Request CVE IDs

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

New users, follow these steps to request CVE IDs:

  1. Locate the correct CVE Numbering Authority (CNA) whose scope includes the product affected by the vulnerability in the CNAs table below.
  2. Contact that CNA using the contact method provided.
  3. If the product affected by the vulnerability is not covered by a CNA listed below, please contact the appropriate CNA of Last Resort in the Root CNAs table below.

Participating CNAs

Root CNAs, CNAs of Last Resort, and all other CNAs, are listed below.

Root CNA Name & Scope CNA Contact Method Disclosure Policy Security Advisories CNA Role & Type Country
MITRE Corporation
All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page
MITRE CVE Request web form N/A N/A Top-Level Root CNA

CNA of Last Resort

Secretariat
USA
Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
Industrial control systems and medical devices
CISA ICS contact page Policy Alerts

Advisories
Top-Level Root CNA

CNA of Last Resort

National & Industry CERTs
USA
JPCERT/CC
Vulnerability assignment related to its vulnerability coordination role
vuls@jpcert.or.jp

JPCERT/CC contact page
Policy Advisories Root CNA

National & Industry CERTs
Japan


CNAs are listed alphabetically:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

CNA Name & Scope CNA Contact Method Disclosure Policy Security Advisories CNA Role & Type CNA’s Root Country
Adobe Systems Incorporated
Adobe issues only
psirt@adobe.com

Adobe security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Advanced Micro Devices Inc.
AMD branded products and technologies only
psirt@amd.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Airbus
All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope
vuln@airbus.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Netherlands
Alias Robotics S.L.
All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope
cve@aliasrobotics.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
CISA ICS Spain
Alibaba, Inc.
Projects listed on its Alibaba GitHub website only
alibaba-cna@list.alibaba-inc.com

Alibaba website

Alibaba GitHub website
None None CNA

Vendors and Projects
MITRE China
Ampere Computing
Ampere issues only
psirt@amperecomputing.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Android (associated with Google Inc. or Open Handset Alliance)
Android issues only
android-cna-team@google.com

Android Security Rewards Program Rules
Policy Advisories CNA

Vendors and Projects
MITRE USA
Apache Software Foundation
All Apache Software Foundation issues only
security@apache.org

Apache security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Apple Inc.
Apple issues only
product-security@apple.com

Apple security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Appthority
All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not in another CNA’s scope
security@appthority.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Asea Brown Boveri Ltd. (ABB)
ABB issues only
cybersecurity@ch.abb.com Policy Advisories CNA

Vendors and Projects
CISA ICS Switzerland
Atlassian
All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/
security@atlassian.com Policy Advisories CNA

Vendors and Projects
MITRE Australia
Autodesk
All currently supported Autodesk Applications and Cloud Services
psirt@autodesk.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Avaya, Inc.
All Avaya products only
securityalerts@avaya.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Bitdefender
All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope
cve-requests@bitdefender.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Romania
BlackBerry
BlackBerry and Good product issues only
secure@blackberry.com

Blackberry security contact page
Policy Advisories CNA

Vendors and Projects
MITRE Canada
Robert Bosch GmbH
Bosch products only
psirt@bosch.com Policy Advisories CNA

Vendors and Projects
CISA ICS USA
Brocade Communications Systems, LLC
Brocade products only
brocade.sirt@broadcom.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Canonical Ltd.
All Canonical issues (including Ubuntu Linux) only
security@ubuntu.com

Ubuntu security contact page
Policy Advisories CNA

Vendors and Projects
MITRE UK
CA Technologies - A Broadcom Company
CA Technologies issues only
ca.psirt@broadcom.com Policy Advisories CNA

Vendors and Projects
MITRE USA
CERT/CC
Vulnerability assignment related to its vulnerability coordination role
cert@cert.org

CERT/CC contact page
Policy Advisories CNA

National and Industry CERTs
MITRE USA
CERT@VDE
Products of the vendors: Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability
info@cert.vde.com Policy Advisories CNA

