Common Vulnerabilities and Exposures
| Follow CVE |
  |
Request a CVE ID
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
Shortcuts for experienced users:
CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)
New users, follow these steps to request CVE IDs:
1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage or MITRE coverage tables below.
2) Contact the CNA specified below using the contact method provided.
3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).
CNA Coverage
For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.
| Product, Vendor, or Product Category Name | Scope | CNA Contact Email | CNA Website Information (if applicable) |
| MITRE Corporation | All vulnerabilities listed in the MITRE Coverage table below, plus all vulnerabilities not already listed on this page | MITRE CVE Request web form | https://cveform.mitre.org/ |
| Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com | Adobe security page |
| Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | security@android.com | Android security page |
| Apache Software Foundation | Apache Software and Apache HTTP Server issues only | security@apache.org | Apache security page |
| Apple Inc. | Apple issues only | product-security@apple.com | Apple security page |
| BlackBerry | BlackBerry issues only | secure@blackberry.com | N/A |
| Brocade Communications Systems, Inc. | Brocade and Ruckus Wireless issues only | sirt@brocade.com | Brocade security page |
| CERT/CC | Vulnerability assignment related to its vulnerability coordination role | cert@cert.org | CERT/CC contact page |
| Check Point Software Technologies Ltd. | Check Point Security Gateways product line only | cve@checkpoint.com | N/A |
| Cisco Systems, Inc. | Cisco issues only | cve_assign@cisco.com | Cisco security page |
| Debian GNU/Linux | Debian issues only | security@debian.org | Debian security page |
| Dell EMC | Dell EMC, Dell, RSA, Pivotal, and VCE issues only | security_alert@emc.com | Dell EMC security page |
| Distributed Weakness Filing Project | Open source software issues not already covered by MITRE or another CNA | http://iwantacve.org/ | DWF GitHub page |
| Drupal.org | All projects hosted under drupal.org only | security@drupal.org | Drupal security advisories page |
| Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only | security@eclipse.org | Eclipse security page |
| Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only | security@eclipse.org | Elastic security page |
| F5 Networks | F5 issues only | f5sirt@f5.com | N/A |
| Flexera Software LLC | All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA | PSIRT-CNA@flexerasoftware.com | N/A |
| FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org | N/A |
| Fortinet, Inc. | Fortinet issues only | psirt@fortinet.com | N/A |
| Google Inc. | Chrome and Chrome OS issues only | security@google.com | Google app security page |
| HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform | support@hackerone.com | Hackerone contact page |
| Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | N/A |
| HP Inc. | HP Inc. issues only | hp-security-alert@hp.com | N/A |
| Huawei Technologies | Huawei issues only | psirt@huawei.com | N/A |
| IBM Corporation | IBM issues only | psirt@us.ibm.com | N/A |
| ICS-CERT | Infrastructure sector control systems | ics-cert@hq.dhs.gov | N/A |
| Intel Corporation | Intel issues only | secure@intel.com | Intel security page |
| Internet Systems Consortium (ISC) | All ISC.org projects | security-officer@isc.org | ISC report a bug page |
| IOActive | Third-party products it researches | info@ioactive.com | IOActive contact page |
| Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net | Juniper security page |
| JPCERT/CC | Asia Pacific region | vultures@jpcert.or.jp | JPCERT/CC contact page |
| KrCERT/CC | Korea | vuln@krcert.or.kr | N/A |
| Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only | psirt@lenovo.com | N/A |
| MarkLogic Corporation | MarkLogic issues only | security@marklogic.com | N/A |
| McAfee | McAfee issues only | psirt@mcafee.com | N/A |
| Micro Focus International | Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only | security@suse.com | Micro Foucus security page |
| Microsoft Corporation | Microsoft issues only | secure@microsoft.com | Microsoft security page |
| Mozilla Corporation | Mozilla issues only | security@mozilla.org | Mozilla security page |
| Netgear, Inc. | Netgear issues only | security@netgear.com | Netgear security page |
