CVE Data Sources and Coverage

Current data sources, product coverage, and coverage goals for CVE are noted below. A list of past data sources has been archived for informational purposes.

CVE Coverage Goals

CVE's coverage goals are stated in terms of sources of information (e.g., websites, vendor advisories, vulnerability databases) and products (e.g., Microsoft Office, Red Hat Enterprise Linux).

Sources

CVE separates sources into two major groups: (1) "Full Coverage," for those that should be fully covered; and (2) "Partial Coverage," for those that should be partially covered.

Full Coverage

For nearly all issues disclosed by the source that could be associated with a CVE entry, there will be an associated CVE entry, regardless of the criticality of the issue. Although a source is named as Full Coverage, we purposely use the phrasing “nearly all issues disclosed” to allow the flexibility to potentially postpone coverage of minor issues.

Partial Coverage

The source will be actively monitored but issues will be processed and associated with CVE entries based on a variety of editorial judgments.

As a bridge to the product coverage goals (see Products below), we further sub-divide each of these lists into two sub-lists:

  • Vendor - meaning the source can be associated with a vendor or primary maintainer of a product or set of products.
  • Other - a catch-all for things like vulnerability databases, mailing lists and advisories from coordination centers, which tend to disclose vulnerability information from many different vendors.

NOTE:  MITRE actively monitors many sources beyond this list. These sources include things like blogs from vulnerability researchers, conference proceedings, and media outlets. Monitoring this set of sources has proven to be productive for and informative to the CVE analysts. Which sources are of most utility is highly dependent on a given situation. As such, we don't believe it of general utility to list them all specifically.

Full Coverage Sources - Vendor Related

  • Adobe
  • Apache Software Foundation: Apache HTTP Server
  • Apple
  • Attachmate: Novell
  • Attachmate: SUSE
  • Blue Coat - kb.bluecoat.com
  • CA - support.ca.com
  • Check Point: Security Gateways product line (supportcenter.checkpoint.com)
  • Cisco: Security Advisories/Responses
  • Citrix - support.citrix.com
  • Debian
  • Dell Desktop/Notebook product lines
  • Dell SonicWALL Network Security product line - Service Bulletins
  • EMC, as published through Bugtraq
  • F5 - support.f5.com
  • Fortinet FortiGate product line (kb.fortinet.com)
  • Fujitsu Desktop/Notebook product lines
  • Google: Google Chrome (includes WebKit)
  • HP: Security Bulletins
  • IBM: issues in IBM ISS X-Force Database
  • Internet Systems Consortium (ISC)
  • Juniper: juniper.net/customers/support (JunOS?)
  • Lenovo Desktop/Notebook product lines
  • McAfee - kc.mcafee.com
  • Microsoft: Security Bulletins/Advisories
  • MIT Kerberos
  • Mozilla
  • OpenSSH
  • OpenSSL
  • Oracle: Critical Patch Updates
  • RealNetworks (real.com)
  • Red Hat
  • RIM/BlackBerry- blackberry.com/btsc
  • Samba Security Updates and Information
  • SAP - scn.sap.com/docs/DOC-8218
  • Sendmail
  • Sophos - sophos.com/support/knowledgebase
  • Symantec: Security Advisories
  • Ubuntu (Linux)
  • VMware
  • Websense - websense.com/content/support.aspx

Full Coverage Sources - Other

  • HP: TippingPoint DVLabs
  • HP: TippingPoint Zero Day Initiative
  • ICS-CERT: ADVISORY
  • MITRE CNA open-source requests
  • US-CERT: Technical Cyber Security Alerts
  • VeriSign iDefense

Partial Coverage Sources - Vendor Related

  • Android (associated with Google or Open Handset Alliance)
  • Apache Software Foundation: Apache Tomcat
  • Apache Software Foundation: other
  • CentOS
  • Check Point: checkpoint.com/defense/advisories/public/summary.html
  • Cisco: Release Note Enclosures (RNE)
  • Drupal
  • Fedora
  • FoxIt Support Center - Security Advisories
  • FreeBSD
  • Gentoo (Linux)
  • Google: other (not Chrome or Android)
  • IBM ISS X-Force for non-IBM products
  • IBM: issues not in IBM ISS X-Force Database
  • Joomla!
  • Juniper - JTAC Technical Bulletins
  • kernel.org (Linux kernel)
  • Mandriva
  • NetBSD
  • OpenBSD
  • PHP core language interpreter
  • SCO
  • TYPO3
  • WordPress

Partial Coverage Sources - Other

  • The VIM (Vulnerability Information Managers) mailing list: attrition.org/pipermail/vim
  • AusCERT
  • Core Security CoreLabs
  • DOE JC3 (formerly DOE CIRC and CIAC)
  • Full Disclosure mailing list
  • HP: TippingPoint Pwn2Own
  • Exploit Database: http://www.exploit-db.com/
  • ICS-CERT: ALERT
  • Juniper: J-Security Center - Threats and Vulnerabilities
  • Microsoft: Vulnerability Research (MSVR)
  • oss-security mailing list
  • Open Sourced Vulnerability Database (OSVDB)
  • Packet Storm
  • Rapid7 Metasploit
  • Secunia
  • SecuriTeam
  • SecurityTracker
  • Symantec: SecurityFocus BugTraq (securityfocus.com/archive/1)
  • Symantec: SecurityFocus Bugtraq ID (securityfocus.com/bid)
  • United Kingdom CPNI (formerly NISCC)
  • US-CERT: Vulnerability Notes

