Common Vulnerabilities and Exposures |
|
||||
Power user
shortcuts:
Request CVE IDs
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
New users, follow these steps to request CVE IDs:
- Locate the correct CVE Numbering Authority (CNA) whose scope includes the product affected by the vulnerability in the Participating CNAs table below.
- Contact the CNA specified below using the contact method provided.
- If the product affected by the vulnerability is not covered by a CNA listed below, please contact the CVE Program Root CNA.
Participating CNAs
CNAs are listed alphabetically:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
| Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
| MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA Secretariat |
| Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com
Adobe security contact page Adobe Disclosure Policy Adobe Security Advisories |
Vendors and Projects |
| Airbus | All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope | vuln@airbus.com
Airbus Vulnerability Handling and Disclosure |
Vendors and Projects Vulnerability Researchers |
| Alias Robotics S.L. | All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope | cve@aliasrobotics.com
Alias Robotics Disclosure Policy Alias Robotics Advisories | Vendors and Projects Vulnerability Researchers |
| Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | alibaba-cna@list.alibaba-inc.com
Alibaba website Alibaba GitHub website |
Vendors and Projects |
| Ampere Computing | Ampere issues only | psirt@amperecomputing.com
Ampere Disclosure Policy Ampere Advisories | Vendors and Projects |
| Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | android-cna-team@google.com
Android Security Rewards Program Rules Android Disclosure Policy Android Security Advisories |
Vendors and Projects |
| Apache Software Foundation | All Apache Software Foundation issues |
security@apache.org
Apache security contact page Apache Disclosure Policy |
Vendors and Projects |
| Apple Inc. | Apple issues only | product-security@apple.com
Apple security contact page Apple Disclosure Policy Apple Security Advisories |
Vendors and Projects |
| Appthority | All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not in another CNA’s scope | security@appthority.com
Appthority Disclosure Policy Appthority Advisories | Vendors and Projects Vulnerability Researchers |
| Asea Brown Boveri Ltd. (ABB) | ABB issues only | cybersecurity@ch.abb.com
ABB Disclosure Policy ABB Advisories | Vendors and Projects |
| Atlassian | All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ | security@atlassian.com
Atlassian Disclosure Policy Atlassian Security Advisories |
Vendors and Projects |
| Autodesk | All currently supported Autodesk Applications and Cloud Services | psirt@autodesk.com
Autodesk Security Advisories |
Vendors and Projects |
| Avaya, Inc. | All Avaya products | securityalerts@avaya.com
Avaya Disclosure Policy Avaya Advisories | Vendors and Projects |
| Bitdefender | All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope | cve-requests@bitdefender.com
Bitdefender Disclosure Policy Bitdefender Advisories | Vendors and Projects Vulnerability Researchers |
| BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com
Blackberry security contact page Blackberry Disclosure Policy Blackberry Security Advisories |
Vendors and Projects |
| Robert Bosch GmbH | Bosch products only | psirt@bosch.com
Bosch Disclosure Policy Bosch Advisories | Vendors and Projects |
| Brocade Communications Systems, LLC | Brocade products only |
brocade.sirt@broadcom.com
Brocade Disclosure Policy Brocade Security Advisories |
Vendors and Projects |
| Canonical Ltd. | All Canonical issues (including Ubuntu Linux) only |
security@ubuntu.com
Ubuntu security contact page Canonical Security Advisories |
Vendors and Projects |
| CA Technologies - A Broadcom Company | CA Technologies issues only |
ca.psirt@broadcom.com
CA Technologies Disclosure Policy CA Technologies Advisories | Vendors and Projects |
| CERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cert@cert.org
CERT/CC contact page CERT/CC Disclosure Policy CERT/CC Security Advisories |
National and Industry CERTs |
| Check Point Software Technologies Ltd. | Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope |
cve@checkpoint.com
