The current schema has few issues like there are no flags like URLs etc to validate vulnerabilities found by scanners.
Have a look at: https://github.com/zapbot/zap-mgmt-scripts/tree/master/vulnerableApp for more information.

We either need to add another endpoint like scanners that contain the flags or we need to introduce the flags in the same VulnerabilityDefinitions schema.

While designing we need to consider not only DAST but also SAST tools.