CVE - Request a CVE ID

Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage or MITRE coverage tables below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name	Scope	CNA Contact Email	CNA Website Information (if applicable)
MITRE Corporation	All vulnerabilities listed in the MITRE Coverage table below, plus all vulnerabilities not already listed on this page	MITRE CVE Request web form	https://cveform.mitre.org/
Adobe Systems Incorporated	Adobe issues only	psirt@adobe.com	Adobe security page
Android (associated with Google Inc. or Open Handset Alliance)	Android issues only	security@android.com	Android security page
Apache Software Foundation	Apache Software and Apache HTTP Server issues only	security@apache.org	Apache security page
Apple Inc.	Apple issues only	product-security@apple.com	Apple security page
Atlassian	Atlassian issues only	security@atlassian.com	N/A
BlackBerry	BlackBerry and Good product issues only	secure@blackberry.com	Blackberry security page
Brocade Communications Systems, Inc.	Brocade and Ruckus Wireless issues only	sirt@brocade.com	Brocade security page
CA Technologies	CA Technologies issues only	vuln@ca.com	CA security page
CERT/CC	Vulnerability assignment related to its vulnerability coordination role	cert@cert.org	CERT/CC contact page
Check Point Software Technologies Ltd.	Check Point Security Gateways product line only	cve@checkpoint.com	N/A
Cisco Systems, Inc.	Cisco issues only	cve_assign@cisco.com	Cisco security page
Dahua Technologies	Dahua issues only	cybersecurity@dahuatech.com	Dahua security page
Debian GNU/Linux	Debian issues only	security@debian.org	Debian security page
Dell EMC	Dell EMC, Dell, RSA, Pivotal, and VCE issues only	security_alert@emc.com	Dell EMC security page
Distributed Weakness Filing Project	Open source software issues not already covered by MITRE or another CNA	http://iwantacve.org/	DWF GitHub page
Drupal.org	All projects hosted under drupal.org only	security@drupal.org	Drupal security advisories page
Eclipse Foundation	Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only	security@eclipse.org	Eclipse security page
Elastic	Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only	security@eclipse.org	Elastic security page
F5 Networks	F5 issues only	f5sirt@f5.com	N/A
Flexera Software LLC	All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA	PSIRT-CNA@flexerasoftware.com	N/A
FreeBSD	Primarily FreeBSD issues only	secteam@freebsd.org	N/A
Fortinet, Inc.	Fortinet issues only	psirt@fortinet.com	N/A
Google Inc.	Chrome and Chrome OS issues only	security@google.com	Google app security page
HackerOne	Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform	support@hackerone.com	Hackerone contact page
Hewlett Packard Enterprise (HPE)	HPE issues only	security-alert@hpe.com	N/A
HP Inc.	HP Inc. issues only	hp-security-alert@hp.com	N/A
Huawei Technologies	Huawei issues only	psirt@huawei.com	Huawei security page
IBM Corporation	IBM issues only	psirt@us.ibm.com	N/A
ICS-CERT	Infrastructure sector control systems	ics-cert@hq.dhs.gov	N/A
Intel Corporation	Intel issues only	secure@intel.com	Intel security page
Internet Systems Consortium (ISC)	All ISC.org projects	security-officer@isc.org	ISC report a bug page
IOActive	Third-party products it researches	info@ioactive.com	IOActive contact page
Juniper Networks, Inc.	Juniper issues only	sirt@juniper.net	Juniper security page
JPCERT/CC	Vulnerability assignment related to its vulnerability coordination role	vultures@jpcert.or.jp	JPCERT/CC contact page
KrCERT/CC	Vulnerability assignment related to its vulnerability coordination role	vuln@krcert.or.kr	N/A
Lenovo Group Ltd.	Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only	psirt@lenovo.com	N/A
MarkLogic Corporation	MarkLogic issues only	security@marklogic.com	N/A
McAfee	McAfee issues only	psirt@mcafee.com	N/A
Micro Focus International	Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only	security@suse.com	Micro Foucus security page
Microsoft Corporation	Microsoft issues only	secure@microsoft.com	Microsoft security page
Mozilla Corporation	Mozilla issues only	security@mozilla.org	Mozilla security page
Netgear, Inc.	Netgear issues only	security@netgear.com	Netgear security page
Nvidia Corporation	Nvidia issues only	psirt@nvidia.com	N/A
Objective Development Software GmbH	Objective Development issues only	N/A	Objective Development security page
OpenSSL Software Foundation	OpenSSL software projects only	openssl-security@openssl.org	OpenSSL contact web page
Oracle: Oracle issues only	Oracle issues only	secalert_us@oracle.com	Oracle security page
Puppet	Puppet issues only	security@puppet.com	Puppet security page
Qihoo 360 Technology Co. Ltd.	360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only	security@360.cn	Qihoo 360 security page
Qualcomm, Inc.	Qualcomm and Snapdragon issues only	product-security@qualcomm.com	N/A
Red Hat, Inc.	Linux issues only	secalert@redhat.com	Red Hat security page
Schneider Electric SE	Schneider Electric products only	cybersecurity@schneider-electric.com	Schneider Electric security page
Siemens AG	Siemens issues only	productcert@siemens.com	Siemens security page
Silicon Graphics (SGI)	SGI issues only	security-info@sgi.com	N/A
Symantec Corporation	Symantec issues only	secure@symantec.com	Symantec security page
Synology Inc.	Synology issues including its network attached storage (NAS) products only	security@synology.com	Synology security page
TIBCO Software Inc.	TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only	security@tibco.com	N/A
Ubuntu/Linux (Canonical Ltd.)	Ubuntu/Linux issues only	security@ubuntu.com	Ubuntu security page
VMware	VMware issues only	security@vmware.com	N/A
Yandex N.V.	Yandex issues only	browser-security@yandex-team.ru	N/A

