Common Vulnerabilities and Exposures
| Follow CVE |
  |
Request a CVE ID
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
Shortcuts for experienced users:
CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)
New users, follow these steps to request CVE IDs:
1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage table below.
2) Contact the CNA specified below using the contact method provided.
3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).
CNA Coverage
For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.
| Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
| MITRE Corporation | All vulnerabilities not already listed on this page | MITRE CVE Request web form | Primary CNA |
| Distributed Weakness Filing Project | Any open source software issues not already covered by MITRE or another CNA | cve-assign@distributedweaknessfiling.org
https://iwantacve.org/ DWF GitHub page | Vendors and Projects |
| Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com Adobe security page | Vendors and Projects |
| Airbus | All Airbus products as well as vulnerabilities in third-party software discovered by Airbus that are not covered by another CNA | cert@airbus.com | Vulnerability Researchers |
| Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | Alibaba website Alibaba GitHub website | Vendors and Projects |
| Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | security@android.com Android security page | Vendors and Projects |
| Apache Software Foundation | Apache Software and Apache HTTP Server issues only | security@apache.org Apache security page | Vendors and Projects |
| Apple Inc. | Apple issues only | product-security@apple.com Apple security page | Vendors and Projects |
| ASUSTOR Inc. | ASUSTOR network attached storage (NAS) products, as well as its ADM systems, NAS apps, mobile apps, and utilities | security@asustor.com | Vendors and Projects |
| Atlassian | Atlassian issues only | security@atlassian.com | Vendors and Projects |
| Autodesk | All currently supported Autodesk Applications and Cloud Services | psirt@autodesk.com | Vendors and Projects |
| BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com Blackberry security page | Vendors and Projects |
| Brocade Communications Systems, Inc. | Brocade and Ruckus Wireless issues only | sirt@brocade.com Brocade security page | Vendors and Projects |
| Canonical Ltd. | All Canonical issues (including Ubuntu Linux) only | security@ubuntu.com Ubuntu security page | Vendors and Projects |
| CA Technologies | CA Technologies issues only | vuln@ca.com CA security page | Vendors and Projects |
| CERT/CC | Vulnerability assignment related to its vulnerability coordination role | cert@cert.org CERT/CC contact page | National and Industry CERTs |
| Check Point Software Technologies Ltd. | Check Point Security Gateways product line only | cve@checkpoint.com | Vendors and Projects |
| Cisco Systems, Inc. | Cisco issues only | cve_assign@cisco.com Cisco security page | Vendors and Projects |
| Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com Dahua security page | Vendors and Projects |
| Debian GNU/Linux | Debian issues only | security@debian.org Debian security page | Vendors and Projects |
| Dell EMC | Dell EMC, Dell, RSA, Pivotal, and VCE issues only | security_alert@emc.com Dell EMC security page | Vendors and Projects |
| Distributed Weakness Filing Project (DWF) | See listing at top of this table | ||
| Drupal.org | All projects hosted under drupal.org only | security@drupal.org Drupal security advisories page | Vendors and Projects |
| Duo Security, Inc. | All Duo products and any third-party research targets that are not already in another CNA's scope | security@duo.com | Vulnerability Researchers |
| Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only | security@eclipse.org Eclipse security page | Vendors and Projects |
| Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only | security@eclipse.org Elastic security page | Vendors and Projects |
| F5 Networks | F5 issues only | f5sirt@f5.com | Vendors and Projects |
| Flexera Software LLC | All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA | PSIRT-CNA@flexerasoftware.com | Vendors and Projects |
| Forcepoint | Forcepoint products only | psirt@forcepoint.com Forcepoint security page | Vendors and Projects |
| Fortinet, Inc. | Fortinet issues only | psirt@fortinet.com | Vendors and Projects |
| FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org | Vendors and Projects |
| Google Inc. | Chrome and Chrome OS issues only | security@google.com Google app security page | Vendors and Projects |
| HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform | support@hackerone.com HackerOne contact page | Bug Bounty Programs |
| Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | Vendors and Projects |
| HP Inc. | HP Inc. issues only | hp-security-alert@hp.com | Vendors and Projects |
| Huawei Technologies | Huawei issues only | psirt@huawei.com Huawei security page | Vendors and Projects |
| IBM Corporation | IBM issues only | psirt@us.ibm.com | Vendors and Projects |
| ICS-CERT | Infrastructure sector control systems | ics-cert@hq.dhs.gov | National and Industry CERTs |
| Intel Corporation | Intel branded products and technologies and Intel managed open source projects | secure@intel.com Intel security page | Vendors and Projects |
| Internet Systems Consortium (ISC) | All ISC.org projects | security-officer@isc.org ISC report a bug page | Vendors and Projects |
| IOActive | Third-party products it researches | info@ioactive.com IOActive contact page | Vulnerability Researchers |
| Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net Juniper security page | Vendors and Projects |
| JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vultures@jpcert.or.jp JPCERT/CC contact page | National and Industry CERTs |
| Kaspersky Labs | Kaspersky B2C and B2B products as well as vulnerabilities discovered in third-party software not covered by another CNA | vulnerability@kaspersky.com | Vulnerability Researchers |
| KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vuln@krcert.or.kr | National and Industry CERTs |
| Larry Cashdollar | Third-party products he researches | larry0@me.com | Vulnerability Researchers |
| Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only | psirt@lenovo.com | Vendors and Projects |
| MarkLogic Corporation | MarkLogic issues only | security@marklogic.com | Vendors and Projects |
| McAfee | McAfee issues only | psirt@mcafee.com | Vendors and Projects |
| Micro Focus International | Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only | security@suse.com Micro Focus security page | Vendors and Projects |
| Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security page |
Vendors and Projects |
| MITRE Corporation | See listing at top of this table | ||
| Mozilla Corporation | Mozilla issues only | security@mozilla.org Mozilla security page | Vendors and Projects |
| NetApp, Inc. | All NetApp products as well as projects hosted on https://github.com/netapp | security-alert@netapp.com NetApp security page | Vendors and Projects |
| Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker only | security-report@netflix.com | Vendors and Projects |
| Netgear, Inc. | Netgear issues only | security@netgear.com Netgear security page | Vendors and Projects |
| Nvidia Corporation | Nvidia issues only | psirt@nvidia.com | Vendors and Projects |
| Objective Development Software GmbH | Objective Development issues only | Objective Development security page | Vendors and Projects |
| OpenSSL Software Foundation | OpenSSL software projects only | openssl-security@openssl.org OpenSSL contact web page | Vendors and Projects |
| Oracle | Oracle issues only | secalert_us@oracle.com Oracle security page | Vendors and Projects |
| Puppet | Puppet issues only | security@puppet.com Puppet security page | Vendors and Projects |
| Qihoo 360 Technology Co. Ltd. | 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only | security@360.cn Qihoo 360 security page | Vendors and Projects |
| QNAP Systems, Inc. | QNAP QTS, QES, and QVR products as well as its mobile apps and utilities | security@qnap.com | Vendors and Projects |
| Qualcomm, Inc. | Qualcomm and Snapdragon issues only | product-security@qualcomm.com | Vendors and Projects |
| Rapid7, Inc. | All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA | cve@rapid7.com Rapid7 security page | Vulnerability Researchers |
| Red Hat, Inc. | Linux issues only | secalert@redhat.com Red Hat security page | Vendors and Projects |
| Riverbed Technology, Inc. | Riverbed products only | product-security@riverbed.com | Vendors and Projects |
| Schneider Electric SE | Schneider Electric products only | cybersecurity@schneider-electric.com Schneider Electric security page | Vendors and Projects |
| Siemens AG | Siemens issues only | productcert@siemens.com Siemens security page | Vendors and Projects |
| Silicon Graphics (SGI) | SGI issues only | security-info@sgi.com | Vendors and Projects |
| Symantec Corporation | Symantec issues only | secure@symantec.com Symantec security page | Vendors and Projects |
| Synology Inc. | Synology issues including its network attached storage (NAS) products only | security@synology.com Synology security page | Vendors and Projects |
| Talos | Third-party products it researches | talos-cna@cisco.com Talos web page | Vulnerability Researchers |
| Tenable Network Security, Inc. | Tenable products and third-party products they research not covered by another CNA | vulnreport@tenable.com Tenable security page | Vendors and Projects |
| TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only | security@tibco.com | Vendors and Projects |
| Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only | security@trendmicro.com Trend Micro security page | Vendors and Projects |
| VMware | VMware issues only | security@vmware.com | Vendors and Projects |
| Yandex N.V. | Yandex issues only | browser-security@yandex-team.ru | Vendors and Projects |
| Zephyr Project | Zephyr project components and vulnerabilities that are not covered by another CNA | vulnerabilities@zephyrproject.org | Vendors and Projects |
| Zero Day Initiative | Products and projects covered by its bug bounty programs not already covered by another CNA | zdi-disclosures@trendmicro.com ZDI contact page | Bug Bounty Programs |
| ZTE Corporation | ZTE products only | psirt@zte.com.cn | Vendors and Projects |
* Key for CNA Types:
- Bug Bounty Programs - assigns CVE IDs to products and projects that utilize the Bug Bounty service’s product offerings.
- National and Industry CERTs - performs incident response and vulnerability disclosure services for nations or industries. They may assign CVE IDs as part of their role and scope.
- Primary CNA - oversees the CNA program.
- Vendors and Projects - assigns CVE IDs for vulnerabilities found in their own products and projects.
- Vulnerability Researchers - assigns CVE IDs to products and projects upon which they perform vulnerability analysis.
MITRE (Primary CNA) PGP Key
Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
A PGP key is available for encrypted communications:
Key ID: 8B5618B6 Fingerprint: 3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6 Key size: 4096 Public key: Click to download
NOTE: PGP key updated August 2016
For questions, or assistance about how to use the information on this page, please contact us.
