diff --git a/database/affected_feature_type.go b/database/affected_feature_type.go
new file mode 100644
index 00000000..950ddeae
--- /dev/null
+++ b/database/affected_feature_type.go
@@ -0,0 +1,26 @@
+// Copyright 2018 clair authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package database
+
+// AffectedFeatureType indicates the type of feature that a vulnerability
+// affects.
+type AffectedFeatureType string
+
+const (
+	// AffectSourcePackage indicates the vulnerability affects a source package.
+	AffectSourcePackage AffectedFeatureType = "source"
+	// AffectBinaryPackage indicates the vulnerability affects a binary package.
+	AffectBinaryPackage AffectedFeatureType = "binary"
+)
diff --git a/database/models.go b/database/models.go
index e448f31b..5f63cbc1 100644
--- a/database/models.go
+++ b/database/models.go
@@ -199,8 +199,10 @@ type VulnerabilityWithFixedIn struct {
 // by a Vulnerability. Namespace and Feature Name is unique. Affected Feature is
 // bound to vulnerability.
 type AffectedFeature struct {
-	Namespace   Namespace
-	FeatureName string
+	// AffectedType determines which type of package it affects.
+	AffectedType AffectedFeatureType
+	Namespace    Namespace
+	FeatureName  string
 	// FixedInVersion is known next feature version that's not affected by the
 	// vulnerability. Empty FixedInVersion means the unaffected version is
 	// unknown.
@@ -229,7 +231,7 @@ type Vulnerability struct {
 	Metadata MetadataMap
 }
 
-// VulnerabilityWithAffected is an vulnerability with all known affected
+// VulnerabilityWithAffected is a vulnerability with all known affected
 // features.
 type VulnerabilityWithAffected struct {
 	Vulnerability