News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Minutes from CVE Board Teleconference Meeting on February 17 Now Available
February 23, 2021 | Share this article

The CVE Board held a teleconference meeting on February 17, 2021. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on February 3 Now Available
February 9, 2021 | Share this article

The CVE Board held a teleconference meeting on February 3, 2021. Read the meeting minutes.

Swift Project Added as CVE Numbering Authority (CNA)
February 4, 2021 | Share this article

Swift Project is now a CVE Numbering Authority (CNA) for the Swift Project only. Swift Project’s Root CNA is the MITRE Top-Level Root CNA.

To date, 153 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Jonn Perez of Trend Micro
February 1, 2021 | Share this article

In his article on the CVE Blog, CVE community member Jonn Perez of CVE Numbering Authority (CNA) Trend Micro discusses the benefits of leveraging the CVE Program in its vulnerability discovery and disclosure processes in “Our CVE Story: Learning to Embrace Recognition and Mitigations of Vulnerabilities as a Strength.”

New CVE Board Member from Pen Test Partners
January 20, 2021 | Share this article

Ken Munro of Pen Test Partners LLP has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

Minutes from CVE Board Teleconference Meeting on January 6 Now Available
January 15, 2021 | Share this article

The CVE Board held a teleconference meeting on January 6, 2021. Read the meeting minutes.

Sophos Added as CVE Numbering Authority (CNA)
January 13, 2021 | Share this article

Sophos Limited is now a CVE Numbering Authority (CNA) for Sophos issues only. Sophos’ Root CNA is the MITRE Top-Level Root CNA. Read the Sophos news release.

To date, 152 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

WPScan Added as CVE Numbering Authority (CNA)
January 12, 2021 | Share this article

WPScan is now a CVE Numbering Authority (CNA) for WordPress core, plugins, and themes. WPScan’s Root CNA is the MITRE Top-Level Root CNA. Read the WPScan news release.

To date, 151 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Samsung Mobile Added as CVE Numbering Authority (CNA)
January 11, 2021 | Share this article

Samsung Mobile is now a CVE Numbering Authority (CNA) for Samsung Mobile Galaxy products, personal computers, and related services only. Samsung Mobile’s Root CNA is the MITRE Top-Level Root CNA.

To date, 150 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on December 16 Now Available
December 22, 2020 | Share this article

The CVE Board held a teleconference meeting on December 16, 2020. Read the meeting minutes.

Coalfire Labs Added as CVE Numbering Authority (CNA)
December 17, 2020 | Share this article

Coalfire Labs is now a CVE Numbering Authority (CNA) for all CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope. Coalfire Labs’ Root CNA is the MITRE Top-Level Root CNA. Read the Coalfire Labs news release.

To date, 149 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Milind Kulkarni of NVIDIA
December 15, 2020 | Share this article

In his article on the CVE Blog, CVE community member Milind Kulkarni of CVE Numbering Authority (CNA) NVIDIA discusses the benefits of leveraging the CVE Program for vulnerability disclosure practices in “Our CVE Story: Using the CVE Program to Provide Reliable Vulnerability Information.”

Minutes from CVE Board Teleconference Meeting on December 2 Now Available
December 11, 2020 | Share this article

The CVE Board held a teleconference meeting on December 2, 2020. Read the meeting minutes.

COMPLETED: CVE List Content Updates Unavailable from 6:00am-11:00pm (EST) on December 10
December 8, 2020 (Updated December 11, 2020)| Share this article

UPDATE: Infrastructure upgrades on the CVE website were completed, and normal operations resumed, on December 10, 2020 at 11:00 p.m. (EST). We apologize for any inconvenience. Please contact us with any comments or concerns.

The CVE Program is upgrading the infrastructure used to add CVE List content to the CVE website. As a result, from 6:00 a.m. through 11:00 p.m. (EST) on December 10, 2020 any data that is updated daily on a periodic basis (e.g., CVE List, @CVEnew tweets, download files) will not be updated. Normal operations are scheduled to resume on December 10, 2020 at 11:00 p.m. (EST).

Previously published CVE List content on the CVE website will remain accessible, as will all other website content, during the upgrades. In addition, submissions via the CVE Request Web Form and GitHub (CVE Numbering Authorities (CNAs)-only) may still be made during this time but will processed once the upgrade is completed.

This announcement was also posted to Twitter and LinkedIn.

JPCERT/CC Blog Announces Two New CNAs from Japan and Encourages Other Vendors to Participate
December 8, 2020 | Share this article

JPCERT/CC posted a blog article on December 4, 2020 that explained its role as a Root CVE Numbering Authority (CNA) and announced Mitsubishi Electric and LINE Corporation as CNAs with JPCERT/CC as their Root CNA.

In addition to announcing that two organizations have joined the CVE Program as CNAs, JPCERT/CC also encouraged other organizations in Japan to participate: “As a CNA, JPCERT/CC assigns CVE IDs to reported vulnerabilities, when publishing the advisories on JVN. However, considering the nature of CVE IDs, it would be more natural for the product developers who can acknowledge and verify the vulnerabilities to assign CVE IDs on their own, than by the organizations who coordinate and publish vulnerability information. The involvement of the 2 new CNAs is welcome by the CVE Program, as vendors’ participation to the program as CNAs is highly encouraged … If you are interested in becoming a CNA or have any opinions on this topic, please contact us at vuls@jpcert.or.jp.”

Read the complete blog article in English or Japanese.

Mitsubishi Electric Added as CVE Numbering Authority (CNA)
December 4, 2020 | Share this article

Mitsubishi Electric Corporation is now a CVE Numbering Authority (CNA) for Mitsubishi Electric issues only. Mitsubishi Electric’s Root CNA is the JPCERT/CC Root CNA.

To date, 148 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

LINE Added as CVE Numbering Authority (CNA)
December 4, 2020 | Share this article

LINE Corporation is now a CVE Numbering Authority (CNA) for current versions of LINE Messenger Application for iOS, Android, Mac, and Windows, plus LINE Open Source projects hosted on https://github.com/line. LINE’s Root CNA is the JPCERT/CC Root CNA.

To date, 147 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Introducing the New CVE Logo!
December 1, 2020 | Share this article

The CVE Program has new logo! As a reminder, the new CVE logo was chosen by the community in a contest held earlier this year.


New CVE Logo


The new CVE logo will be rolled out across all of our communications materials in the coming weeks. Please contact us with any comments or concerns.

Page Last Updated or Reviewed: February 25, 2021