diff --git a/google/cloud/osconfig_v1/types/vulnerability.py b/google/cloud/osconfig_v1/types/vulnerability.py
index b5f53a8..0fe97e6 100644
--- a/google/cloud/osconfig_v1/types/vulnerability.py
+++ b/google/cloud/osconfig_v1/types/vulnerability.py
@@ -80,6 +80,8 @@ class Vulnerability(proto.Message):
             update_time (google.protobuf.timestamp_pb2.Timestamp):
                 The timestamp for when the vulnerability was
                 last modified.
+            items (Sequence[google.cloud.osconfig_v1.types.VulnerabilityReport.Vulnerability.Item]):
+                List of items affected by the vulnerability.
         """
 
         class Details(proto.Message):
@@ -136,6 +138,40 @@ class Reference(proto.Message):
                 message="VulnerabilityReport.Vulnerability.Details.Reference",
             )
 
+        class Item(proto.Message):
+            r"""OS inventory item that is affected by a vulnerability or
+            fixed as a result of a vulnerability.
+
+            Attributes:
+                installed_inventory_item_id (str):
+                    Corresponds to the ``INSTALLED_PACKAGE`` inventory item on
+                    the VM. This field displays the inventory items affected by
+                    this vulnerability. If the vulnerability report was not
+                    updated after the VM inventory update, these values might
+                    not display in VM inventory. For some operating systems,
+                    this field might be empty.
+                available_inventory_item_id (str):
+                    Corresponds to the ``AVAILABLE_PACKAGE`` inventory item on
+                    the VM. If the vulnerability report was not updated after
+                    the VM inventory update, these values might not display in
+                    VM inventory. If there is no available fix, the field is
+                    empty. The ``inventory_item`` value specifies the latest
+                    ``SoftwarePackage`` available to the VM that fixes the
+                    vulnerability.
+                fixed_cpe_uri (str):
+                    The recommended `CPE
+                    URI <https://cpe.mitre.org/specification/>`__ update that
+                    contains a fix for this vulnerability.
+                upstream_fix (str):
+                    The upstream OS patch, packages or KB that
+                    fixes the vulnerability.
+            """
+
+            installed_inventory_item_id = proto.Field(proto.STRING, number=1,)
+            available_inventory_item_id = proto.Field(proto.STRING, number=2,)
+            fixed_cpe_uri = proto.Field(proto.STRING, number=3,)
+            upstream_fix = proto.Field(proto.STRING, number=4,)
+
         details = proto.Field(
             proto.MESSAGE,
             number=1,
@@ -149,6 +185,9 @@ class Reference(proto.Message):
         update_time = proto.Field(
             proto.MESSAGE, number=5, message=timestamp_pb2.Timestamp,
         )
+        items = proto.RepeatedField(
+            proto.MESSAGE, number=6, message="VulnerabilityReport.Vulnerability.Item",
+        )
 
     name = proto.Field(proto.STRING, number=1,)
     vulnerabilities = proto.RepeatedField(