Common Vulnerabilities and Exposures |
|
||||
Power user
shortcuts:
Request CVE IDs
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
New users, follow these steps to request CVE IDs:
- Locate the correct CVE Numbering Authority (CNA) whose scope includes the product affected by the vulnerability in the Participating CNAs table below.
- Contact the CNA specified below using the contact method provided.
- If the product affected by the vulnerability is not covered by a CNA listed below, please contact the CVE Program Root CNA.
Participating CNAs
CNAs are listed alphabetically:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
| Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
| MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA CNA of Last Resort Secretariat |
| Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com
Adobe security contact page Adobe Disclosure Policy Adobe Security Advisories |
Vendors and Projects |
| Advanced Micro Devices Inc. | AMD branded products and technologies only | psirt@amd.com
AMD Disclosure Policy AMD Security Advisories | Vendors and Projects |
| Airbus | All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope | vuln@airbus.com
Airbus Vulnerability Handling and Disclosure |
Vendors and Projects Vulnerability Researchers |
| Alias Robotics S.L. | All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope | cve@aliasrobotics.com
Alias Robotics Disclosure Policy Alias Robotics Security Advisories | Vendors and Projects Vulnerability Researchers |
| Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | alibaba-cna@list.alibaba-inc.com
Alibaba website Alibaba GitHub website |
Vendors and Projects |
| Ampere Computing | Ampere issues only | psirt@amperecomputing.com
Ampere Disclosure Policy Ampere Security Advisories | Vendors and Projects |
| Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | android-cna-team@google.com
Android Security Rewards Program Rules Android Disclosure Policy Android Security Advisories |
Vendors and Projects |
| Apache Software Foundation | All Apache Software Foundation issues |
security@apache.org
Apache security contact page Apache Disclosure Policy Apache Security Advisories |
Vendors and Projects |
| Apple Inc. | Apple issues only | product-security@apple.com
Apple security contact page Apple Disclosure Policy Apple Security Advisories |
Vendors and Projects |
| Appthority | All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not in another CNA’s scope | security@appthority.com
Appthority Disclosure Policy Appthority Security Advisories | Vendors and Projects Vulnerability Researchers |
| Asea Brown Boveri Ltd. (ABB) | ABB issues only | cybersecurity@ch.abb.com
ABB Disclosure Policy ABB Security Advisories | Vendors and Projects |
| Atlassian | All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ | security@atlassian.com
Atlassian Disclosure Policy Atlassian Security Advisories |
Vendors and Projects |
| Autodesk | All currently supported Autodesk Applications and Cloud Services | psirt@autodesk.com
Autodesk Disclosure Policy Autodesk Security Advisories |
Vendors and Projects |
| Avaya, Inc. | All Avaya products | securityalerts@avaya.com
Avaya Disclosure Policy Avaya Security Advisories | Vendors and Projects |
| Bitdefender | All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope | cve-requests@bitdefender.com
Bitdefender Disclosure Policy Bitdefender Security Advisories | Vendors and Projects Vulnerability Researchers |
| BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com
Blackberry security contact page Blackberry Disclosure Policy Blackberry Security Advisories |
Vendors and Projects |
| Robert Bosch GmbH | Bosch products only | psirt@bosch.com
Bosch Disclosure Policy Bosch Security Advisories | Vendors and Projects |
| Brocade Communications Systems, LLC | Brocade products only |
brocade.sirt@broadcom.com
Brocade Disclosure Policy Brocade Security Advisories |
Vendors and Projects |
| Canonical Ltd. | All Canonical issues (including Ubuntu Linux) only |
security@ubuntu.com
Ubuntu security contact page Canonical Security Advisories |
Vendors and Projects |
| CA Technologies - A Broadcom Company | CA Technologies issues only |
ca.psirt@broadcom.com
CA Technologies Disclosure Policy CA Technologies Security Advisories | Vendors and Projects |
| CERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cert@cert.org
CERT/CC contact page CERT/CC Disclosure Policy CERT/CC Security Advisories |
