Common Vulnerabilities and Exposures

Latest News

Status Update on the CVE ID Syntax Change

MITRE Hosts CVE Booth at InfoSec World 2013

CVE Mentioned in "Automating Security Compliance & Operations to Protect Critical Infrastructure" Webinar

Photos from CVE Booth at RSA 2013

CVE List Surpasses 55,000 CVE Identifiers!

CVE Editor’s Commentary Page Updated

More News »

Upcoming Events

CVE booth at Black Hat Briefings 2013, July 27-August 1

More Events »

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

There are two primary ways to obtain a CVE Identifier (also called "CVE-IDs," "CVE numbers," "CVE names," and "CVEs") before publicizing a new vulnerability:

1. Contact one of the official CVE Numbering Authorities (CNAs), which will then include a CVE-ID number in its initial public announcement about your new vulnerability.
2. Contact the CVE project to Request a CVE-ID and we will provide you with our "CVE Identifier Reservation Guidelines for Researchers" and work with you to assign a CVE-ID number while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.