National and Industry CERTs
CISA ICS Germany
Check Point Software Ltd.
Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope
cve@checkpoint.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Israel
Chrome
Chrome and Chrome OS issues, and projects that are not in another CNA’s scope
Report Chrome vulnerabilities (email)

Questions about Chrome’s CVE Entries (email)
Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Cisco Systems, Inc.
All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope
psirt@cisco.com

psirt@duosecurity.com
Cisco Policy

Duo Policy
Cisco Advisories

Duo Advisories
CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Cloudflare, Inc.
All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope
cna@cloudflare.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Crafter CMS
Crafter CMS issues only
security@craftersoftware.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Cybellum Technologies LTD
All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope
info@cybellum.com Policy Advisories CNA

Vendors and Projects
MITRE Israel
Dahua Technologies
Dahua issues only
cybersecurity@dahuatech.com

Dahua security page
Policy Advisories CNA

Vendors and Projects
MITRE China
Debian GNU/Linux
Debian issues only
security@debian.org

Debian security page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Dell
Dell, Dell EMC, RSA, and VCE issues only
secure@dell.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Document Foundation, The
Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues
security@documentfoundation.org Policy Advisories CNA

Vendors and Projects
MITRE Germany
Drupal.org
All projects hosted under drupal.org only
security@drupal.org Policy Advisories CNA

Vendors and Projects
MITRE USA
Eaton
Eaton issues only
cybersecuritycoe@eaton.com Policy Advisories CNA

Vendors and Projects
MITRE Ireland
Eclipse Foundation
Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only
security@eclipse.org Policy Advisories CNA

Vendors and Projects
MITRE Canada
Elastic
Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only
security@elastic.co Policy Advisories CNA

Vendors and Projects
MITRE Netherlands
Electronic Arts, Inc.
EA issues only
secure@ea.com Policy Advisories CNA

Vendors and Projects
MITRE USA
F5 Networks
F5 issues only
f5sirt@f5.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Facebook, Inc.
Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/
Facebook security contact page Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Fedora Project
Vulnerabilities in open-source projects affecting the Fedora Project, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported releases by the Fedora Project
Fedora Bug Report page Policy Advisories CNA

Vendors and Projects
MITRE USA
Flexera Software LLC
All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope
PSIRT-CNA@flexerasoftware.com Policy None CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
floragunn GmbH
All issues related to Search Guard only
security@search-guard.com Policy Advisories CNA

Vendors and Projects
MITRE Germany
Forcepoint
Forcepoint products only
psirt@forcepoint.com

Forcepoint security contact page
Policy None CNA

Vendors and Projects
MITRE USA
Fortinet, Inc.
Fortinet issues only
psirt@fortinet.com None Advisories CNA

MITRE USA
FreeBSD
Primarily FreeBSD issues only
secteam@freebsd.org Policy Advisories CNA

MITRE USA
F-Secure
All F-Secure products and security vulnerabilities discovered by F-Secure in third-party software not in another CNA’s scope
cve@f-secure.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Finland
Gallagher Group Ltd.
All Gallagher security products only
disclosures@gallagher.com Policy Advisories CNA

Vendors and Projects
CISA ICS New Zealand
GitHub, Inc.
All libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA
security-advisories@github.com Policy Advisories CNA

Vendors and Projects
MITRE USA
GitHub, Inc. (Products Only)
GitHub Enterprise Server issues only
product-cna@github.com Policy Advisories CNA

Vendors and Projects
MITRE USA
GitLab Inc.
The GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope
cve@gitlab.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Google LLC
Google products that are not covered by Android and Chrome, as well as vulnerabilities in third-party software discovered by Google that are not in another CNA’s scope
security@google.com

Report a vulnerability
Policy Cloud Advisories

Application Advisories
CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
HackerOne
Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform
support@hackerone.com

HackerOne contact page
Policy Advisories CNA

Bug Bounty Programs
MITRE USA
Hangzhou Hikvision Digital Technology Co., Ltd.
All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs)
hsrc@hikvision.com Policy Advisories CNA