National and Industry CERTs |
| CERT@VDE | Products of the vendors: Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability | info@cert.vde.com
CERT@VDE Disclosure Policy CERT@VDE Security Advisories | National and Industry CERTs |
| Check Point Software Technologies Ltd. | Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope |
cve@checkpoint.com
Check Point Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Chrome | Chrome and Chrome OS issues, and projects that are not in another CNA’s scope | Report Chrome vulnerabilities
Questions about Chrome’s CVE Entries Google Application Security Disclosure Policy Google Application Security Advisories | Vendors and Projects Vulnerability Researchers |
| Cisco Systems, Inc. | All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope | psirt@cisco.com
Cisco Disclosure Policy Cisco Security Advisories psirt@duosecurity.com Duo Security Disclosure Policy Duo Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Cloudflare, Inc. | All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope | cna@cloudflare.com
Cloudflare Disclosure Policy Cloudflare Security Advisories |
Vendors and Projects |
| Cybellum Technologies LTD | All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope | info@cybellum.com
Cybellum Disclosure Policy Cybellum Security Advisories |
Vendors and Projects |
| Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com
Dahua security page Dahua Security Advisories |
Vendors and Projects |
| Debian GNU/Linux | Debian issues only | security@debian.org
Debian security page Debian Disclosure Policy Debian Security Advisories |
Vendors and Projects |
| Dell | Dell, Dell EMC, RSA, and VCE issues only |
secure@dell.com
Dell Disclosure Policy Dell Security Advisories | Vendors and Projects |
| Document Foundation, The | Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues | security@documentfoundation.org
The Document Foundation Disclosure Policy The Document Foundation Security Advisories | Vendors and Projects |
| Drupal.org | All projects hosted under drupal.org only |
security@drupal.org
Drupal Disclosure Policy Drupal Security Advisories |
Vendors and Projects |
| Eaton | Eaton issues only | cybersecuritycoe@eaton.com
Eaton Disclosure Policy Eaton Security Advisories | Vendors and Projects |
| Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only |
security@eclipse.org
Eclipse Disclosure Policy Eclipse Security Advisories |
Vendors and Projects |
| Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only |
security@elastic.co
Elastic Disclosure Policy Elastic Security Advisories |
Vendors and Projects |
| F5 Networks | F5 issues only | f5sirt@f5.com
F5 Disclosure Policy F5 Security Advisories |
Vendors and Projects |
| Facebook, Inc. | Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/ | Facebook security contact page
Facebook Disclosure Policy Facebook Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Fedora Project | Fedora Project issues only | Fedora Bug Report page
Fedora Disclosure Policy Fedora Security Advisories |
Vendors and Projects |
| Flexera Software LLC | All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope |
PSIRT-CNA@flexerasoftware.com
Flexera Software Disclosure Policy |
Vendors and Projects Vulnerability Researchers |
| floragunn GmbH | All issues related to Search Guard only | security@search-guard.com
floragunn Disclosure Policy floragunn Security Advisories |
Vendors and Projects |
| Forcepoint | Forcepoint products only | psirt@forcepoint.com
Forcepoint security contact page Forcepoint Disclosure Policy |
Vendors and Projects |
| Fortinet, Inc. | Fortinet issues only |
psirt@fortinet.com
Fortinet Security Advisories |
Vendors and Projects |
| FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org
FreeBSD Disclosure Policy FreeBSD Security Advisories |
Vendors and Projects |
| F-Secure US | Security vulnerabilities discovered by F-Secure US in third-party software not in another CNA’s scope. |
cve-notifications-us@f-secure.com
F-Secure Disclosure Policy F-Secure Security Advisories |
Vendors and Projects |
| Gallagher Group Ltd. | All Gallagher security products only | disclosures@gallagher.com
Gallagher Disclosure Policy Gallagher Security Advisories | Vendors and Projects |
| GitHub, Inc. | All libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA | security-advisories@github.com
GitHub Disclosure Policy GitHub Security Advisories | Vendors and Projects |
