Common Vulnerabilities and Exposures

Latest News

1 Product from VirtuStream Now Registered as Officially "CVE-Compatible"

Reminder to Update Products, Services, and Processes to the New CVE-ID Numbering Format

Security Automation Workshop 2014, August 26-28

CVE Identifiers Used throughout Symantec's "2014 Internet Security Threat Report"

CVE, CWE, and CAPEC Are Main Topics of Article about the "Heartbleed" Bug on MITRE's Cybersecurity Blog

More News »

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Technical Guidance for Handling the New CVE-ID Syntax is now available on the CVE Web site. As of January 1, 2014, the format for CVE-IDs changed from 4 fixed digits to arbitrary digits in CVE-IDs.

This new resource on the CVE Web site provides technical guidance and test data for developers and consumers for tools, web sites, and other capabilities that use CVE Identifiers (CVE-IDs), including the following: considerations for input and output formats, considerations for extraction or parsing, extraction and conversion methods for CVE-IDs, an example conversion algorithm for incoming IDs, and CVE-ID Test Data for Implementers available for download in a ZIP file.

Feedback about this guidance, and/or the test data, is welcome at cve-id-change@mitre.org.