|
|||||
Power user
shortcuts:
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
New users, follow these steps to request CVE IDs:
CNAs are listed alphabetically:
Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA |
Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com Adobe security page | Vendors and Projects |
Airbus | All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope | vuln@airbus.com
Airbus Vulnerability Handling and Disclosure |
Vendors and Projects Vulnerability Researchers |
Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | alibaba-cna@list.alibaba-inc.com
Alibaba website Alibaba GitHub website |
Vendors and Projects |
Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | security@android.com
Android security page |
Vendors and Projects |
Apache Software Foundation | All Apache Software Foundation issues | security@apache.org Apache security page | Vendors and Projects |
Apple Inc. | Apple issues only | product-security@apple.com Apple security page | Vendors and Projects |
Appthority | All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not in another CNA’s scope | security@appthority.com
Appthority Disclosure Policy Appthority Advisories | Vendors and Projects Vulnerability Researchers |
Asea Brown Boveri Ltd. (ABB) | ABB issues only | cybersecurity@ch.abb.com
ABB Disclosure Policy ABB Advisories | Vendors and Projects |
Atlassian | All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ | security@atlassian.com | Vendors and Projects |
Autodesk | All currently supported Autodesk Applications and Cloud Services | psirt@autodesk.com | Vendors and Projects |
Avaya, Inc. | All Avaya products | securityalerts@avaya.com
Avaya Disclosure Policy Avaya Advisories | Vendors and Projects |
Bitdefender | All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope | cve-requests@bitdefender.com
Bitdefender Disclosure Policy Bitdefender Advisories | Vendors and Projects Vulnerability Researchers |
BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com Blackberry security page | Vendors and Projects |
Robert Bosch GmbH | Bosch products only | psirt@bosch.com
Bosch Disclosure Policy Bosch Advisories | Vendors and Projects |
Brocade Communications Systems, LLC | Brocade products only | brocade.sirt@broadcom.com Brocade security page | Vendors and Projects |
Canonical Ltd. | All Canonical issues (including Ubuntu Linux) only | security@ubuntu.com Ubuntu security page | Vendors and Projects |
CA Technologies - A Broadcom Company | CA Technologies issues only |
ca.psirt@broadcom.com
CA Technologies Disclosure Policy CA Technologies Advisories | Vendors and Projects |
CERT/CC | Vulnerability assignment related to its vulnerability coordination role | cert@cert.org CERT/CC contact page | National and Industry CERTs |
Check Point Software Technologies Ltd. | Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope | cve@checkpoint.com | Vendors and Projects Vulnerability Researchers |
Cisco Systems, Inc. | All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope | psirt@cisco.com
Cisco Disclosure Policy Cisco Advisories psirt@duosecurity.com Duo Security Disclosure Policy Duo Security Advisories |
Vendors and Projects Vulnerability Researchers |
Cloudflare, Inc. | All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope | cna@cloudflare.com
Cloudflare Disclosure Policy Cloudflare Advisories |
Vendors and Projects |
CyberSecurity Philippines - CERT | Vulnerability assignment related to its vulnerability coordination role that are not in another CNA’s scope | vulnerability@cspcert.ph
CyberSecurity Philippines - CERT Disclosure Policy CyberSecurity Philippines - CERT Advisories | National and Industry CERTs |
Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com Dahua security page | Vendors and Projects |
Debian GNU/Linux | Debian issues only | security@debian.org Debian security page | Vendors and Projects |
Dell | Dell, Dell EMC, RSA, and VCE issues only | secure@dell.com Dell security page | Vendors and Projects |
Document Foundation, The | Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues | security@documentfoundation.org
The Document Foundation Disclosure Policy The Document Foundation Advisories | Vendors and Projects |
Drupal.org | All projects hosted under drupal.org only | security@drupal.org Drupal security advisories page | Vendors and Projects |
Eaton | Eaton issues only | cybersecuritycoe@eaton.com
Eaton Disclosure Policy Eaton Advisories | Vendors and Projects |
Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only | security@eclipse.org Eclipse security page | Vendors and Projects |
Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only |
security@elastic.co
Elastic security page |
Vendors and Projects |
F5 Networks | F5 issues only | f5sirt@f5.com
F5 Vulnerability Response Policy |
Vendors and Projects |
Facebook, Inc. | Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/ | Facebook security page | Vendors and Projects Vulnerability Researchers |
Fedora Project | Fedora Project issues only | Fedora Bug Report page | Vendors and Projects |
Flexera Software LLC | All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope | PSIRT-CNA@flexerasoftware.com | Vendors and Projects Vulnerability Researchers |
floragunn GmbH | All issues related to Search Guard only | security@search-guard.com
floragunn Disclosure Policy floragunn Advisories | Vendors and Projects |