| GitHub, Inc. (Products Only) | GitHub Enterprise Server issues only | product-cna@github.com
GitHub (Products Only) Disclosure Policy GitHub (Products Only) Security Advisories | Vendors and Projects |
| GitLab Inc. | The GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope | cve@gitlab.com
GitLab Disclosure Policy GitLab Security Advisories | Vendors and Projects Vulnerability Researchers |
| Google LLC | Google products that are not covered by Android and Chrome, as well as vulnerabilities in third-party software discovered by Google that are not in another CNA’s scope | security@google.com
Report a vulnerability Google Application Security Disclosure Policy Google Cloud Advisories, Google Application Security Advisories | Vendors and Projects Vulnerability Researchers |
| HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform |
support@hackerone.com
HackerOne contact page HackerOne Disclosure Policy HackerOne Security Advisories |
Bug Bounty Programs |
| Hangzhou Hikvision Digital Technology Co., Ltd. | All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) | hsrc@hikvision.com
Hikvision Disclosure Policy Hikvision Security Advisories |
Vendors and Projects |
| HCL Software | All HCL products only | psirt@hcl.com
HCL Disclosure Policy HCL Security Advisories |
Vendors and Projects |
| Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com
Report vulnerabilities to HPE HPE Disclosure Policy HPE Security Advisories |
Vendors and Projects |
| Hillstone Networks, Inc. | All Hillstone products only |
sec@hillstonenet.com
Hillstone Disclosure Policy Hillstone Security Advisories | Vendors and Projects |
| HP Inc. | HP Inc. issues only | hp-security-alert@hp.com
HP Disclosure Policy HP Security Advisories |
Vendors and Projects |
| Huawei Technologies | Huawei issues only |
psirt@huawei.com
Huawei security contact page Huawei Disclosure Policy Huawei Security Advisories |
Vendors and Projects |
| IBM Corporation | All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope | psirt@us.ibm.com
IBM Disclosure Policy IBM Security Advisories |
Vendors and Projects Vulnerability Researchers |
| ICS-CERT | Infrastructure sector control systems |
ics-cert@hq.dhs.gov
ICS-CERT Disclosure Policy ICS-CERT Security Advisories ICS-CERT Security Alerts ICS-CERT Security Bulletins |
National and Industry CERTs |
| Intel Corporation | Intel branded products and technologies and Intel managed open source projects |
secure@intel.com
Intel security contact page Intel Disclosure Policy Intel Security Advisories |
Vendors and Projects |
| Internet Systems Consortium (ISC) | All ISC.org projects |
security-officer@isc.org
ISC report a bug page ISC Disclosure Policy ISC Security Advisories |
Vendors and Projects |
| Jenkins Project | Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only | jenkinsci-cert@googlegroups.com
Jenkins Project Disclosure Policy Jenkins Project Security Advisories | Vendors and Projects |
| Johnson Controls | Johnson Controls products only | productsecurity@jci.com
Johnson Controls Disclosure Policy Johnson Controls Security Advisories | Vendors and Projects |
| JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
vultures@jpcert.or.jp
JPCERT/CC contact page JPCERT/CC Disclosure Policy JPCERT/CC Security Advisories |
Root CNA
National and Industry CERTs |
| Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net
Juniper security contact page
Juniper Disclosure Policy Juniper Security Advisories |
Vendors and Projects |
| Kaspersky | Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope | vulnerability@kaspersky.com
Kapersky Disclosure Policy Kapersky Security Advisories |
Vendors and Projects Vulnerability Researchers |
| KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
vuln@krcert.or.kr
KrCERT/CC Security Advisories |
National and Industry CERTs |
| Kubernetes | Kubernetes issues only | security@kubernetes.io
Kubernetes Disclosure Policy Kubernetes Security Advisories | Vendors and Projects |
| Larry Cashdollar | Third-party products he researches |
larry0@me.com
Larry Cashdollar Disclosure Policy Larry Cashdollar Security Advisories |
Vulnerability Researchers |
| Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only |
psirt@lenovo.com
Lenovo Disclosure Policy Lenovo Security Advisories |
Vendors and Projects |
| MarkLogic Corporation | MarkLogic issues only |
security@marklogic.com
MarkLogic Disclosure Policy MarkLogic Security Advisories |