Vendors and Projects
MITRE USA
HCL Software
All HCL products only
psirt@hcl.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Hewlett Packard Enterprise (HPE)
HPE issues only
security-alert@hpe.com

Report vulnerabilities to HPE
Policy Advisories CNA

Vendors and Projects
MITRE USA
Hillstone Networks, Inc.
All Hillstone products only
sec@hillstonenet.com Policy Advisories CNA

Vendors and Projects
MITRE USA
HP Inc.
HP Inc. issues only
hp-security-alert@hp.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Huawei Technologies
Huawei issues only
psirt@huawei.com

Huawei security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
IBM Corporation
All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope
psirt@us.ibm.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Intel Corporation
Intel branded products and technologies and Intel managed open source projects
secure@intel.com

Intel security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Internet Systems Consortium (ISC)
All ISC.org projects
security-officer@isc.org

ISC report a bug page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Jenkins Project
Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only
jenkinsci-cert@googlegroups.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Johnson Controls
Johnson Controls products only
productsecurity@jci.com Policy Advisories CNA

Vendors and Projects
CISA ICS USA
Juniper Networks, Inc.
Juniper issues only
sirt@juniper.net

Juniper security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Kaspersky
Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope
vulnerability@kaspersky.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Russia
KrCERT/CC
Vulnerability assignment related to its vulnerability coordination role
vuln@krcert.or.kr None Advisories CNA

National and Industry CERTs
MITRE South Korea
Kubernetes
Kubernetes issues only
security@kubernetes.io Policy Advisories CNA

Vendors and Projects
MITRE USA
Larry Cashdollar
Third-party products he researches
larry0@me.com Policy Advisories CNA

Vulnerability Researchers
MITRE USA
Lenovo Group Ltd.
Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only
psirt@lenovo.com Policy Advisories CNA

Vendors and Projects
MITRE USA
MarkLogic Corporation
MarkLogic issues only
security@marklogic.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Mattermost, Inc.
All Mattermost issues, and vulnerabilities discovered by Mattermost that are not in another CNA’s scope
responsibledisclosure@mattermost.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
McAfee
All McAfee products, as well as vulnerabilities in third-party software discovered by McAfee ATR that are not in another CNA’s scope
security_report@mcafee.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Micro Focus International
All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites
security@microfocus.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Microsoft Corporation
Microsoft issues only
secure@microsoft.com

Microsoft security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
MongoDB, Inc.
MongoDB products only
cna@mongodb.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Mozilla Corporation
Mozilla issues only
security@mozilla.org Policy Advisories CNA

Vendors and Projects
MITRE USA
Naver Corporation
Naver products only, except Line products
cve@navercorp.com Policy Advisories CNA

Vendors and Projects
MITRE South Korea
NetApp, Inc.
All NetApp products as well as projects hosted on https://github.com/netapp
security-alert@netapp.com

NetApp security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Netflix, Inc.
Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker
security-report@netflix.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Node.js
All actively developed versions of software developed under the Node.js project on https://github.com/nodejs
cve-request@iojs.org Policy Advisories CNA

Vendors and Projects
MITRE USA
NortonLifeLock Inc.
All NortonLifeLock product issues only
security@nortonlifelock.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Nozomi Networks Inc.
All Nozomi Networks products, as well as vulnerabilities in third-party software discovered by Nozomi Networks that are not in another CNA’s scope
prodsec@nozominetworks.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
NVIDIA Corporation
NVIDIA issues only
psirt@nvidia.com

NVIDIA security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Objective Development Software GmbH
Objective Development issues only
Objective Development security page Policy Advisories CNA

Vendors and Projects
MITRE Austria
Odoo
Odoo issues only
security@odoo.com Policy Advisories CNA

Vendors and Projects
MITRE Belgium
openEuler
openEuler issues only
securities@openeuler.org Policy Advisories CNA

Vendors and Projects
MITRE China
OpenSSL Software Foundation
OpenSSL software projects only
openssl-security@openssl.org Policy Advisories CNA

Vendors and Projects
MITRE USA
OpenVPN Inc.
All products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel
security@openvpn.net Policy Business VPN Advisories

