Open XML Advisory Format

Open XML Advisory Format is an XML format developed to assist researchers during the process of reporting security vulnerabilities to software vendors and writing the corresponding security advisories.

From this XML different outputs can be generated: text, HTML, wiki format, etc. The structured advisory information makes it easier to extract statistics about the vulnerabilities and the reporting process.


  • AltovaXML or a similar XML processor.


  • OXAF v2.2 - May 11, 2011 - (zip)


An advisory template and several examples are included in the .zip file.

To generate the output formats (text, HTML, wiki), you can use build  to invoke the XML processor.


The Open XML Advisory Format is released under a BSD license ( on behalf of Core Security Technologies.


Title Open XML Advisory Format

Release date 2010-11-24

License type BSD 3 clause

Attachments - Open XML Advisory Format v2.2



Fernando Miranda