Check Point Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Chrome | Chrome and Chrome OS issues, and projects that are not in another CNA’s scope | Report Chrome vulnerabilities
Questions about Chrome’s CVE Entries Google Application Security Disclosure Policy Google Application Security Advisories | Vendors and Projects Vulnerability Researchers |
| Cisco Systems, Inc. | All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope | psirt@cisco.com
Cisco Disclosure Policy Cisco Advisories psirt@duosecurity.com Duo Security Disclosure Policy Duo Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Cloudflare, Inc. | All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope | cna@cloudflare.com
Cloudflare Disclosure Policy Cloudflare Advisories |
Vendors and Projects |
| Cybellum Technologies LTD | All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope | info@cybellum.com
Cybellum Disclosure Policy Cybellum Advisories |
Vendors and Projects |
| Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com Dahua security page | Vendors and Projects |
| Debian GNU/Linux | Debian issues only | security@debian.org
Debian security page Debian Security Advisories |
Vendors and Projects |
| Dell | Dell, Dell EMC, RSA, and VCE issues only |
secure@dell.com
Dell Disclosure Policy Dell Advisories | Vendors and Projects |
| Document Foundation, The | Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues | security@documentfoundation.org
The Document Foundation Disclosure Policy The Document Foundation Advisories | Vendors and Projects |
| Drupal.org | All projects hosted under drupal.org only |
security@drupal.org
Drupal Disclosure Policy Drupal Security Advisories |
Vendors and Projects |
| Eaton | Eaton issues only | cybersecuritycoe@eaton.com
Eaton Disclosure Policy Eaton Advisories | Vendors and Projects |
| Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only |
security@eclipse.org
Eclipse Disclosure Policy Eclipse Security Advisories |
Vendors and Projects |
| Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only |
security@elastic.co
Elastic Disclosure Policy Elastic Security Advisories |
Vendors and Projects |
| F5 Networks | F5 issues only | f5sirt@f5.com
F5 Disclosure Policy F5 Security Advisories |
Vendors and Projects |
| Facebook, Inc. | Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/ | Facebook security contact page
Facebook Disclosure Policy |
Vendors and Projects Vulnerability Researchers |
| Fedora Project | Fedora Project issues only | Fedora Bug Report page
Fedora Disclosure Policy Fedora Security Advisories |
Vendors and Projects |
| Flexera Software LLC | All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope |
PSIRT-CNA@flexerasoftware.com
Flexera Software Disclosure Policy |
Vendors and Projects Vulnerability Researchers |
| floragunn GmbH | All issues related to Search Guard only | security@search-guard.com
floragunn Disclosure Policy floragunn Advisories | Vendors and Projects |
| Forcepoint | Forcepoint products only | psirt@forcepoint.com Forcepoint security page | Vendors and Projects |
| Fortinet, Inc. | Fortinet issues only |
psirt@fortinet.com
Fortinet Security Advisories |
Vendors and Projects |
| FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org
FreeBSD Disclosure Policy FreeBSD Security Advisories |
Vendors and Projects |
| GitHub, Inc. | All libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA | security-advisories@github.com
GitHub Disclosure Policy GitHub Advisories | Vendors and Projects |
| GitHub, Inc. (Products Only) | GitHub Enterprise Server issues only | product-cna@github.com
GitHub (Products Only) Disclosure Policy GitHub (Products Only) Advisories | Vendors and Projects |
| Google LLC | Google products that are not covered by Android and Chrome, as well as vulnerabilities in third-party software discovered by Google that are not in another CNA’s scope | security@google.com
Report a vulnerability Google Application Security Disclosure Policy Google Cloud Advisories, Google Application Security Advisories | Vendors and Projects Vulnerability Researchers |
| HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform |
support@hackerone.com
HackerOne contact page HackerOne Disclosure Policy HackerOne Security Advisories |
Bug Bounty Programs |
| Hangzhou Hikvision Digital Technology Co., Ltd. | All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) | hsrc@hikvision.com
Hikvision Security Advisories |
Vendors and Projects |