Vendors and Projects |
| McAfee | All McAfee products, as well as vulnerabilities in third-party software discovered by McAfee ATR that are not in another CNA’s scope |
security_report@mcafee.com
McAfee Disclosure Policy McAfee Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Micro Focus International | All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites | security@microfocus.com
Micro Focus Disclosure Policy Micro Focus Security Advisories | Vendors and Projects |
| Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security contact page Microsoft Disclosure Policy Microsoft Security Advisories |
Vendors and Projects |
| MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA CNA of Last Resort Secretariat |
| MongoDB, Inc. | MongoDB products only | cna@mongodb.com
MongoDB Disclosure Policy MongoDB Security Advisories | Vendors and Projects |
| Mozilla Corporation | Mozilla issues only | security@mozilla.org
Mozilla Disclosure Policy Mozilla Security Advisories |
Vendors and Projects |
| Naver Corporation | Naver products only, except Line products | cve@navercorp.com
Naver Disclosure Policy Naver Security Advisories | Vendors and Projects |
| NetApp, Inc. | All NetApp products as well as projects hosted on https://github.com/netapp | security-alert@netapp.com
NetApp security contact page NetApp Disclosure Policy NetApp Security Advisories |
Vendors and Projects |
| Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker |
security-report@netflix.com
Netflix Vulnerability Disclosure Policy Netflix Security Advisories |
Vendors and Projects |
| Node.js | All actively developed versions of software developed under the Node.js project on https://github.com/nodejs |
cve-request@iojs.org
Node.js Disclosure Policy Node.js Security Advisories |
Vendors and Projects |
| NortonLifeLock Inc. | All NortonLifeLock product issues only | security@nortonlifelock.com
NortonLifeLock Disclosure Policy NortonLifeLock Security Advisories | Vendors and Projects |
| NVIDIA Corporation | NVIDIA issues only |
psirt@nvidia.com
NVIDIA security contact page
NVIDIA Disclosure Policy NVIDIA Security Advisories |
Vendors and Projects |
| Objective Development Software GmbH | Objective Development issues only | Objective Development security page
Objective Development Disclosure Policy Objective Development Security Advisories |
Vendors and Projects |
| Odoo | Odoo issues only | security@odoo.com
Odoo Disclosure Policy Odoo Security Advisories | Vendors and Projects |
| openEuler | openEuler issues only | securities@openeuler.org
openEuler Disclosure Policy openEuler Security Advisories |
Vendors and Projects |
| OpenSSL Software Foundation | OpenSSL software projects only |
openssl-security@openssl.org
OpenSSL Development Disclosure Policy OpenSSL Security Advisories |
Vendors and Projects |
| OpenVPN Inc. | All products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel | security@openvpn.net
OpenVPN Disclosure Policy OpenVPN Business VPN Security Advisories OpenVPN Community Security Advisories |
Vendors and Projects |
| Opera Software AS | Opera issues only | Opera security contact page
Opera Disclosure Policy Opera Security Advisories | Vendors and Projects |
| OPPO Mobile Telecommunication Corp., Ltd. | OPPO devices only | security@oppo.com
OPPO Disclosure Policy OPPO Security Advisories | Vendors and Projects |
| Oracle | Oracle supported version product issues only; CVE IDs will not be assigned for unsupported products or versions (Oracle will confirm support status and notify researcher) | secalert_us@oracle.com
Oracle security contact page
Oracle Vulnerability Disclosure Policy Oracle Security Advisories |
Vendors and Projects |
| OTRS AG | Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only | security@otrs.com
OTRS Disclosure Policy OTRS Security Advisories | Vendors and Projects |
| Palo Alto Networks, Inc. | All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope |
psirt@paloaltonetworks.com
Palo Alto Networks Disclosure Policy Palo Alto Networks Security Advisories | Vendors and Projects Vulnerability Researchers |
| Pegasystems Inc. | Pegasystems products only | security@pega.com
Pegasystems Disclosure Policy Pegasystems Security Advisories |
Vendors and Projects |
| PHP Group | Vulnerabilities in PHP code (code in https://github.com/php/php-src) only | security@php.net
PHP Group Disclosure Policy PHP Group Security Advisories | Vendors and Projects |
