Common Vulnerabilities and Exposures

Latest News

2nd Product from Beijing Netpower Technologies Now Registered as Officially "CVE-Compatible"

ToolsWatch Makes Declaration of CVE Compatibility

CVE Identifier "CVE-2015-0313" Cited in Numerous Security Advisories and News Media References about a Zero-Day Adobe Flash Vulnerability

1 Product from WPScan Now Registered as Officially "CVE-Compatible"

1 Product from Beijing Netpower Technologies Now Registered as Officially "CVE-Compatible"

CVE Mentioned in Article about Disclosing and Patching Vulnerabilities on Tripwire's State of Security Blog

First CVE-IDs Issued in New Numbering Format Now Available

More News »

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

CVE-ID Numbers in New Numbering Format Now being Issued

CVE Identifiers (CVE-IDs) using the new numbering format are now being issued. "CVE-2014-10001" with 5 digits in the sequence number and "CVE-2014-100001" with 6 digits in the sequence number are two examples (learn more). Organizations that have not updated to the new CVE-ID format risk the possibility that their products and services could break or report inaccurate vulnerability identifiers, which could significantly impact users' vulnerability management practices.

To make it easy to update, the CVE Web site provides free technical guidance and CVE test data for developers and consumers to use to verify that their products and services will work correctly. In addition, for those who use National Vulnerability Database (NVD) data, NIST provides test data in NVD format at http://nvd.nist.gov/cve-id-syntax-change.

Comments or concerns about this guidance, and/or the test data, is welcome at cve-id-change@mitre.org.