| HCL Software | All HCL products only | psirt@hcl.com
HCL Disclosure Policy HCL Advisories | Vendors and Projects |
| Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | Vendors and Projects |
| Hillstone Networks, Inc. | All Hillstone products only |
sec@hillstonenet.com
Hillstone Disclosure Policy Hillstone Advisories | Vendors and Projects |
| HP Inc. | HP Inc. issues only | hp-security-alert@hp.com
HP Disclosure Policy HP Security Advisories |
Vendors and Projects |
| Huawei Technologies | Huawei issues only |
psirt@huawei.com
Huawei security contact page Huawei Disclosure Policy Huawei Security Advisories |
Vendors and Projects |
| IBM Corporation | All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope | psirt@us.ibm.com
IBM Disclosure Policy IBM Security Advisories |
Vendors and Projects Vulnerability Researchers |
| ICS-CERT | Infrastructure sector control systems |
ics-cert@hq.dhs.gov
ICS-CERT Disclosure Policy ICS-CERT Security Advisories ICS-CERT Security Alerts ICS-CERT Security Bulletins |
National and Industry CERTs |
| Intel Corporation | Intel branded products and technologies and Intel managed open source projects |
secure@intel.com
Intel security contact page Intel Disclosure Policy Intel Security Advisories |
Vendors and Projects |
| Internet Systems Consortium (ISC) | All ISC.org projects |
security-officer@isc.org
ISC report a bug page ISC Disclosure Policy ISC Security Advisories |
Vendors and Projects |
| Jenkins Project | Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only | jenkinsci-cert@googlegroups.com
Jenkins Project Disclosure Policy Jenkins Project Advisories | Vendors and Projects |
| Johnson Controls | Johnson Controls products only | productsecurity@jci.com
Johnson Controls Disclosure Policy Johnson Controls Advisories | Vendors and Projects |
| JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
vultures@jpcert.or.jp
JPCERT/CC contact page JPCERT/CC Disclosure Policy JPCERT/CC Security Advisories |
Root CNA
National and Industry CERTs |
| Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net
Juniper security contact page
Juniper Disclosure Policy Juniper Security Advisories |
Vendors and Projects |
| Kaspersky | Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope | vulnerability@kaspersky.com
Kapersky Disclosure Policy Kapersky Security Advisories |
Vendors and Projects Vulnerability Researchers |
| KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
vuln@krcert.or.kr
KrCERT/CC Security Advisories |
National and Industry CERTs |
| Kubernetes | Kubernetes issues only | security@kubernetes.io
Kubernetes Disclosure Policy Kubernetes Advisories | Vendors and Projects |
| Larry Cashdollar | Third-party products he researches | larry0@me.com | Vulnerability Researchers |
| Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only |
psirt@lenovo.com
Lenovo Disclosure Policy Lenovo Security Advisories |
Vendors and Projects |
| MarkLogic Corporation | MarkLogic issues only |
security@marklogic.com
MarkLogic Disclosure Policy MarkLogic Security Advisories |
Vendors and Projects |
| McAfee | All McAfee products, as well as vulnerabilities in third-party software discovered by McAfee ATR that are not in another CNA’s scope |
security_report@mcafee.com
McAfee Disclosure Policy McAfee Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Micro Focus International | All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites | security@microfocus.com
Micro Focus Disclosure Policy Micro Focus Advisories | Vendors and Projects |
| Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security contact page Microsoft Disclosure Policy Microsoft Security Advisories |
Vendors and Projects |
| MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA Secretariat |
| MongoDB, Inc. | MongoDB products only | cna@mongodb.com
MongoDB Disclosure Policy MongoDB Advisories | Vendors and Projects |
| Mozilla Corporation | Mozilla issues only | security@mozilla.org
Mozilla Disclosure Policy Mozilla Security Advisories |
Vendors and Projects |
| Naver Corporation | Naver products only, except Line products | cve@navercorp.com
Naver Disclosure Policy Naver Advisories | Vendors and Projects |
| NetApp, Inc. | All NetApp products as well as projects hosted on https://github.com/netapp | security-alert@netapp.com
NetApp security contact page NetApp Disclosure Policy NetApp Security Advisories |