| Pivotal Software, Inc. | Pivotal, Spring, and Cloud Foundry issues only | security@pivotal.io
Pivotal Disclosure Policy, Cloud Foundry Disclosure Policy Pivotal Security Advisories, Spring Security Advisories, Cloud Foundry Security Advisories | Vendors and Projects |
| Puppet | All Puppet products, as well as all projects on https://github.com/puppetlabs |
security@puppet.com
Puppet Vulnerability Disclosure Policy Puppet Security Advisories |
Vendors and Projects |
| QNAP Systems, Inc. | QNAP QTS, QES, and QVR products as well as its mobile apps and utilities |
security@qnap.com
QNAP Disclosure Policy QNAP Security Advisories |
Vendors and Projects |
| Qualcomm, Inc. | Qualcomm and Snapdragon issues only |
product-security@qualcomm.com
Qualcomm Disclosure Policy Qualcomm Security Advisories |
Vendors and Projects |
| Rapid7, Inc. | All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope | cve@rapid7.com
Rapid7 Disclosure Policy Rapid7 Security Advisories |
Vendors and Projects Vulnerability Researchers |
| Red Hat, Inc. | Linux issues only | secalert@redhat.com
Red Hat security contact page
Red Hat Disclosure Policy Red Hat Security Advisories |
Vendors and Projects |
| Replicated, Inc. | Replicated products and services only | security@replicated.com
Replicated Disclosure Policy Replicated Security Advisories |
Vendors and Projects |
| Salesforce, Inc. | Salesforce products only | security@salesforce.com
Salesforce Disclosure Policy Salesforce Security Advisories | Vendors and Projects |
| SAP SE | All SAP products | cna@sap.com
SAP Disclosure Policy SAP Security Advisories |
Vendors and Projects |
| Schneider Electric SE | All Schneider Electric products, including Proface, APC, and Eurotherm |
cybersecurity@se.com
Schneider Electric security contact page
Schneider Disclosure Policy Schneider Security Advisories |
Vendors and Projects |
| SICK AG | SICK AG issues only | psirt@sick.de
SICK Disclosure Policy SICK Security Advisories | Vendors and Projects |
| Siemens | Siemens issues only |
productcert@siemens.com
Siemens security contact page
Siemens Disclosure Policy Siemens Security Advisories |
Vendors and Projects |
| Sierra Wireless Inc. | Sierra Wireless products only | security@sierrawireless.com
Sierra Wireless Disclosure Policy Sierra Wireless Security Advisories | Vendors and Projects |
| Silver Peak Systems, Inc. | Silver Peak product issues only | sirt@silver-peak.com
Silver Peak Disclosure Policy Silver Peak Security Advisories | Vendors and Projects |
| Snyk | Vulnerabilities in third-party products discovered by Snyk only | report@snyk.io
Snyk Disclosure Policy Snyk Security Advisories | Vulnerability Researchers |
| SonicWall, Inc. | SonicWall issues only | PSIRT@sonicwall.com
SonicWall Disclosure Policy SonicWall Security Advisories | Vendors and Projects |
| Spanish National Cybersecurity Institute, S.A. (INCIBE) | Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level | 
INCIBE Disclosure Policy (Spanish) INCIBE Disclosure Policy (English) INCIBE Security Advisories (Spanish) INCIBE Security Advisories (English) |
National and Industry CERTs |
| Splunk Inc. | Splunk products only | prodsec@splunk.com
Splunk Disclosure Policy Splunk Security Advisories |
Vendors and Projects |
| SUSE | All SUSE Enterprise products and openSUSE software | security@suse.de
SUSE Disclosure Policy SUSE Security Advisories SUSE Security Advisories by CVE ID |
Vendors and Projects |
| Symantec - A Division of Broadcom | Symantec enterprise products only | symantec.psirt@broadcom.com
Symantec Disclosure Policy Symantec Security Advisories |
Vendors and Projects |
| Synaptics, Inc. | Synaptics issues only | psirt@synaptics.com
Synaptics Disclosure Policy Synaptics Security Advisories: Synaptics Touchpad Family Synaptics Biomentrics Synaptics Far-Field Voice DSPs |
Vendors and Projects |
| Synology Inc. | Synology issues only | security@synology.com
Synology security contact page Synology Disclosure Policy Synology Security Advisories |
Vendors and Projects |
| Talos | Third-party products it researches |
talos-cna@cisco.com
Talos security page Talos Disclosure Policy Talos Security Advisories |
Vulnerability Researchers |
| Tcpdump Group | Tcpdump and Libpcap only | security@tcpdump.org
Tcpdump Disclosure Policy Tcpdump Security Advisories | Vendors and Projects |
| Tenable Network Security, Inc. | Tenable products and third-party products it researches not covered by another CNA |