Covered Products

  • A10 Networks
  • Acer: PC Server/Desktop/Notebook product lines
  • Adobe
  • Adtran
  • Agilent
  • AirWatch
  • Alcatel-Lucent
  • AMD
  • Android (associated with Google or Open Handset Alliance)
  • Apache Software Foundation
  • Apache Software Foundation: Apache HTTP Server
  • Apple
  • ARCserve
  • Arista Networks
  • Aruba Networks
  • ASUS: PC Server/Desktop/Notebook product lines
  • Atlassian
  • Attachmate: Novell
  • Attachmate: SUSE
  • Avast
  • Avaya
  • b2evolution
  • Barracuda Networks
  • Bitdefender
  • Blue Coat
  • BMC
  • Borland
  • Brocade Communications Systems
  • CA Technologies
  • CentOS
  • certificate-transparency
  • Check Point: Security Gateways product line
  • Cisco
  • Citrix
  • Cloudera
  • CMS Made Simple
  • CommuniGate Pro
  • Corel
  • CoreMedia CMS
  • Dart
  • Debian
  • Dell: Desktop/Notebook product lines
  • Dell: general-purpose computers and tablets, software for general-purpose operating systems, printers, enterprise storage and networking products
  • Dell: SonicWALL Network Security product line
  • django CMS
  • docSTAR eclipse
  • DokuWiki
  • Dotclear
  • DotCMS
  • DotNetNuke
  • Drupal
  • Duo Security
  • Ektron CMS
  • EMC
  • ESET
  • Exponent CMS
  • F5
  • Fedora
  • FirstSpirit
  • Fortinet
  • Fortinet: FortiGate product line
  • Foswiki
  • Foxit (foxitsoftware.com)
  • FreeBSD
  • FreeSWITCH
  • F-Secure
  • Fujitsu: Desktop/Notebook product lines
  • Geeklog
  • Gentoo (Linux)
  • Good for Enterprise
  • Google: Google Chrome
  • Grails
  • Groovy
  • Hewlett Packard Enterprise
  • Hitachi Information Technology products
  • HP Inc.
  • HTC
  • Huawei
  • IBM
  • iDirect
  • ikiwiki
  • ImpressPages
  • Intel
  • Intel: McAfee
  • Internet Systems Consortium (ISC)
  • Invision Power Suite
  • Ipswitch
  • Joomla!
  • Juniper
  • Kaspersky Lab
  • kernel.org: Linux kernel
  • knockoutjs.com Knockout
  • Lenovo: general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage and networking products
  • Lexmark
  • LG: mobile devices
  • LibreOffice
  • LibreSSL
  • Liferay
  • LiteSpeed Web Server
  • LogMeIn
  • Magento
  • Microsoft
  • MIT Kerberos
  • MobileIron
  • MODX
  • MoinMoin
  • Motorola Mobility: mobile devices
  • Movable Type
  • Mozilla
  • Mura CMS
  • MyBB
  • MySQL
  • NaviServer
  • NetApp
  • NetBSD
  • Nokia
  • Novius OS
  • Nvidia
  • OpenBSD
  • OpenLDAP
  • OpenSSH
  • OpenSSL
  • OpenStack
  • openSUSE
  • OpenText FirstClass
  • OpenXava
  • Open-Xchange
  • Opera
  • Oracle
  • Palo Alto Networks
  • Panda Security
  • Perl
  • PHP
  • PhpWiki
  • Pivotal
  • PivotX
  • Play Framework
  • Plone
  • Pluck
  • PmWiki
  • polymer-project.org Polymer
  • PowerMTA
  • Pulse Secure (formerly Juniper Junos)
  • Python
  • RealNetworks
  • Red Hat
  • Resin
  • RIM/BlackBerry
  • Ruby
  • Samba
  • Samsung: mobile devices
  • SAP
  • SAS
  • Scalix
  • SDL Tridion
  • Sendmail
  • Serendipity
  • SilverStripe
  • Sitecore Experience Platform
  • SolarWinds
  • Sophos
  • Splunk
  • Symantec
  • Tenable Network Security
  • Tibco
  • Tiki
  • Trend Micro
  • TrueCrypt
  • TWiki
  • TYPO3
  • Ubiquiti Networks
  • Ubuntu
  • Umbraco
  • vBulletin
  • VeraCrypt
  • Veritas Software
  • VMware
  • WatchGuard
  • WebKit
  • Webroot
  • Websense
  • WinZip
  • WordPress
  • Workshare
  • Xen
  • XOOPS
  • Zikula
  • Zimbra Collaboration Suite
 
Page Last Updated: May 25, 2016