CVE® is a list of entries—each containing an identification number, a
description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

CVE Entries are used in numerous cybersecurity products and services from around the world,
including the U.S. National Vulnerability Database (NVD).

CNAs World Map - September 2018

CVE Numbering Authorities (CNAs)

Totals CNAs: 92 | Total Countries: 16

CNAs include vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs.

CNAs are how the CVE List is built. Every CVE Entry added to the list is assigned by a CNA.

More >>

A Look at the CVE and CVSS Relationship

We’ve received a few questions recently about the Common Vulnerability Scoring System (CVSS) and vulnerability severity scoring, so as a reminder, CVSS is a separate program from CVE.

CVE’s sole purpose it to provide common vulnerability identifiers called “CVE Entries.” CVE does not provide severity scoring or prioritization ratings for software vulnerabilities.

However, while separate, the CVSS standard can be used to score the severity of CVE Entries.

Page Last Updated or Reviewed: October 11, 2018