Vendors and Projects |
| Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker |
security-report@netflix.com
Netflix Vulnerability Disclosure Policy Netflix Security Advisories |
Vendors and Projects |
| Node.js | All actively developed versions of software developed under the Node.js project on https://github.com/nodejs |
cve-request@iojs.org
Node.js Disclosure Policy Node.js Security Advisories |
Vendors and Projects |
| NVIDIA Corporation | NVIDIA issues only |
psirt@nvidia.com
NVIDIA security contact page
NVIDIA Disclosure Policy NVIDIA Security Advisories |
Vendors and Projects |
| Objective Development Software GmbH | Objective Development issues only | Objective Development security page | Vendors and Projects |
| Odoo | Odoo issues only | security@odoo.com
Odoo Disclosure Policy Odoo Advisories | Vendors and Projects |
| OpenSSL Software Foundation | OpenSSL software projects only |
openssl-security@openssl.org
OpenSSL Development Disclosure Policy OpenSSL Security Advisories |
Vendors and Projects |
| Opera Software AS | Opera issues only | Opera security contact page
Opera Disclosure Policy Opera Advisories | Vendors and Projects |
| OPPO Mobile Telecommunication Corp., Ltd. | OPPO devices only | security@oppo.com
OPPO Disclosure Policy OPPO Advisories | Vendors and Projects |
| Oracle | Oracle supported version product issues only; CVE IDs will not be assigned for unsupported products or versions (Oracle will confirm support status and notify researcher) | secalert_us@oracle.com
Oracle security contact page
Oracle Vulnerability Disclosure Policy Oracle Security Advisories |
Vendors and Projects |
| OTRS AG | Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only | security@otrs.com
OTRS Disclosure Policy OTRS Advisories | Vendors and Projects |
| Palo Alto Networks, Inc. | All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope |
psirt@paloaltonetworks.com
Palo Alto Networks Disclosure Policy Palo Alto Networks Advisories | Vendors and Projects Vulnerability Researchers |
| PHP Group | Vulnerabilities in PHP code (code in https://github.com/php/php-src) only | security@php.net
PHP Group Disclosure Policy PHP Group Advisories | Vendors and Projects |
| Pivotal Software, Inc. | Pivotal, Spring, and Cloud Foundry issues only | security@pivotal.io
Pivotal Disclosure Policy, Cloud Foundry Disclosure Policy Pivotal Advisories, Spring Advisories, Cloud Foundry Advisories | Vendors and Projects |
| Puppet | All Puppet products, as well as all projects on https://github.com/puppetlabs |
security@puppet.com
Puppet Vulnerability Disclosure Policy Puppet Security Advisories |
Vendors and Projects |
| QNAP Systems, Inc. | QNAP QTS, QES, and QVR products as well as its mobile apps and utilities |
security@qnap.com
QNAP Disclosure Policy QNAP Security Advisories |
Vendors and Projects |
| Qualcomm, Inc. | Qualcomm and Snapdragon issues only |
product-security@qualcomm.com
Qualcomm Disclosure Policy Qualcomm Security Advisories |
Vendors and Projects |
| Rapid7, Inc. | All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope | cve@rapid7.com
Rapid7 Disclosure Policy Rapid7 Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Red Hat, Inc. | Linux issues only | secalert@redhat.com
Red Hat security contact page
Red Hat Disclosure Policy Red Hat Security Advisories |
Vendors and Projects |
| Salesforce, Inc. | Salesforce products only | security@salesforce.com
Salesforce Disclosure Policy Salesforce Advisories | Vendors and Projects |
| SAP SE | All SAP products | cna@sap.com
SAP Disclosure Policy SAP Security Advisories |
Vendors and Projects |
| Schneider Electric SE | All Schneider Electric products, including Proface, Pelco, APC, and Eurotherm |
cybersecurity@se.com
Schneider Electric security contact page
Schneider Disclosure Policy Schneider Security Advisories |
Vendors and Projects |
| SICK AG | SICK AG issues only | psirt@sick.de
SICK Disclosure Policy SICK Advisories | Vendors and Projects |
| Siemens | Siemens issues only |
productcert@siemens.com
Siemens security contact page
Siemens Disclosure Policy Siemens Security Advisories |
Vendors and Projects |
| Snyk | Vulnerabilities in third-party products discovered by Snyk only | report@snyk.io
Snyk Disclosure Policy Snyk Advisories | Vulnerability Researchers |
| SonicWall, Inc. | SonicWall issues only | PSIRT@sonicwall.com
