | 39 |
| LOW | 2 |
GitHub templates updated:
- Pull request template — v1.0.0 schema, fixture requirement, no stale SPEC.md refs
ave_submissionissue template — issue-first workflow, variant vs new class checkave_false_positive,ave_schema_change,ave_bug_reportissue templates
Fixture and test infrastructure
tests/fixtures/ and rules/ are the intended locations for detection
rules and positive/negative test fixtures per record. The test runner design
is documented in the codebase (tests/test_fixtures.py pattern using pytest
parametrize over fixture pairs). Fixtures for the 48 records will be added
in v1.1 alongside the schema migration.
What does not change between releases
- Published
ave_idvalues are permanent - The
$idURL for schema v1.0.0 is permanent:https://ave.bawbel.io/schema/ave-record-1.0.0.schema.json spec_version: "0.8"in the AIVSS object (a constant, not versioned by AVE)