MITRE Coverage

MITRE is the CNA for all products listed below, as well as for any other products not list on this page.

To contact MITRE, use the CVE Request web form.

Product Name

A10 Networks

Acer: PC Server/Desktop/Notebook product lines

Adtran

Agilent

AirWatch

Alcatel-Lucent

AMD

ARCserve

Arista Networks

Aruba Networks

ASUS: PC Server/Desktop/Notebook product lines

Avast

Avaya

b2evolution

Barracuda Networks

Bitdefender

Blue Coat

BMC

Borland

CentOS

certificate-transparency

Citrix

Cloudera

CMS Made Simple

CommuniGate Pro

Corel

CoreMedia CMS

Dart

django CMS

docSTAR eclipse

DokuWiki

Dotclear

DotCMS

DotNetNuke

Duo Security

Ektron CMS

ESET

Exponent CMS

Fedora

FirstSpirit

Foswiki

Foxit (foxitsoftware.com)

FreeSWITCH

F-Secure

Fujitsu: Desktop/Notebook product lines

Geeklog

Gentoo (Linux)

Grails

Groovy

Hitachi Information Technology products

HTC

iDirect

ikiwiki

ImpressPages

Invision Power Suite

Ipswitch

Joomla!

Kaspersky Lab

kernel.org: Linux kernel

knockoutjs.com Knockout

Lexmark

LG: mobile devices

LibreOffice

LibreSSL

Liferay

LiteSpeed Web Server

LogMeIn

Magento

MIT Kerberos

MobileIron

MODX

MoinMoin

Motorola Mobility: mobile devices

Movable Type

Mura CMS

MyBB

MySQL

NaviServer

NetApp

NetBSD

Nokia

Novius OS

OpenBSD

OpenLDAP

OpenSSH

OpenStack

openSUSE

OpenText FirstClass

OpenXava

Open-Xchange

Opera

Palo Alto Networks

Panda Security

Perl

PHP

PhpWiki

Pivotal

PivotX

Play Framework

Plone

Pluck

PmWiki

polymer-project.org Polymer

PowerMTA

Pulse Secure (formerly Juniper Junos)

Python

RealNetworks

Resin

Ruby

Samba

Samsung: mobile devices

SAP

SAS

Scalix

SDL Tridion

Sendmail

Serendipity

SilverStripe

Sitecore Experience Platform

SolarWinds

Sophos

Splunk

Tenable Network Security

Tiki

Trend Micro

TrueCrypt

TWiki

TYPO3

Ubiquiti Networks

Umbraco

vBulletin

VeraCrypt

Veritas Software

WatchGuard

WebKit

Webroot

Websense

WinZip

WordPress

Workshare

Xen

XOOPS

Zikula

Zimbra Collaboration Suite

Requesting CVE IDs from MITRE (Primary CNA)

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download

NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.