Forcepoint | Forcepoint products only | psirt@forcepoint.com Forcepoint security page | Vendors and Projects |
Fortinet, Inc. | Fortinet issues only | psirt@fortinet.com | Vendors and Projects |
FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org | Vendors and Projects |
GitHub, Inc. | All libraries and products hosted on github.com in a public repository, unless they are otherwise covered by another CNA | security-advisories@github.com
GitHub Disclosure Policy GitHub Advisories | Vendors and Projects |
Google Inc. | Chrome and Chrome OS issues, and projects that are not in another CNA’s scope | Report vulnerabilities: security@chromium.org Questions about Google’s CVE Entries: chrome-cve-admin@google.com Google app security page |
Vendors and Projects |
HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform | support@hackerone.com HackerOne contact page | Bug Bounty Programs |
Hangzhou Hikvision Digital Technology Co., Ltd. | All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) | hsrc@hikvision.com | Vendors and Projects |
HCL Software | All HCL products only | psirt@hcl.com
HCL Disclosure Policy HCL Advisories | Vendors and Projects |
Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | Vendors and Projects |
Hillstone Networks, Inc. | All Hillstone products only |
sec@hillstonenet.com
Hillstone Disclosure Policy Hillstone Advisories | Vendors and Projects |
HP Inc. | HP Inc. issues only | hp-security-alert@hp.com | Vendors and Projects |
Huawei Technologies | Huawei issues only | psirt@huawei.com Huawei security page | Vendors and Projects |
IBM Corporation | All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope | psirt@us.ibm.com | Vendors and Projects Vulnerability Researchers |
ICS-CERT | Infrastructure sector control systems | ics-cert@hq.dhs.gov | National and Industry CERTs |
Intel Corporation | Intel branded products and technologies and Intel managed open source projects | secure@intel.com Intel security page | Vendors and Projects |
Internet Systems Consortium (ISC) | All ISC.org projects | security-officer@isc.org ISC report a bug page | Vendors and Projects |
Jenkins Project | Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only | jenkinsci-cert@googlegroups.com
Jenkins Project Disclosure Policy Jenkins Project Advisories | Vendors and Projects |
Johnson Controls | Johnson Controls products only | productsecurity@jci.com
Johnson Controls Disclosure Policy Johnson Controls Advisories | Vendors and Projects |
JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vultures@jpcert.or.jp JPCERT/CC contact page | Root CNA
National and Industry CERTs |
Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net Juniper security page | Vendors and Projects |
Kaspersky | Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope | vulnerability@kaspersky.com | Vendors and Projects Vulnerability Researchers |
KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vuln@krcert.or.kr | National and Industry CERTs |
Kubernetes | Kubernetes issues only | security@kubernetes.io
Kubernetes Disclosure Policy Kubernetes Advisories | Vendors and Projects |
Larry Cashdollar | Third-party products he researches | larry0@me.com | Vulnerability Researchers |
Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only | psirt@lenovo.com | Vendors and Projects |
MarkLogic Corporation | MarkLogic issues only | security@marklogic.com | Vendors and Projects |
McAfee | All McAfee products, as well as vulnerabilities in third-party software discovered by McAfee ATR that are not in another CNA’s scope |
security_report@mcafee.com
McAfee Advisories | Vendors and Projects Vulnerability Researchers |
Micro Focus International | All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites | security@microfocus.com
Micro Focus Disclosure Policy Micro Focus Advisories | Vendors and Projects |
Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security page |
Vendors and Projects |
MITRE Corporation | All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA |
MongoDB, Inc. | MongoDB products only | cna@mongodb.com
MongoDB Disclosure Policy MongoDB Advisories | Vendors and Projects |
Mozilla Corporation | Mozilla issues only | security@mozilla.org Mozilla security page | Vendors and Projects |
Naver Corporation | Naver products only, except Line products | cve@navercorp.com
Naver Disclosure Policy Naver Advisories | Vendors and Projects |
NetApp, Inc. | All NetApp products as well as projects hosted on https://github.com/netapp | security-alert@netapp.com NetApp security page | Vendors and Projects |
Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker | security-report@netflix.com | Vendors and Projects |
Node.js | All actively developed versions of software developed under the Node.js project on https://github.com/nodejs | cve-request@iojs.org Node.js security page | Vendors and Projects |
NVIDIA Corporation | NVIDIA issues only | psirt@nvidia.com NVIDIA security page | Vendors and Projects |
Objective Development Software GmbH | Objective Development issues only | Objective Development security page | Vendors and Projects |
Odoo | Odoo issues only | security@odoo.com
Odoo Disclosure Policy Odoo Advisories | Vendors and Projects |
OpenSSL Software Foundation | OpenSSL software projects only | openssl-security@openssl.org OpenSSL contact web page | Vendors and Projects |
