Request CVE IDs

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.


New users, follow these steps to request CVE IDs:

  1. Locate the correct CVE Numbering Authority (CNA) whose scope includes the product affected by the vulnerability in the Participating CNAs table below.
  2. Contact the CNA specified below using the contact method provided.
  3. If the product affected by the vulnerability is not covered by a CNA listed below, please contact the CVE Program Root CNA.

Participating CNAs

CNAs are listed alphabetically:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Product, Vendor, or Product Category Name Scope CNA Contact Email and/or
Webpage (if applicable)
CNA Type*
MITRE Corporation All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page MITRE CVE Request web form Program Root CNA

Secretariat
Adobe Systems Incorporated Adobe issues only psirt@adobe.com

Adobe security contact page

Adobe Disclosure Policy

Adobe Security Advisories
Vendors and Projects
Airbus All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope vuln@airbus.com

Airbus Vulnerability Handling and Disclosure
Vendors and Projects

Vulnerability Researchers
Alias Robotics S.L. All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope cve@aliasrobotics.com

Alias Robotics Disclosure Policy

Alias Robotics Advisories
Vendors and Projects

Vulnerability Researchers
Alibaba, Inc. Projects listed on its Alibaba GitHub website only alibaba-cna@list.alibaba-inc.com

Alibaba website

Alibaba GitHub website
Vendors and Projects
Ampere Computing Ampere issues only psirt@amperecomputing.com

Ampere Disclosure Policy

Ampere Advisories
Vendors and Projects
Android (associated with Google Inc. or Open Handset Alliance) Android issues only android-cna-team@google.com

Android Security Rewards Program Rules

Android Disclosure Policy

Android Security Advisories
Vendors and Projects
Apache Software Foundation All Apache Software Foundation issues security@apache.org

Apache security contact page

Apache Disclosure Policy
Vendors and Projects
Apple Inc. Apple issues only product-security@apple.com

Apple security contact page

Apple Disclosure Policy

Apple Security Advisories
Vendors and Projects
Appthority All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not in another CNA’s scope security@appthority.com

Appthority Disclosure Policy

Appthority Advisories
Vendors and Projects

Vulnerability Researchers
Asea Brown Boveri Ltd. (ABB) ABB issues only cybersecurity@ch.abb.com

ABB Disclosure Policy

ABB Advisories
Vendors and Projects
Atlassian All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ security@atlassian.com

Atlassian Disclosure Policy

Atlassian Security Advisories
Vendors and Projects
Autodesk All currently supported Autodesk Applications and Cloud Services psirt@autodesk.com

Autodesk Security Advisories
Vendors and Projects
Avaya, Inc. All Avaya products securityalerts@avaya.com

Avaya Disclosure Policy

Avaya Advisories
Vendors and Projects
Bitdefender All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope cve-requests@bitdefender.com

Bitdefender Disclosure Policy

Bitdefender Advisories
Vendors and Projects

Vulnerability Researchers
BlackBerry BlackBerry and Good product issues only secure@blackberry.com

Blackberry security contact page

Blackberry Disclosure Policy

Blackberry Security Advisories
Vendors and Projects
Robert Bosch GmbH Bosch products only psirt@bosch.com

Bosch Disclosure Policy

Bosch Advisories
Vendors and Projects
Brocade Communications Systems, LLC Brocade products only brocade.sirt@broadcom.com

Brocade Disclosure Policy

Brocade Security Advisories
Vendors and Projects
Canonical Ltd. All Canonical issues (including Ubuntu Linux) only security@ubuntu.com

Ubuntu security contact page

Canonical Security Advisories
Vendors and Projects
CA Technologies - A Broadcom Company CA Technologies issues only ca.psirt@broadcom.com

CA Technologies Disclosure Policy

CA Technologies Advisories
Vendors and Projects
CERT/CC Vulnerability assignment related to its vulnerability coordination role cert@cert.org

CERT/CC contact page

CERT/CC Disclosure Policy

CERT/CC Security Advisories
National and Industry CERTs
Check Point Software Technologies Ltd. Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope cve@checkpoint.com

