add Support of EPSS

docs/schema.md

@@ -499,6 +499,7 @@ describes the quantitative method used to calculate the associated `score`.
 | `CVSS_V2` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/v2/) that is == 2.0 (e.g.`"AV:L/AC:M/Au:N/C:N/I:P/A:C"`).|
 | `CVSS_V3` | A CVSS vector string representing the unique characteristics and severity of the vulnerability using a version of the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/) that is >= 3.0 and < 4.0 (e.g.`"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"`).|
 | `CVSS_V4` | A CVSS vector string representing the unique characterictics and severity of the vulnerability using a version on the [Common Vulnerability Scoring System notation](https://www.first.org/cvss/) that is >= 4.0 and < 5.0 (e.g. `"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"`). |
+| `EPSS_V1` | EPSS is a measure of exploitability, it is estimating the probability of observing any exploitation attempts against a vulnerability in the next 30 days(https://www.first.org/epss/faq), it containes score and percentile. |
 | Your quantitative severity type here. | [Send us a PR](https://github.com/ossf/osv-schema/compare). |
 
 ### severity[].score field

validation/schema.json

@@ -290,7 +290,8 @@
             "enum": [
               "CVSS_V2",
               "CVSS_V3",
-              "CVSS_V4"
+              "CVSS_V4",
+              "EPSS_V1"
             ]
           },
           "score": {