OPPO Mobile Telecommunication Corp., Ltd. | OPPO devices only | security@oppo.com
OPPO Disclosure Policy OPPO Advisories | Vendors and Projects |
Oracle | Oracle Premier and Extended Support product versions per Oracle’s Lifetime Support Policy | secalert_us@oracle.com Oracle security page | Vendors and Projects |
OTRS AG | Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only | security@otrs.com
OTRS Disclosure Policy OTRS Advisories | Vendors and Projects |
Palo Alto Networks, Inc. | All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope |
psirt@paloaltonetworks.com
Palo Alto Networks Disclosure Policy Palo Alto Networks Advisories | Vendors and Projects Vulnerability Researchers |
PHP Group | Vulnerabilities in PHP code (code in https://github.com/php/php-src) only | security@php.net
PHP Group Disclosure Policy PHP Group Advisories | Vendors and Projects |
Pivotal Software, Inc. | Pivotal, Spring, and Cloud Foundry issues only | security@pivotal.io
Pivotal Disclosure Policy, Cloud Foundry Disclosure Policy Pivotal Advisories, Spring Advisories, Cloud Foundry Advisories | Vendors and Projects |
Puppet | All Puppet products, as well as all projects on https://github.com/puppetlabs | security@puppet.com Puppet security page | Vendors and Projects |
QNAP Systems, Inc. | QNAP QTS, QES, and QVR products as well as its mobile apps and utilities | security@qnap.com | Vendors and Projects |
Qualcomm, Inc. | Qualcomm and Snapdragon issues only | product-security@qualcomm.com | Vendors and Projects |
Rapid7, Inc. | All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope | cve@rapid7.com Rapid7 security page | Vendors and Projects Vulnerability Researchers |
Red Hat, Inc. | Linux issues only | secalert@redhat.com Red Hat security page | Vendors and Projects |
Salesforce, Inc. | Salesforce products only | security@salesforce.com
Salesforce Disclosure Policy Salesforce Advisories | Vendors and Projects |
SAP SE | All SAP products | cna@sap.com | Vendors and Projects |
Schneider Electric SE | All Schneider Electric products, including Proface, Pelco, APC, and Eurotherm | cybersecurity@se.com Schneider Electric security page | Vendors and Projects |
SICK AG | SICK AG issues only | psirt@sick.de
SICK Disclosure Policy SICK Advisories | Vendors and Projects |
Siemens | Siemens issues only | productcert@siemens.com Siemens security page | Vendors and Projects |
Snyk | Vulnerabilities in third-party products discovered by Snyk only | report@snyk.io
Snyk Disclosure Policy Snyk Advisories | Vulnerability Researchers |
SonicWall, Inc. | SonicWall issues only | PSIRT@sonicwall.com
SonicWall Disclosure Policy SonicWall Advisories | Vendors and Projects |
Splunk Inc. | Splunk products only | prodsec@splunk.com
Splunk Disclosure Policy Splunk Advisories | Vendors and Projects |
SUSE | All SUSE Enterprise products and openSUSE software | security@suse.de
SUSE Disclosure Policy SUSE Advisories SUSE Advisories by CVE ID | Vendors and Projects |
Symantec Corporation | Symantec issues only | secure@symantec.com Symantec security page | Vendors and Projects |
Synology Inc. | Synology issues only | security@synology.com Synology security page | Vendors and Projects |
Talos | Third-party products it researches | talos-cna@cisco.com Talos web page | Vulnerability Researchers |
Tenable Network Security, Inc. | Tenable products and third-party products they research not covered by another CNA | vulnreport@tenable.com Tenable security page | Vendors and Projects |
360 Security Technology, Inc. | 360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA |
security@360.cn
360 Disclosure Policy 360 Advisories |
Vendors and Projects Vulnerability Researchers |
TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only | security@tibco.com | Vendors and Projects |
Tigera, Inc. | All vulnerabilities for Calico and all of Tigera’s products only | psirt@tigera.io
Tigera Disclosure Policy Tigera Advisories | Vendors and Projects |
Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only | security@trendmicro.com Trend Micro security page | Vendors and Projects |
TWCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cve@cert.org.tw
Chinese: TWCERT/CC Disclosure Policy TWCERT/CC Advisories English: TWCERT/CC Disclosure Policy TWCERT/CC Advisories |
National and Industry CERTs |
VMware | VMware issues only | security@vmware.com | Vendors and Projects |
Yandex N.V. | Yandex issues only | browser-security@yandex-team.ru | Vendors and Projects |
Zephyr Project | Zephyr project components, and vulnerabilities that are not in another CNA’s scope | vulnerabilities@zephyrproject.org | Vendors and Projects |
Zero Day Initiative | Products and projects covered by its bug bounty programs that are not in another CNA’s scope | zdi-disclosures@trendmicro.com ZDI contact page | Bug Bounty Programs |
ZTE Corporation | ZTE products only | psirt@zte.com.cn | Vendors and Projects |
* Key for CNA Types:
Please use our CVE Request web form to request CVE IDs directly from the CVE Program Root CNA (currently MITRE). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
Key ID: 7C2D8720 Fingerprint: 9C98 A172 9BE8 01B2 FF6D 14BA 7496 C064 7C2D 8720 Key size: 4096 Public key: Click to download
NOTE: PGP key updated March 2018
For questions, or assistance about how to use the information on this page, please contact us.