Check Point Security Advisories
Vendors and Projects

Vulnerability Researchers
Chrome Chrome and Chrome OS issues, and projects that are not in another CNA’s scope Report Chrome vulnerabilities

Questions about Chrome’s CVE Entries

Google Application Security Disclosure Policy

Google Application Security Advisories
Vendors and Projects

Vulnerability Researchers
Cisco Systems, Inc. All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope psirt@cisco.com

Cisco Disclosure Policy

Cisco Advisories

psirt@duosecurity.com

Duo Security Disclosure Policy

Duo Security Advisories
Vendors and Projects

Vulnerability Researchers
Cloudflare, Inc. All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope cna@cloudflare.com

Cloudflare Disclosure Policy

Cloudflare Advisories
Vendors and Projects
Cybellum Technologies LTD All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope info@cybellum.com

Cybellum Disclosure Policy

Cybellum Advisories
Vendors and Projects
Dahua Technologies Dahua issues only cybersecurity@dahuatech.com

Dahua security page
Vendors and Projects
Debian GNU/Linux Debian issues only security@debian.org

Debian security page

Debian Security Advisories
Vendors and Projects
Dell Dell, Dell EMC, RSA, and VCE issues only secure@dell.com

Dell Disclosure Policy

Dell Advisories
Vendors and Projects
Document Foundation, The Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues security@documentfoundation.org

The Document Foundation Disclosure Policy

The Document Foundation Advisories
Vendors and Projects
Drupal.org All projects hosted under drupal.org only security@drupal.org

Drupal Disclosure Policy

Drupal Security Advisories
Vendors and Projects
Eaton Eaton issues only cybersecuritycoe@eaton.com

Eaton Disclosure Policy

Eaton Advisories
Vendors and Projects
Eclipse Foundation Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only security@eclipse.org

Eclipse Disclosure Policy

Eclipse Security Advisories
Vendors and Projects
Elastic Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only security@elastic.co

Elastic Disclosure Policy

Elastic Security Advisories
Vendors and Projects
F5 Networks F5 issues only f5sirt@f5.com

F5 Disclosure Policy

F5 Security Advisories
Vendors and Projects
Facebook, Inc. Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/ Facebook security contact page

Facebook Disclosure Policy
Vendors and Projects

Vulnerability Researchers
Fedora Project Fedora Project issues only Fedora Bug Report page

Fedora Disclosure Policy

Fedora Security Advisories
Vendors and Projects
Flexera Software LLC All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope PSIRT-CNA@flexerasoftware.com

Flexera Software Disclosure Policy
Vendors and Projects

Vulnerability Researchers
floragunn GmbH All issues related to Search Guard only security@search-guard.com

floragunn Disclosure Policy

floragunn Advisories
Vendors and Projects
Forcepoint Forcepoint products only psirt@forcepoint.com

Forcepoint security page
Vendors and Projects
Fortinet, Inc. Fortinet issues only psirt@fortinet.com

Fortinet Security Advisories
Vendors and Projects
FreeBSD Primarily FreeBSD issues only secteam@freebsd.org

FreeBSD Disclosure Policy

FreeBSD Security Advisories
Vendors and Projects
GitHub, Inc. All libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA security-advisories@github.com

GitHub Disclosure Policy

GitHub Advisories
Vendors and Projects
GitHub, Inc. (Products Only) GitHub Enterprise Server issues only product-cna@github.com

GitHub (Products Only) Disclosure Policy

GitHub (Products Only) Advisories
Vendors and Projects
Google LLC Google products that are not covered by Android and Chrome, as well as vulnerabilities in third-party software discovered by Google that are not in another CNA’s scope security@google.com

Report a vulnerability

Google Application Security Disclosure Policy

Google Cloud Advisories, Google Application Security Advisories
Vendors and Projects

Vulnerability Researchers
HackerOne Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform support@hackerone.com

HackerOne contact page

HackerOne Disclosure Policy

HackerOne Security Advisories
Bug Bounty Programs
Hangzhou Hikvision Digital Technology Co., Ltd. All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) hsrc@hikvision.com

Hikvision Security Advisories
Vendors and Projects
HCL Software All HCL products only psirt@hcl.com

