A vulnerability has a lifecycle which is bound to different events. These events are documented in the timeline of the vulnerability. Like the disclosure of the advisory, announcement of an exploit or release of a patched software version.

Timelines help to understand the context of a vulnerability. For example they make it possible to determine the time until an issue was detected or the time between public disclosure and official fix.