About CVE Entries

CVE Entries (also referred to by the community as "CVE Identifiers," "CVE IDs," "CVE names," "CVE numbers," and "CVEs") are unique, common identifiers for publicly known cybersecurity vulnerabilities. Information is included about the topics below.

    CVE Entries Defined
    Creation of CVE Entries
    Requesting CVE IDs
    Enhanced Info for CVE Entries & Scoring

CVE Entries Defined

Each CVE Entry includes the following:

  • CVE ID number with four or more digits in the sequence number portion of the ID (e.g., "CVE-1999-0067", "CVE-2014-12345", "CVE-2016-7654321").
  • Brief description of the security vulnerability or exposure.
  • Any pertinent references (i.e., vulnerability reports and advisories).

States of CVE Entries

More details about?

How do I?

Other questions?

Creation of CVE Entries

The process of creating a CVE Entry begins with the discovery of a potential security vulnerability or exposure. The information is then assigned a CVE ID by a CVE Numbering Authority (CNA), a Description and References are added by the CNA, and then the CVE Entry is posted on the CVE website by the Primary CNA.

The documents below explain the creation of entries in more detail:

CVE List Rules and Guidance

CVE List Rules and Guidance, which are the guidelines the CVE program uses to ensure that CVE Entries are created in a consistent fashion, independent of which CVE Numbering Authority (CNA) is doing the creation, include the following:


CVE Numbering Authorities

Defines the role and responsibilities of CNAs; shows the number and types of participating CNAs from around the world; provides documentation for CNAs, including the CNA Rules document and Researcher Reservation Guidelines; and provides details of how to become a CNA.


Participating CNAs

Provides a list of the products and product categories covered by all CVE Numbering Authorities (CNAs), including the Primary CNA.


CVE References

Each CVE Entry includes appropriate references. Each reference used in CVE (1) identifies the source, (2) includes a well-defined identifier to facilitate searching on a source's website, and (3) notes the associated CVE ID. CVE also includes a Reference Maps page with links to documents from the commonly used information sources that are used as references for CVE Entries.


Primary CNA's CVE Data Sources - Current

This page provides a list of the sources used by the CVE Team only to assign CVE IDs as the Primary CNA.


FAQs

FAQs from the Frequently Asked Questions page also address specific questions about CVE Entries on the following topics:

Requesting CVE IDs

To receive a CVE ID for your issue you must contact a CVE Numbering Authority (CNA). See Request a CVE ID for details.

Enhanced Info for CVE Entries & Scoring

U.S. National Vulnerability Database (NVD)

Launched by the National Institute of Standards and Technology (NIST) in 2005, NVD provides a vulnerability database of enhanced CVE content that is fully synchronized with the CVE List, so any updates to the CVE List appear immediately in NVD.


In addition to advanced searching (e.g., by operating system, etc.), NVD also provides the following enhanced CVE content:

Page Last Updated or Reviewed: July 02, 2018