HCL Disclosure Policy

HCL Advisories
Vendors and Projects
Hewlett Packard Enterprise (HPE) HPE issues only security-alert@hpe.com Vendors and Projects
Hillstone Networks, Inc. All Hillstone products only sec@hillstonenet.com

Hillstone Disclosure Policy

Hillstone Advisories
Vendors and Projects
HP Inc. HP Inc. issues only hp-security-alert@hp.com

HP Disclosure Policy

HP Security Advisories
Vendors and Projects
Huawei Technologies Huawei issues only psirt@huawei.com

Huawei security contact page

Huawei Disclosure Policy

Huawei Security Advisories
Vendors and Projects
IBM Corporation All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope psirt@us.ibm.com

IBM Disclosure Policy

IBM Security Advisories
Vendors and Projects

Vulnerability Researchers
ICS-CERT Infrastructure sector control systems ics-cert@hq.dhs.gov

ICS-CERT Disclosure Policy

ICS-CERT Security Advisories

ICS-CERT Security Alerts

ICS-CERT Security Bulletins
National and Industry CERTs
Intel Corporation Intel branded products and technologies and Intel managed open source projects secure@intel.com

Intel security contact page

Intel Disclosure Policy

Intel Security Advisories
Vendors and Projects
Internet Systems Consortium (ISC) All ISC.org projects security-officer@isc.org

ISC report a bug page

ISC Disclosure Policy

ISC Security Advisories
Vendors and Projects
Jenkins Project Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only jenkinsci-cert@googlegroups.com

Jenkins Project Disclosure Policy

Jenkins Project Advisories
Vendors and Projects
Johnson Controls Johnson Controls products only productsecurity@jci.com

Johnson Controls Disclosure Policy

Johnson Controls Advisories
Vendors and Projects
JPCERT/CC Vulnerability assignment related to its vulnerability coordination role vultures@jpcert.or.jp

JPCERT/CC contact page

JPCERT/CC Disclosure Policy

JPCERT/CC Security Advisories
Root CNA

National and Industry CERTs
Juniper Networks, Inc. Juniper issues only sirt@juniper.net

Juniper security contact page

Juniper Disclosure Policy

Juniper Security Advisories
Vendors and Projects
Kaspersky Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope vulnerability@kaspersky.com

Kapersky Disclosure Policy

Kapersky Security Advisories
Vendors and Projects

Vulnerability Researchers
KrCERT/CC Vulnerability assignment related to its vulnerability coordination role vuln@krcert.or.kr

KrCERT/CC Security Advisories
National and Industry CERTs
Kubernetes Kubernetes issues only security@kubernetes.io

Kubernetes Disclosure Policy

Kubernetes Advisories
Vendors and Projects
Larry Cashdollar Third-party products he researches larry0@me.com Vulnerability Researchers
Lenovo Group Ltd. Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only psirt@lenovo.com

Lenovo Disclosure Policy

Lenovo Security Advisories
Vendors and Projects
MarkLogic Corporation MarkLogic issues only security@marklogic.com

MarkLogic Disclosure Policy

MarkLogic Security Advisories
Vendors and Projects
McAfee All McAfee products, as well as vulnerabilities in third-party software discovered by McAfee ATR that are not in another CNA’s scope security_report@mcafee.com

McAfee Disclosure Policy

McAfee Security Advisories
Vendors and Projects

Vulnerability Researchers
Micro Focus International All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites security@microfocus.com

Micro Focus Disclosure Policy

Micro Focus Advisories
Vendors and Projects
Microsoft Corporation Microsoft issues only secure@microsoft.com

Microsoft security contact page

Microsoft Disclosure Policy

Microsoft Security Advisories
Vendors and Projects
MITRE Corporation All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page MITRE CVE Request web form Program Root CNA

Secretariat
MongoDB, Inc. MongoDB products only cna@mongodb.com

MongoDB Disclosure Policy

MongoDB Advisories
Vendors and Projects
Mozilla Corporation Mozilla issues only security@mozilla.org

Mozilla Disclosure Policy

Mozilla Security Advisories
Vendors and Projects
Naver Corporation Naver products only, except Line products cve@navercorp.com