Community Advisories
CNA

Vendors and Projects
MITRE USA
Opera
Opera issues only
Opera security contact page Policy Advisories CNA

Vendors and Projects
MITRE Norway
OPPO Mobile Telecommunication Corp., Ltd.
OPPO devices only
security@oppo.com Policy Advisories CNA

Vendors and Projects
MITRE China
Oracle
Oracle supported version product issues only; CVE IDs will not be assigned for unsupported products or versions (Oracle will confirm support status and notify researcher)
secalert_us@oracle.com

Oracle security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
OTRS AG
Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only
security@otrs.com Policy Advisories CNA

Vendors and Projects
MITRE Germany
Palo Alto Networks, Inc.
All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope
psirt@paloaltonetworks.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Pegasystems Inc.
Pegasystems products only
security@pega.com Policy Advisories CNA

Vendors and Projects
MITRE USA
PHP Group
Vulnerabilities in PHP code (code in https://github.com/php/php-src) only
security@php.net Policy Advisories CNA

Vendors and Projects
MITRE USA
Pivotal Software, Inc.
Pivotal, Spring, and Cloud Foundry issues only
security@pivotal.io Pivotal Policy

Cloud Foundry Policy
Pivotal Advisories

Spring Advisories

Cloud Foundry Advisories
CNA

Vendors and Projects
MITRE USA
Puppet
All Puppet products, as well as all projects on https://github.com/puppetlabs
security@puppet.com Policy Advisories CNA

Vendors and Projects
MITRE USA
QNAP Systems, Inc.
QNAP QTS, QES, and QVR products as well as its mobile apps and utilities
security@qnap.com Policy Advisories CNA

Vendors and Projects
MITRE Taiwan
Qualcomm, Inc.
Qualcomm and Snapdragon issues only
product-security@qualcomm.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Rapid7, Inc.
All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope
cve@rapid7.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE USA
Red Hat, Inc.
Vulnerabilities in open-source projects affecting Red Hat offerings, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported Red Hat offerings
secalert@redhat.com

Red Hat security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Replicated, Inc.
Replicated products and services only
security@replicated.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Salesforce, Inc.
Salesforce products only
security@salesforce.com Policy Advisories CNA

Vendors and Projects
MITRE USA
SAP SE
All SAP products
cna@sap.com Policy Advisories CNA

Vendors and Projects
MITRE Germany
Schneider Electric
All Schneider Electric products, including Proface, APC, and Eurotherm
cybersecurity@se.com

Schneider Electric security contact page
Policy Advisories CNA

Vendors and Projects
MITRE France
SICK AG
SICK AG issues only
psirt@sick.de Policy Advisories CNA

Vendors and Projects
MITRE Germany
Siemens
Siemens issues only
productcert@siemens.com

Siemens security contact page
Policy Advisories CNA

Vendors and Projects
CISA ICS Germany
Sierra Wireless Inc.
Sierra Wireless products only
security@sierrawireless.com Policy Advisories CNA

Vendors and Projects
MITRE Canada
Silver Peak Systems, Inc.
Silver Peak product issues only
sirt@silver-peak.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Snyk
Vulnerabilities in third-party products discovered by Snyk only
report@snyk.io Policy Advisories CNA

Vulnerability Researchers
MITRE UK
SonicWall, Inc.
SonicWall issues only
PSIRT@sonicwall.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Spanish National Cybersecurity Institute, S.A. (INCIBE)
Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level
INCIBE CNA contact email address Policy (Spanish)

Policy (English)
Advisories (Spanish)

Advisories (English)
CNA

National and Industry CERTs
MITRE Spain
Splunk Inc.
Splunk products only
prodsec@splunk.com Policy Advisories CNA

Vendors and Projects
MITRE USA
SUSE
All SUSE Enterprise products and openSUSE software
security@suse.de Policy Advisories

Advisories (by CVE ID)
CNA

Vendors and Projects
MITRE USA
Symantec - A Division of Broadcom
Symantec enterprise products only
symantec.psirt@broadcom.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Synaptics, Inc.
Synaptics issues only
psirt@synaptics.com Policy Touchpad Family Advisories