vulnreport@tenable.com
Tenable security contact page
Tenable Disclosure Policy Tenable Security Advisories |
Vendors and Projects |
| Teradici Corporation | Teradici issues only | security@teradici.com
Teradici Disclosure Policy Teradici Security Advisories | Vendors and Projects |
| 360 Security Technology, Inc. | 360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA |
security@360.cn
360 Disclosure Policy 360 Security Advisories |
Vendors and Projects Vulnerability Researchers |
| TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only |
security@tibco.com
TIBCO Disclosure Policy TIBCO Security Advisories |
Vendors and Projects |
| Tigera, Inc. | All vulnerabilities for Calico and all of Tigera’s products only | psirt@tigera.io
Tigera Disclosure Policy Tigera Security Advisories | Vendors and Projects |
| Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only |
security@trendmicro.com
Trend Micro security contact page
Trend Micro Disclosure Policy Trend Micro Security Advisories |
Vendors and Projects |
| TWCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cve@cert.org.tw
Chinese: TWCERT/CC Disclosure Policy TWCERT/CC Security Advisories English: TWCERT/CC Disclosure Policy TWCERT/CC Security Advisories |
National and Industry CERTs |
| VDOO Connected Trust Ltd. | All VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope. |
vuln@vdoo.com
VDOO Disclosure Policy VDOO Security Advisories |
Vendors and Projects |
| Vivo Mobile Communication Co., Ltd. | Vivo issues only |
security@vivo.com
Vivo Disclosure Policy
Vivo Security Advisories |
Vendors and Projects |
| VMware | VMware issues only |
security@vmware.com
VMware Disclosure Policy VMware Security Advisories |
Vendors and Projects |
| Xiaomi Technology Co., Ltd. | Xiaomi issues only |
security@xiaomi.com
Xiaomi Disclosure Policy Xiaomi Security Advisories |
Vendors and Projects |
| Yandex N.V. | Yandex issues only |
browser-security@yandex-team.ru
Yandex Disclosure Policy Yandex Security Advisories |
Vendors and Projects |
| Zabbix | Zabbix products and Zabbix projects listed on https://git.zabbix.com/ only |
security@zabbix.com
Zabbix Disclosure Policy Zabbix Security Advisories |
Vendors and Projects |
| Zephyr Project | Zephyr project components, and vulnerabilities that are not in another CNA’s scope |
vulnerabilities@zephyrproject.org
Zephyr Disclosure Policy Zephyr Security Advisories |
Vendors and Projects |
| Zero Day Initiative | Products and projects covered by its bug bounty programs that are not in another CNA’s scope |
zdi-disclosures@trendmicro.com
ZDI contact page ZDI Disclosure Policy ZDI Security Advisories |
Bug Bounty Programs |
| Zscaler, Inc. | Zscaler issues only |
cve@zscaler.com
Zscaler Disclosure Policy Zscaler Security Advisories |
Vendors and Projects |
| ZTE Corporation | ZTE products only |
psirt@zte.com.cn
ZTE Disclosure Policy ZTE Security Advisories |
Vendors and Projects |
* Key for CNA Types:
- Bug Bounty Programs - assigns CVE IDs to products and projects that utilize the Bug Bounty service’s product offerings.
- CNA of Last Resort (CNA-LR) - assigns CVE IDs for vulnerabilities that will not be assigned by another CNA.
- Hosted Services - assigns CVE IDs for vulnerabilities found in their own services.
- National and Industry CERTs - performs incident response and vulnerability disclosure services for nations or industries. They may assign CVE IDs as part of their role and scope.
- Program Root CNA - oversees the CNA program.
- Root CNA - manages a group of sub-CNAs within a given domain or community.
- Vendors and Projects - assigns CVE IDs for vulnerabilities found in their own products and projects.
- Vulnerability Researchers - assigns CVE IDs to products and projects upon which they perform vulnerability analysis.
- Secretariat - supports CNA functions for a given Root CNA and its sub-CNAs such as providing infrastructure, etc.
CVE Program Root CNA PGP Key
Please use our CVE Request web form to request CVE IDs directly from the CVE Program Root CNA (currently MITRE). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
A PGP key is available for encrypted communications:
Key ID: 903E4008 Fingerprint: F59F 1525 57C5 3CE4 BEAE B86E F357 D0E9 903E 4008 Key size: 4096 Public key: Click to download
NOTE: PGP key updated March 2020
For questions, or assistance about how to use the information on this page, please contact us.