Naver Disclosure Policy

Naver Advisories
Vendors and Projects
NetApp, Inc. All NetApp products as well as projects hosted on https://github.com/netapp security-alert@netapp.com

NetApp security contact page

NetApp Disclosure Policy

NetApp Security Advisories
Vendors and Projects
Netflix, Inc. Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker security-report@netflix.com

Netflix Vulnerability Disclosure Policy

Netflix Security Advisories
Vendors and Projects
Node.js All actively developed versions of software developed under the Node.js project on https://github.com/nodejs cve-request@iojs.org

Node.js Disclosure Policy

Node.js Security Advisories
Vendors and Projects
NVIDIA Corporation NVIDIA issues only psirt@nvidia.com

NVIDIA security contact page

NVIDIA Disclosure Policy

NVIDIA Security Advisories
Vendors and Projects
Objective Development Software GmbH Objective Development issues only Objective Development security page Vendors and Projects
Odoo Odoo issues only security@odoo.com

Odoo Disclosure Policy

Odoo Advisories
Vendors and Projects
OpenSSL Software Foundation OpenSSL software projects only openssl-security@openssl.org

OpenSSL Development Disclosure Policy

OpenSSL Security Advisories
Vendors and Projects
Opera Software AS Opera issues only Opera security contact page

Opera Disclosure Policy

Opera Advisories
Vendors and Projects
OPPO Mobile Telecommunication Corp., Ltd. OPPO devices only security@oppo.com

OPPO Disclosure Policy

OPPO Advisories
Vendors and Projects
Oracle Oracle supported version product issues only; CVE IDs will not be assigned for unsupported products or versions (Oracle will confirm support status and notify researcher) secalert_us@oracle.com

Oracle security contact page

Oracle Vulnerability Disclosure Policy

Oracle Security Advisories
Vendors and Projects
OTRS AG Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only security@otrs.com

OTRS Disclosure Policy

OTRS Advisories
Vendors and Projects
Palo Alto Networks, Inc. All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope psirt@paloaltonetworks.com

Palo Alto Networks Disclosure Policy

Palo Alto Networks Advisories
Vendors and Projects

Vulnerability Researchers
PHP Group Vulnerabilities in PHP code (code in https://github.com/php/php-src) only security@php.net

PHP Group Disclosure Policy

PHP Group Advisories
Vendors and Projects
Pivotal Software, Inc. Pivotal, Spring, and Cloud Foundry issues only security@pivotal.io

Pivotal Disclosure Policy, Cloud Foundry Disclosure Policy

Pivotal Advisories, Spring Advisories, Cloud Foundry Advisories
Vendors and Projects
Puppet All Puppet products, as well as all projects on https://github.com/puppetlabs security@puppet.com

Puppet Vulnerability Disclosure Policy

Puppet Security Advisories
Vendors and Projects
QNAP Systems, Inc. QNAP QTS, QES, and QVR products as well as its mobile apps and utilities security@qnap.com

QNAP Disclosure Policy

QNAP Security Advisories
Vendors and Projects
Qualcomm, Inc. Qualcomm and Snapdragon issues only product-security@qualcomm.com

Qualcomm Disclosure Policy

Qualcomm Security Advisories
Vendors and Projects
Rapid7, Inc. All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope cve@rapid7.com

Rapid7 Disclosure Policy

Rapid7 Security Advisories
Vendors and Projects

Vulnerability Researchers
Red Hat, Inc. Linux issues only secalert@redhat.com

Red Hat security contact page

Red Hat Disclosure Policy

Red Hat Security Advisories
Vendors and Projects
Salesforce, Inc. Salesforce products only security@salesforce.com

Salesforce Disclosure Policy

Salesforce Advisories
Vendors and Projects
SAP SE All SAP products cna@sap.com

SAP Disclosure Policy

SAP Security Advisories
Vendors and Projects
Schneider Electric SE All Schneider Electric products, including Proface, Pelco, APC, and Eurotherm cybersecurity@se.com

Schneider Electric security contact page

Schneider Disclosure Policy

Schneider Security Advisories
Vendors and Projects
SICK AG SICK AG issues only psirt@sick.de