Biomentrics Advisories

Far-Field Voice DSPs Advisories
CNA

Vendors and Projects
MITRE USA
Synology Inc.
Synology issues only
security@synology.com

Synology security contact page
Policy Advisories CNA

Vendors and Projects
MITRE Taiwan
Talos
Third-party products it researches
talos-cna@cisco.com

Talos security page
Policy Advisories CNA

Vulnerability Researchers
MITRE USA
Tcpdump Group
Tcpdump and Libpcap only
security@tcpdump.org Policy Advisories CNA

Vendors and Projects
MITRE Canada
Tenable Network Security, Inc.
Tenable products and third-party products it researches not covered by another CNA
vulnreport@tenable.com

Tenable security contact page
Policy Advisories CNA

Vendors and Projects
MITRE USA
Teradici Corporation
Teradici issues only
security@teradici.com Policy Advisories CNA

Vendors and Projects
MITRE Canada
360 Security Technology, Inc.
360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA
security@360.cn Policy Advisories CNA

Vendors and Projects
Vulnerability Researcher
MITRE China
TianoCore.org
Software vulnerabilities related to the TianoCore Open Source
infosec@edk2.groups.io Policy Advisories CNA

Vendors and Projects
MITRE USA
TIBCO Software Inc.
TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only
security@tibco.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Tigera, Inc.
All vulnerabilities for Calico and all of Tigera’s products only
psirt@tigera.io Policy Advisories CNA

Vendors and Projects
MITRE USA
Trend Micro, Inc.
Trend Micro supported products and end-of-life products issues only
security@trendmicro.com

Trend Micro security contact page
Policy Advisories CNA

Vendors and Projects
MITRE Japan
TWCERT/CC
Vulnerability assignment related to its vulnerability coordination role
cve@cert.org.tw Policy (Chinese)

Policy (English)
Advisories (Chinese)

Advisories (English)
CNA

National and Industry CERTs
MITRE Taiwan
VDOO Connected Trust Ltd.
All VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope
vuln@vdoo.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers
MITRE Israel
Vivo Mobile Communication Co., Ltd.
Vivo issues only
security@vivo.com Policy Advisories CNA

Vendors and Projects
MITRE China
VMware
VMware issues only
security@vmware.com Policy Advisories CNA

Vendors and Projects
MITRE USA
Xiaomi Technology Co., Ltd.
Xiaomi issues only
security@xiaomi.com Policy Advisories CNA

Vendors and Projects
MITRE China
Yandex N.V.
Yandex issues only
browser-security@yandex-team.ru Policy Advisories CNA

Vendors and Projects
MITRE Russia
Zabbix
Zabbix products and Zabbix projects listed on https://git.zabbix.com/ only
security@zabbix.com Policy Advisories CNA

Vendors and Projects
MITRE Latvia
Zephyr Project
Zephyr project components, and vulnerabilities that are not in another CNA’s scope
vulnerabilities@zephyrproject.org Policy Advisories CNA

Vendors and Projects
MITRE USA
Zero Day Initiative
Products and projects covered by its bug bounty programs that are not in another CNA’s scope
zdi-disclosures@trendmicro.com

ZDI contact page
Policy Advisories CNA

Bug Bounty Programs
MITRE Japan
Zscaler, Inc.
Zscaler issues only
cve@zscaler.com Policy Advisories CNA

Vendors and Projects
MITRE USA
ZTE Corporation
ZTE products only
psirt@zte.com.cn Policy Advisories CNA

Vendors and Projects
MITRE China

Key to CNA Roles, Types, and Countries

Roles

Types

Countries

MITRE CNA of Last Resort PGP Key

Please use our CVE Request web form to request CVE IDs directly from the MITRE CNA of Last Resort (CNA-LR). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		903E4008
Fingerprint:	F59F 1525 57C5 3CE4 BEAE B86E F357 D0E9 903E 4008
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated March 2020

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: September 24, 2020