Common Vulnerabilities and Exposures
| Follow CVE |
  |
Request a CVE ID
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
Shortcuts for experienced users:
CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)
New users, follow these steps to request CVE IDs:
1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage table below.
2) Contact the CNA specified below using the contact method provided.
3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).
CNA Coverage
For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.
| Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
| MITRE Corporation | All vulnerabilities not already listed on this page | MITRE CVE Request web form | Primary CNA |
| Distributed Weakness Filing Project | Any open source software issues not already covered by MITRE or another CNA | http://iwantacve.org/ DWF GitHub page | Third-Party Coordinator |
| Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com Adobe security page | Software Vendor |
| Airbus | All Airbus products as well as vulnerabilities in third-party software discovered by Airbus that are not covered by another CNA. | cert@airbus.com | Vulnerability Researcher |
| Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | Alibaba website Alibaba GitHub website | Software Vendor |
| Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | security@android.com Android security page | Software Vendor |
| Apache Software Foundation | Apache Software and Apache HTTP Server issues only | security@apache.org Apache security page | Software Vendor |
| Apple Inc. | Apple issues only | product-security@apple.com Apple security page | Software Vendor |
| Atlassian | Atlassian issues only | security@atlassian.com | Software Vendor |
| Autodesk | All currently supported Autodesk Applications and Cloud Services. | psirt@autodesk.com | Software Vendor |
| BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com Blackberry security page | Software Vendor |
| Brocade Communications Systems, Inc. | Brocade and Ruckus Wireless issues only | sirt@brocade.com Brocade security page | Software Vendor |
| CA Technologies | CA Technologies issues only | vuln@ca.com CA security page | Software Vendor |
| CERT/CC | Vulnerability assignment related to its vulnerability coordination role | cert@cert.org CERT/CC contact page | Third-Party Coordinator |
| Check Point Software Technologies Ltd. | Check Point Security Gateways product line only | cve@checkpoint.com | Software Vendor |
| Cisco Systems, Inc. | Cisco issues only | cve_assign@cisco.com Cisco security page | Software Vendor |
| Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com Dahua security page | Software Vendor |
| Debian GNU/Linux | Debian issues only | security@debian.org Debian security page | Software Vendor |
| Dell EMC | Dell EMC, Dell, RSA, Pivotal, and VCE issues only | security_alert@emc.com Dell EMC security page | Software Vendor |
| Distributed Weakness Filing Project (DWF) | See listing at top of this table | ||
| Drupal.org | All projects hosted under drupal.org only | security@drupal.org Drupal security advisories page | Software Vendor |
| Duo Security, Inc. | All Duo products and any third-party research targets that are not already in another CNA's scope. | security@duo.com | Vulnerability Researcher |
| Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only | security@eclipse.org Eclipse security page | Software Vendor |
| Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only | security@eclipse.org Elastic security page | Software Vendor |
| F5 Networks | F5 issues only | f5sirt@f5.com | Software Vendor |
| Flexera Software LLC | All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA | PSIRT-CNA@flexerasoftware.com | Software Vendor |
| FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org | Software Vendor |
| Fortinet, Inc. | Fortinet issues only | psirt@fortinet.com | Software Vendor |
| Google Inc. | Chrome and Chrome OS issues only | security@google.com Google app security page | Software Vendor |
| HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform | support@hackerone.com HackerOne contact page | Third-Party Coordinator |
| Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | Software Vendor |
| HP Inc. | HP Inc. issues only | hp-security-alert@hp.com | Software Vendor |
| Huawei Technologies | Huawei issues only | psirt@huawei.com Huawei security page | Software Vendor |
| IBM Corporation | IBM issues only | psirt@us.ibm.com | Software Vendor |
| ICS-CERT | Infrastructure sector control systems | ics-cert@hq.dhs.gov | Third-Party Coordinator |
| Intel Corporation | Intel issues only | secure@intel.com Intel security page | Software Vendor |
| Internet Systems Consortium (ISC) | All ISC.org projects | security-officer@isc.org ISC report a bug page | Software Vendor |
| IOActive | Third-party products it researches | info@ioactive.com IOActive contact page | Vulnerability Researcher |
| Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net Juniper security page | Software Vendor |
| JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vultures@jpcert.or.jp JPCERT/CC contact page | Third-Party Coordinator |
| Kaspersky Labs | Kaspersky B2C and B2B products as well as vulnerabilities discovered in third-party software not covered by another CNA. | vulnerability@kaspersky.com | Vulnerability Researcher |
| KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vuln@krcert.or.kr | Third-Party Coordinator |
| Larry Cashdollar | Third-party products he researches | larry0@me.com | Vulnerability Researcher |
| Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only | psirt@lenovo.com | Software Vendor |
| MarkLogic Corporation | MarkLogic issues only | security@marklogic.com | Software Vendor |
| McAfee | McAfee issues only | psirt@mcafee.com | Software Vendor |
| Micro Focus International | Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only | security@suse.com Micro Focus security page | Software Vendor |
| Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security page |
Software Vendor |
| MITRE Corporation | See listing at top of this table | ||
| Mozilla Corporation | Mozilla issues only | security@mozilla.org Mozilla security page | Software Vendor |
| Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker only | security-report@netflix.com | Software Vendor |
| Netgear, Inc. | Netgear issues only | security@netgear.com Netgear security page | Software Vendor |
| Nvidia Corporation | Nvidia issues only | psirt@nvidia.com | Software Vendor |
| Objective Development Software GmbH | Objective Development issues only | Objective Development security page | Software Vendor |
| OpenSSL Software Foundation | OpenSSL software projects only | openssl-security@openssl.org OpenSSL contact web page | Software Vendor |
| Oracle | Oracle issues only | secalert_us@oracle.com Oracle security page | Software Vendor |
| Puppet | Puppet issues only | security@puppet.com Puppet security page | Software Vendor |
| Qihoo 360 Technology Co. Ltd. | 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only | security@360.cn Qihoo 360 security page | Software Vendor |
| Qualcomm, Inc. | Qualcomm and Snapdragon issues only | product-security@qualcomm.com | Software Vendor |
| Rapid7, Inc. | All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA | security@rapid7.com Rapid7 security page | Vulnerability Researcher |
| Red Hat, Inc. | Linux issues only | secalert@redhat.com Red Hat security page | Software Vendor |
| Schneider Electric SE | Schneider Electric products only | cybersecurity@schneider-electric.com Schneider Electric security page | Software Vendor |
| Siemens AG | Siemens issues only | productcert@siemens.com Siemens security page | Software Vendor |
| Silicon Graphics (SGI) | SGI issues only | security-info@sgi.com | Software Vendor |
| Symantec Corporation | Symantec issues only | secure@symantec.com Symantec security page | Software Vendor |
| Synology Inc. | Synology issues including its network attached storage (NAS) products only | security@synology.com Synology security page | Software Vendor |
| Talos | Third-party products it researches | talos-cna@cisco.com Talos web page | Vulnerability Researcher |
| Tenable Network Security, Inc. | Tenable products and third-party products they research not covered by another CNA | vulnreport@tenable.com Tenable security page | Software Vendor |
| TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only | security@tibco.com | Software Vendor |
| Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only | security@trendmicro.com Trend Micro security page | Software Vendor |
| Ubuntu/Linux (Canonical Ltd.) | Ubuntu/Linux issues only | security@ubuntu.com Ubuntu security page | Software Vendor |
| VMware | VMware issues only | security@vmware.com | Software Vendor |
| Yandex N.V. | Yandex issues only | browser-security@yandex-team.ru | Software Vendor |
| Zero Day Initiative | Products and projects covered by its bug bounty programs not already covered by another CNA | zdi-disclosures@trendmicro.com ZDI contact page | Third-Party Coordinator |
| ZTE Corporation | ZTE products only | psirt@zte.com.cn | Software Vendor |
* Key for CNA Types:
- Primary CNA - oversees the CNA program.
- Software Vendor - assigns CVE IDs for vulnerabilities found in their own products and projects.
- Third-Party Coordinator - performs incident response and vulnerability disclosure services for nations, industries, or as part of bug bounty programs. They may assign CVE IDs as part of their role and scope.
- Vulnerability Researcher - assigns CVE IDs to products and projects upon which they perform vulnerability analysis.
MITRE (Primary CNA) PGP Key
Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
A PGP key is available for encrypted communications:
Key ID: 8B5618B6 Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6 Key size: 4096 Public key: Click to download
NOTE: PGP key updated August 2016
For questions, or assistance about how to use the information on this page, please contact us.