SICK Disclosure Policy

SICK Advisories
Vendors and Projects
Siemens Siemens issues only productcert@siemens.com

Siemens security contact page

Siemens Disclosure Policy

Siemens Security Advisories
Vendors and Projects
Snyk Vulnerabilities in third-party products discovered by Snyk only report@snyk.io

Snyk Disclosure Policy

Snyk Advisories
Vulnerability Researchers
SonicWall, Inc. SonicWall issues only PSIRT@sonicwall.com

SonicWall Disclosure Policy

SonicWall Advisories
Vendors and Projects
Spanish National Cybersecurity Institute, S.A. (INCIBE) Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level INCIBE CNA contact email address

INCIBE Disclosure Policy (Spanish)
INCIBE Disclosure Policy (English)

INCIBE Advisories (Spanish)
INCIBE Advisories (English)
National and Industry CERTs
Splunk Inc. Splunk products only prodsec@splunk.com

Splunk Disclosure Policy

Splunk Advisories
Vendors and Projects
SUSE All SUSE Enterprise products and openSUSE software security@suse.de

SUSE Disclosure Policy

SUSE Advisories
SUSE Advisories by CVE ID
Vendors and Projects
Symantec - A Division of Broadcom Symantec enterprise products only symantec.psirt@broadcom.com

Symantec Disclosure Policy

Symantec Advisories
Vendors and Projects
Synology Inc. Synology issues only security@synology.com

Synology security contact page

Synology Security Advisories
Vendors and Projects
Talos Third-party products it researches talos-cna@cisco.com

Talos security page

Talos Disclosure Policy

Talos Security Advisories
Vulnerability Researchers
Tcpdump Group Tcpdump and Libpcap only security@tcpdump.org

Tcpdump Disclosure Policy

Tcpdump Advisories
Vendors and Projects
Tenable Network Security, Inc. Tenable products and third-party products it researches not covered by another CNA vulnreport@tenable.com

Tenable security contact page

Tenable Disclosure Policy

Tenable Security Advisories
Vendors and Projects
360 Security Technology, Inc. 360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA security@360.cn

360 Disclosure Policy

360 Advisories
Vendors and Projects

Vulnerability Researchers
TIBCO Software Inc. TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only security@tibco.com

TIBCO Disclosure Policy

TIBCO Security Advisories
Vendors and Projects
Tigera, Inc. All vulnerabilities for Calico and all of Tigera’s products only psirt@tigera.io

Tigera Disclosure Policy

Tigera Advisories
Vendors and Projects
Trend Micro, Inc. Trend Micro supported products and end-of-life products issues only security@trendmicro.com

Trend Micro security contact page

Trend Micro Security Advisories
Vendors and Projects
TWCERT/CC Vulnerability assignment related to its vulnerability coordination role cve@cert.org.tw

Chinese:
TWCERT/CC Disclosure Policy
TWCERT/CC Advisories

English:
TWCERT/CC Disclosure Policy
TWCERT/CC Advisories
National and Industry CERTs
VMware VMware issues only security@vmware.com

VMware Disclosure Policy

VMware Security Advisories
Vendors and Projects
Yandex N.V. Yandex issues only browser-security@yandex-team.ru

Yandex Disclosure Policy

Yandex Security Advisories
Vendors and Projects
Zephyr Project Zephyr project components, and vulnerabilities that are not in another CNA’s scope vulnerabilities@zephyrproject.org Vendors and Projects
Zero Day Initiative Products and projects covered by its bug bounty programs that are not in another CNA’s scope zdi-disclosures@trendmicro.com

ZDI contact page

ZDI Disclosure Policy

ZDI Security Advisories
Bug Bounty Programs
ZTE Corporation ZTE products only psirt@zte.com.cn

ZTE Disclosure Policy

ZTE Security Advisories
Vendors and Projects

* Key for CNA Types:

CVE Program Root CNA PGP Key

Please use our CVE Request web form to request CVE IDs directly from the CVE Program Root CNA (currently MITRE). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		903E4008
Fingerprint:	F59F 1525 57C5 3CE4 BEAE B86E F357 D0E9 903E 4008
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated March 2020

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: April 01, 2020