Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage or MITRE coverage tables below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name CNA Website Contact (if applicable) CNA Contact Email
MITRE: all vulnerabilities listed in the MITRE Coverage table below, plus all vulnerabilities not already listed on this page MITRE CVE Request web form https://cveform.mitre.org/
Adobe Adobe Systems Incorporated psirt@adobe.com
Android (associated with Google or Open Handset Alliance) Google Inc. security@google.com
Apache Software Foundation and Apache HTTP Server Apache Software Foundation security@apache.org
Apple Apple Inc. product-security@apple.com
BlackBerry N/A secure@blackberry.com
Brocade Brocade Communications Systems sirt@brocade.com
CERT/CC: vulnerability assignment related to its vulnerability coordination role CERT/CC cert@cert.org
Check Point Software Technologies: Security Gateways product line N/A cve@checkpoint.com
Cisco Cisco Systems, Inc. cve_assign@cisco.com
Debian Debian GNU/Linux security@debian.org
Dell EMC: Dell EMC, RSA, Pivotal, and VCE products Dell EMC security_alert@emc.com
Distributed Weakness Filing Project: open source software issues not already covered by MITRE or another CNA Distributed Weakness Filing Project http://iwantacve.org/
F5 Networks N/A f5sirt@f5.com
FreeBSD N/A secteam@freebsd.org
Fortinet: FortiGate product line N/A psirt@fortinet.com
Google Chrome Google Inc. security@google.com
HackerOne: provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform N/A support@hackerone.com
Hewlett Packard Enterprise (HPE) N/A security-alert@hpe.com
HP Inc. N/A hp-security-alert@hp.com
Huawei Technologies N/A psirt@huawei.com
IBM N/A psirt@us.ibm.com
ICS-CERT: infrastructure sector control systems N/A ics-cert@hq.dhs.gov
Intel Intel Corporation secure@intel.com
ISC: all ISC.org projects Internet Systems Consortium security-officer@isc.org
Juniper Juniper Networks, Inc. sirt@juniper.net
JPCERT/CC: Asia Pacific region JPCERT/CC vultures@jpcert.or.jp
KrCERT/CC: Korea N/A vuln@krcert.or.kr
Lenovo: general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products N/A psirt@lenovo.com
MarkLogic Corporation N/A security@marklogic.com
McAfee: McAfee products N/A ISecG.PSIRT@intel.com
Microsoft Microsoft Corporation secure@microsoft.com
Mozilla Mozilla Corporation security@mozilla.org
Novell Micro Focus International security@suse.com
Nvidia N/A psirt@nvidia.com
Objective Development Software N/A cna@obdev.at
OpenSSL OpenSSL Software Foundation openssl-security@openssl.org
Oracle Oracle secalert_us@oracle.com
Puppet Puppet security@puppet.com
Red Hat Red Hat, Inc. secalert@redhat.com
Silicon Graphics (SGI) N/A security-info@sgi.com
SUSE Micro Focus International security@suse.com
Symantec Symantec Corporation secure@symantec.com
TIBCO: TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands N/A security@tibco.com
Ubuntu/Linux Canonical Ltd. security@ubuntu.com
VMWare N/A security@vmware.com
Yandex N.V. N/A browser-security@yandex-team.ru

MITRE Coverage

MITRE is the CNA for all products listed below, as well as for any other products not list on this page.

To contact MITRE, use the CVE Request web form.
Product Name
A10 Networks
Acer: PC Server/Desktop/Notebook product lines
Adtran
Agilent
AirWatch
Alcatel-Lucent
AMD
ARCserve
Arista Networks
Aruba Networks
ASUS: PC Server/Desktop/Notebook product lines
Atlassian
Avast
Avaya
b2evolution
Barracuda Networks
Bitdefender
Blue Coat
BMC
Borland
CA Technologies
CentOS
certificate-transparency
Citrix
Cloudera
CMS Made Simple
CommuniGate Pro
Corel
CoreMedia CMS
Dart
django CMS
docSTAR eclipse
DokuWiki
Dotclear
DotCMS
DotNetNuke
Drupal
Duo Security
Ektron CMS
ESET
Exponent CMS
Fedora
FirstSpirit
Foswiki
Foxit (foxitsoftware.com)
FreeSWITCH
F-Secure
Fujitsu: Desktop/Notebook product lines
Geeklog
Gentoo (Linux)
Good for Enterprise
Grails
Groovy
Hitachi Information Technology products
HTC
iDirect
ikiwiki
ImpressPages
Invision Power Suite
Ipswitch
Joomla!
Kaspersky Lab
kernel.org: Linux kernel
knockoutjs.com Knockout
Lexmark
LG: mobile devices
LibreOffice
LibreSSL
Liferay
LiteSpeed Web Server
LogMeIn
Magento
MIT Kerberos
MobileIron
MODX
MoinMoin
Motorola Mobility: mobile devices
Movable Type
Mura CMS
MyBB
MySQL
NaviServer
NetApp
NetBSD
Nokia
Novius OS
OpenBSD
OpenLDAP
OpenSSH
OpenStack
openSUSE
OpenText FirstClass
OpenXava
Open-Xchange
Opera
Palo Alto Networks
Panda Security
Perl
PHP
PhpWiki
Pivotal
PivotX
Play Framework
Plone
Pluck
PmWiki
polymer-project.org Polymer
PowerMTA
Pulse Secure (formerly Juniper Junos)
Python
RealNetworks
Resin
Ruby
Samba
Samsung: mobile devices
SAP
SAS
Scalix
SDL Tridion
Sendmail
Serendipity
SilverStripe
Sitecore Experience Platform
SolarWinds
Sophos
Splunk
Tenable Network Security
Tiki
Trend Micro
TrueCrypt
TWiki
TYPO3
Ubiquiti Networks
Umbraco
vBulletin
VeraCrypt
Veritas Software
WatchGuard
WebKit
Webroot
Websense
WinZip
WordPress
Workshare
Xen
XOOPS
Zikula
Zimbra Collaboration Suite

Requesting CVE IDs from MITRE (Primary CNA)

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: February 10, 2017