> ## Documentation Index
> Fetch the complete documentation index at: https://docs.replit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security concepts

> Glossary of security terms used across the Project and Workspace Security Centers — CVE, severity, SBOM, exposure, Fix with Agent, Republish, and Auto-Protect.

Definitions of the security terms used across the [Project Security Center](/references/security/project-security-center) and [Workspace Security Center](/references/security/workspace-security-center).

## CVE

Common Vulnerabilities and Exposures. A CVE is a unique identifier, such as `CVE-2024-12345`, for a publicly disclosed software vulnerability.

## Severity

The risk rating for a vulnerability: critical, high, medium, or low. Use severity with exposure to decide which projects to fix first.

## Dependency

A third-party package that your project depends on. Vulnerabilities in dependencies affect every project that uses them until the dependency is updated or replaced.

## SBOM

Software Bill of Materials. An SBOM is a machine-readable inventory of packages, versions, and licenses in a project.

## SPDX and CycloneDX

Standard SBOM formats used by security and compliance tooling. Choose the format your audit, compliance, or software composition analysis tool expects.

## Exposure

The risk surface created by publishing status and visibility. A public, published project has higher exposure than a private or unpublished project.

## Fix with Agent

An action that asks Replit Agent to draft a patch for an affected project as a background task. Review the generated change before applying it.

## Republish

Redeploys a project using its existing deployment configuration. Use **Republish** after a fix is applied to release the patched version.

## Auto-Protect

An admin opt-in mode that continuously monitors newly disclosed CVEs against your projects' dependencies. When a match is found, Replit Agent prepares a patch and notifies the project owner.