| Nvidia Corporation | Nvidia issues only | psirt@nvidia.com | N/A |
| Objective Development Software GmbH | Objective Development issues only | N/A | Objective Development security page |
| OpenSSL Software Foundation | OpenSSL software projects only | openssl-security@openssl.org | OpenSSL contact web page |
| Oracle: Oracle issues only | Oracle issues only | secalert_us@oracle.com | Oracle security page |
| Puppet | Puppet issues only | security@puppet.com | Puppet security page |
| Qihoo 360 Technology Co. Ltd. | 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only | security@360.cn | Qihoo 360 security page |
| Qualcomm, Inc. | Qualcomm and Snapdragon issues only | product-security@qualcomm.com | N/A |
| Red Hat, Inc. | Linux issues only | secalert@redhat.com | Red Hat security page |
| Schneider Electric SE | Schneider Electric products only | cybersecurity@schneider-electric.com | Schneider Electric security page |
| Siemens AG | Siemens issues only | productcert@siemens.com | Siemens security page |
| Silicon Graphics (SGI) | SGI issues only | security-info@sgi.com | N/A |
| Symantec Corporation | Symantec issues only | secure@symantec.com | Symantec security page |
| TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only | security@tibco.com | N/A |
| Ubuntu/Linux (Canonical Ltd.) | Ubuntu/Linux issues only | security@ubuntu.com | Ubuntu security page |
| VMware | VMware issues only | security@vmware.com | N/A |
| Yandex N.V. | Yandex issues only | browser-security@yandex-team.ru | N/A |
MITRE Coverage
MITRE is the CNA for all products listed below, as well as for any other products not list on this page.To contact MITRE, use the CVE Request web form. |
| Product Name |
| A10 Networks |
| Acer: PC Server/Desktop/Notebook product lines |
| Adtran |
| Agilent |
| AirWatch |
| Alcatel-Lucent |
| AMD |
| ARCserve |
| Arista Networks |
| Aruba Networks |
| ASUS: PC Server/Desktop/Notebook product lines |
| Atlassian |
| Avast |
| Avaya |
| b2evolution |
| Barracuda Networks |
| Bitdefender |
| Blue Coat |
| BMC |
| Borland |
| CA Technologies |
| CentOS |
| certificate-transparency |
| Citrix |
| Cloudera |
| CMS Made Simple |
| CommuniGate Pro |
| Corel |
| CoreMedia CMS |
| Dart |
| django CMS |
| docSTAR eclipse |
| DokuWiki |
| Dotclear |
| DotCMS |
| DotNetNuke |
| Duo Security |
| Ektron CMS |
| ESET |
| Exponent CMS |
| Fedora |
| FirstSpirit |
| Foswiki |
| Foxit (foxitsoftware.com) |
| FreeSWITCH |
| F-Secure |
| Fujitsu: Desktop/Notebook product lines |
| Geeklog |
| Gentoo (Linux) |
| Good for Enterprise |
| Grails |
| Groovy |
| Hitachi Information Technology products |
| HTC |
| iDirect |
| ikiwiki |
| ImpressPages |
| Invision Power Suite |
| Ipswitch |
| Joomla! |
| Kaspersky Lab |
| kernel.org: Linux kernel |
| knockoutjs.com Knockout |
| Lexmark |
| LG: mobile devices |
| LibreOffice |
| LibreSSL |
| Liferay |
| LiteSpeed Web Server |
| LogMeIn |
| Magento |
| MIT Kerberos |
| MobileIron |
| MODX |
| MoinMoin |
| Motorola Mobility: mobile devices |
| Movable Type |
| Mura CMS |
| MyBB |
| MySQL |
| NaviServer |
| NetApp |
| NetBSD |
| Nokia |
| Novius OS |
| OpenBSD |
| OpenLDAP |
| OpenSSH |
| OpenStack |
| openSUSE |
| OpenText FirstClass |
| OpenXava |
| Open-Xchange |
| Opera |
| Palo Alto Networks |
| Panda Security |
| Perl |
| PHP |
| PhpWiki |
| Pivotal |
| PivotX |
| Play Framework |
| Plone |
| Pluck |
| PmWiki |
| polymer-project.org Polymer |
| PowerMTA |
| Pulse Secure (formerly Juniper Junos) |
| Python |
| RealNetworks |
| Resin |
| Ruby |
| Samba |
| Samsung: mobile devices |
| SAP |
| SAS |
| Scalix |
| SDL Tridion |
| Sendmail |
| Serendipity |
| SilverStripe |
| Sitecore Experience Platform |
| SolarWinds |
| Sophos |
| Splunk |
| Tenable Network Security |
| Tiki |
| Trend Micro |
| TrueCrypt |
| TWiki |
| TYPO3 |
| Ubiquiti Networks |
| Umbraco |
| vBulletin |
| VeraCrypt |
| Veritas Software |
| WatchGuard |
| WebKit |
| Webroot |
| Websense |
| WinZip |
| WordPress |
| Workshare |
| Xen |
| XOOPS |
| Zikula |
| Zimbra Collaboration Suite |
Requesting CVE IDs from MITRE (Primary CNA)
Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
A PGP key is available for encrypted communications:
Key ID: 8B5618B6 Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6 Key size: 4096 Public key: Click to download
NOTE: PGP key updated August 2016
For questions, or assistance about how to use the information on this page, please contact us.