SonicWall Disclosure Policy SonicWall Advisories | Vendors and Projects |
| Spanish National Cybersecurity Institute, S.A. (INCIBE) | Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level | 
INCIBE Disclosure Policy (Spanish) INCIBE Disclosure Policy (English) INCIBE Advisories (Spanish) INCIBE Advisories (English) | National and Industry CERTs |
| Splunk Inc. | Splunk products only | prodsec@splunk.com
Splunk Disclosure Policy Splunk Advisories | Vendors and Projects |
| SUSE | All SUSE Enterprise products and openSUSE software | security@suse.de
SUSE Disclosure Policy SUSE Advisories SUSE Advisories by CVE ID | Vendors and Projects |
| Symantec - A Division of Broadcom | Symantec enterprise products only | symantec.psirt@broadcom.com
Symantec Disclosure Policy Symantec Advisories | Vendors and Projects |
| Synology Inc. | Synology issues only | security@synology.com
Synology security contact page
Synology Security Advisories |
Vendors and Projects |
| Talos | Third-party products it researches |
talos-cna@cisco.com
Talos security page
Talos Disclosure Policy Talos Security Advisories |
Vulnerability Researchers |
| Tcpdump Group | Tcpdump and Libpcap only | security@tcpdump.org
Tcpdump Disclosure Policy Tcpdump Advisories | Vendors and Projects |
| Tenable Network Security, Inc. | Tenable products and third-party products it researches not covered by another CNA |
vulnreport@tenable.com
Tenable security contact page
Tenable Disclosure Policy Tenable Security Advisories |
Vendors and Projects |
| 360 Security Technology, Inc. | 360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA |
security@360.cn
360 Disclosure Policy 360 Advisories |
Vendors and Projects Vulnerability Researchers |
| TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only |
security@tibco.com
TIBCO Disclosure Policy TIBCO Security Advisories |
Vendors and Projects |
| Tigera, Inc. | All vulnerabilities for Calico and all of Tigera’s products only | psirt@tigera.io
Tigera Disclosure Policy Tigera Advisories | Vendors and Projects |
| Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only |
security@trendmicro.com
Trend Micro security contact page
Trend Micro Security Advisories |
Vendors and Projects |
| TWCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cve@cert.org.tw
Chinese: TWCERT/CC Disclosure Policy TWCERT/CC Advisories English: TWCERT/CC Disclosure Policy TWCERT/CC Advisories |
National and Industry CERTs |
| VMware | VMware issues only |
security@vmware.com
VMware Disclosure Policy VMware Security Advisories |
Vendors and Projects |
| Yandex N.V. | Yandex issues only |
browser-security@yandex-team.ru
Yandex Disclosure Policy Yandex Security Advisories |
Vendors and Projects |
| Zephyr Project | Zephyr project components, and vulnerabilities that are not in another CNA’s scope | vulnerabilities@zephyrproject.org | Vendors and Projects |
| Zero Day Initiative | Products and projects covered by its bug bounty programs that are not in another CNA’s scope |
zdi-disclosures@trendmicro.com
ZDI contact page ZDI Disclosure Policy ZDI Security Advisories |
Bug Bounty Programs |
| ZTE Corporation | ZTE products only |
psirt@zte.com.cn
ZTE Disclosure Policy ZTE Security Advisories |
Vendors and Projects |
* Key for CNA Types:
- Bug Bounty Programs - assigns CVE IDs to products and projects that utilize the Bug Bounty service’s product offerings.
- National and Industry CERTs - performs incident response and vulnerability disclosure services for nations or industries. They may assign CVE IDs as part of their role and scope.
- Program Root CNA - oversees the CNA program.
- Root CNA - manages a group of sub-CNAs within a given domain or community.
- Vendors and Projects - assigns CVE IDs for vulnerabilities found in their own products and projects.
- Vulnerability Researchers - assigns CVE IDs to products and projects upon which they perform vulnerability analysis.
CVE Program Root CNA PGP Key
Please use our CVE Request web form to request CVE IDs directly from the CVE Program Root CNA (currently MITRE). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
A PGP key is available for encrypted communications:
Key ID: 903E4008 Fingerprint: F59F 1525 57C5 3CE4 BEAE B86E F357 D0E9 903E 4008 Key size: 4096 Public key: Click to download
NOTE: PGP key updated March 2020
For questions, or assistance about how to use the information on this page, please contact us.
