Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage table below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name Scope CNA Contact Email and/or
Webpage (if applicable)
CNA Type*
MITRE Corporation All vulnerabilities not already listed on this page MITRE CVE Request web form Primary CNA
Distributed Weakness Filing Project Any open source software issues not already covered by MITRE or another CNA

DWF GitHub page
Third-Party Coordinator
Adobe Systems Incorporated Adobe issues only

Adobe security page
Software Vendor
Airbus All Airbus products as well as vulnerabilities in third-party software discovered by Airbus that are not covered by another CNA. Vulnerability Researcher
Alibaba, Inc. Projects listed on its Alibaba GitHub website only Alibaba website

Alibaba GitHub website
Software Vendor
Android (associated with Google Inc. or Open Handset Alliance) Android issues only

Android security page
Software Vendor
Apache Software Foundation Apache Software and Apache HTTP Server issues only

Apache security page
Software Vendor
Apple Inc. Apple issues only

Apple security page
Software Vendor
Atlassian Atlassian issues only Software Vendor
Autodesk All currently supported Autodesk Applications and Cloud Services. Software Vendor
BlackBerry BlackBerry and Good product issues only

Blackberry security page
Software Vendor
Brocade Communications Systems, Inc. Brocade and Ruckus Wireless issues only

Brocade security page
Software Vendor
CA Technologies CA Technologies issues only

CA security page
Software Vendor
CERT/CC Vulnerability assignment related to its vulnerability coordination role

CERT/CC contact page
Third-Party Coordinator
Check Point Software Technologies Ltd. Check Point Security Gateways product line only Software Vendor
Cisco Systems, Inc. Cisco issues only

Cisco security page
Software Vendor
Dahua Technologies Dahua issues only

Dahua security page
Software Vendor
Debian GNU/Linux Debian issues only

Debian security page
Software Vendor
Dell EMC Dell EMC, Dell, RSA, Pivotal, and VCE issues only

Dell EMC security page
Software Vendor
Distributed Weakness Filing Project (DWF) See listing at top of this table All projects hosted under only

Drupal security advisories page
Software Vendor
Duo Security, Inc. All Duo products and any third-party research targets that are not already in another CNA's scope. Vulnerability Researcher
Eclipse Foundation Eclipse IDE and the Eclipse Foundation's,, and open source projects only

Eclipse security page
Software Vendor
Elastic Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only

Elastic security page
Software Vendor
F5 Networks F5 issues only Software Vendor
Flexera Software LLC All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA Software Vendor
FreeBSD Primarily FreeBSD issues only Software Vendor
Fortinet, Inc. Fortinet issues only Software Vendor
Google Inc. Chrome and Chrome OS issues only

Google app security page
Software Vendor
HackerOne Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform

HackerOne contact page
Third-Party Coordinator
Hewlett Packard Enterprise (HPE) HPE issues only Software Vendor
HP Inc. HP Inc. issues only Software Vendor
Huawei Technologies Huawei issues only

Huawei security page
Software Vendor
IBM Corporation IBM issues only Software Vendor
ICS-CERT Infrastructure sector control systems Third-Party Coordinator
Intel Corporation Intel issues only

Intel security page
Software Vendor
Internet Systems Consortium (ISC) All projects

ISC report a bug page
Software Vendor
IOActive Third-party products it researches

IOActive contact page
Vulnerability Researcher
Juniper Networks, Inc. Juniper issues only

Juniper security page
Software Vendor
JPCERT/CC Vulnerability assignment related to its vulnerability coordination role

JPCERT/CC contact page
Third-Party Coordinator
Kaspersky Labs Kaspersky B2C and B2B products as well as vulnerabilities discovered in third-party software not covered by another CNA. Vulnerability Researcher
KrCERT/CC Vulnerability assignment related to its vulnerability coordination role Third-Party Coordinator
Larry Cashdollar Third-party products he researches Vulnerability Researcher
Lenovo Group Ltd. Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only Software Vendor
MarkLogic Corporation MarkLogic issues only Software Vendor
McAfee McAfee issues only Software Vendor
Micro Focus International Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only

Micro Focus security page
Software Vendor
Microsoft Corporation Microsoft issues only

Microsoft security page
Software Vendor
MITRE Corporation See listing at top of this table
Mozilla Corporation Mozilla issues only

Mozilla security page
Software Vendor
Netflix, Inc. Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on and only Software Vendor
Netgear, Inc. Netgear issues only

Netgear security page
Software Vendor
Nvidia Corporation Nvidia issues only Software Vendor
Objective Development Software GmbH Objective Development issues only Objective Development security page Software Vendor
OpenSSL Software Foundation OpenSSL software projects only

OpenSSL contact web page
Software Vendor
Oracle Oracle issues only

Oracle security page
Software Vendor
Puppet Puppet issues only

Puppet security page
Software Vendor
Qihoo 360 Technology Co. Ltd. 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only

Qihoo 360 security page
Software Vendor
Qualcomm, Inc. Qualcomm and Snapdragon issues only Software Vendor
Rapid7, Inc. All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA

Rapid7 security page
Vulnerability Researcher
Red Hat, Inc. Linux issues only

Red Hat security page
Software Vendor
Schneider Electric SE Schneider Electric products only

Schneider Electric security page
Software Vendor
Siemens AG Siemens issues only

Siemens security page
Software Vendor
Silicon Graphics (SGI) SGI issues only Software Vendor
Symantec Corporation Symantec issues only

Symantec security page
Software Vendor
Synology Inc. Synology issues including its network attached storage (NAS) products only

Synology security page
Software Vendor
Talos Third-party products it researches

Talos web page
Vulnerability Researcher
Tenable Network Security, Inc. Tenable products and third-party products they research not covered by another CNA

Tenable security page
Software Vendor
TIBCO Software Inc. TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only Software Vendor
Trend Micro, Inc. Trend Micro supported products and end-of-life products issues only

Trend Micro security page
Software Vendor
Ubuntu/Linux (Canonical Ltd.) Ubuntu/Linux issues only

Ubuntu security page
Software Vendor
VMware VMware issues only Software Vendor
Yandex N.V. Yandex issues only Software Vendor
Zero Day Initiative Products and projects covered by its bug bounty programs not already covered by another CNA

ZDI contact page
Third-Party Coordinator
ZTE Corporation ZTE products only Software Vendor

* Key for CNA Types:

MITRE (Primary CNA) PGP Key

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: August 16, 2017