diff --git a/samples/negative/development/vulnerability_sample_no-CVE.json b/samples/negative/development/vulnerability_sample_no-CVE.json
new file mode 100644
index 0000000..4ae4855
--- /dev/null
+++ b/samples/negative/development/vulnerability_sample_no-CVE.json
@@ -0,0 +1,24 @@
+{
+  "Version": "development",
+  "ReporterInfo": {
+    "ReporterOrg": "ExampleOrg",
+    "ReporterOrgDomain": "example.com",
+    "ReporterOrgEmail": "reports@example.com",
+    "ReporterContactEmail": "contact@example.com",
+    "ReporterContactName": "Mr. Example",
+    "ReporterContactPhone": "+ 01 000 1234567"
+  },
+  "Disclosure": true,
+  "Report": {
+    "ReportClass": "Vulnerability",
+    "ReportType": "Vulnerability",
+    "Date": "2024-01-05T17:07:10Z",
+    "SourceIp": "192.07.2.594",
+    "SourcePort": 443,
+    "CVSS": {
+      "Version": "3.1",
+      "Score": 10.0,
+      "Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  }
+}
diff --git a/samples/positive/development/vulnerability_sample.json b/samples/positive/development/vulnerability_sample.json
new file mode 100644
index 0000000..46addb2
--- /dev/null
+++ b/samples/positive/development/vulnerability_sample.json
@@ -0,0 +1,25 @@
+{
+  "Version": "development",
+  "ReporterInfo": {
+    "ReporterOrg": "ExampleOrg",
+    "ReporterOrgDomain": "example.com",
+    "ReporterOrgEmail": "reports@example.com",
+    "ReporterContactEmail": "contact@example.com",
+    "ReporterContactName": "Mr. Example",
+    "ReporterContactPhone": "+ 01 000 1234567"
+  },
+  "Disclosure": true,
+  "Report": {
+    "ReportClass": "Vulnerability",
+    "ReportType": "Vulnerability",
+    "Date": "2024-01-05T17:07:10Z",
+    "SourceIp": "192.07.2.255",
+    "SourcePort": 443,
+    "CVE": "CVE-1234-78941",
+    "CVSS": {
+      "Version": "3.1",
+      "Score": 10.0,
+      "Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
+    }
+  }
+}
diff --git a/schemas/development/vulnerability.schema.json b/schemas/development/vulnerability.schema.json
new file mode 100644
index 0000000..d6bf181
--- /dev/null
+++ b/schemas/development/vulnerability.schema.json
@@ -0,0 +1,43 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://raw.githubusercontent.com/xarf/schema-discussion/master/schemas/development/vulnerability.schema.json",
+  "title": "XARF WEBCRAWLER",
+  "description": "A format to report Vulnerability events.",
+  "allOf": [
+    {
+      "$ref": "xarf_shared.schema.json#/properties/XarfBase"
+    },
+    {
+      "type": "object",
+      "properties": {
+        "Report": {
+          "allOf": [
+            {
+              "$ref": "xarf_shared.schema.json#/properties/IpAndUrlBasedReport"
+            },
+            {
+              "type": "object",
+              "properties": {
+                "ReportClass": {
+                  "type": "string",
+                  "enum": ["Vulnerability"]
+                },
+                "ReportType": {
+                  "type": "string",
+                  "enum": ["Vulnerability"]
+                }
+              }
+            },
+            {
+              "$ref": "xarf_shared.schema.json#/properties/CVE"
+            },
+            {
+              "$ref": "xarf_shared.schema.json#/properties/CVSS"
+            }
+          ],
+          "required": ["CVE"]
+        }
+      }
+    }
+  ]
+}
diff --git a/schemas/development/xarf.schema.json b/schemas/development/xarf.schema.json
index c91fcf2..10086b7 100644
--- a/schemas/development/xarf.schema.json
+++ b/schemas/development/xarf.schema.json
@@ -51,6 +51,9 @@
     },
     {
       "$ref": "harassment.schema.json"
+    },
+    {
+      "$ref": "vulnerability.schema.json"
     }
   ]
 }