Request a CVE Identifier

CVE Identifier number reservation allows researchers and vendors to include CVE Identifier numbers — also called CVE-IDs and CVEs — in the initial public announcement of a vulnerability, and ensures that the CVE Identifier number is instantly available to all CVE users and makes it easier to track vulnerabilities over time. The methods by which researchers may request CVE Identifier number(s) are described below.

Main Methods

Contact one of the officially recognized CVE Numbering Authorities (CNAs), which will then include a CVE Identifier number in its initial public announcement about your new vulnerability.

Or, contact an emergency response team such as CERT/CC, etc., post the information to mailing lists such as Bugtraq, or provide the information to a vulnerability analysis team.

Alternative Method

If you are unable to obtain a CVE Identifier number via the main methods above, you may request a CVE Identifier number directly from the CVE project. To reserve a CVE Identifier number before publicizing a new vulnerability, vulnerability researchers may contact cve-assign@mitre.org and we will provide you with our "CVE-ID Reservation Guidelines for Researchers" document. We will then work with you to assign a CVE Identifier number for the issue while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.

A PGP key is available for encrypted communications:
Key ID: 62F20979
Fingerprint: 5E3D 53BB BDDD 7F2A 5DAD 579C BE78 AE12 62F2 0979
Key size: 4096
NOTE: PGP key updated August 2015
 
Page Last Updated: August 20, 2015