All CVE Documents

Documents are available for the topics below. Please contact us to provide feedback about this page.

    CVE List
    CVE Request Web Form
    CVE Numbering Authorities (CNAs)
    CVE Working Groups
    CVE Board
    Presentations & More

CVE List Documentation

About CVE Entries

Provides an overview of CVE Entries and links to various documents within three areas: CVE Entries Defined, Creation of a CVE Entry, and Requesting CVE Identifiers (CVE IDs).

CVE Counting Rules

The nature and accuracy of the counting process underpins the value of a CVE Entry. Correct counting reduces the likelihood of duplicate CVE IDs being assigned to a single vulnerability. Also, some reports of vulnerabilities may confuse or conflate multiple, separate software problems, and the counting process helps to differentiate between those vulnerabilities that are unique. Decision trees are included.

CVE Entry Information Submission Format

Provides the required format that CNAs must use to provide CVE Entry information for assigning CVE IDs. An example is included.

Process to Correct Counting Issues

There are many places where the CVE ID assignment process can break down. Since mistakes are inevitable, processes to correct them are necessary. This document describes different scenarios wherein the CVE ID assignment goes awry, and the corresponding resolution process.

CVE References

Each CVE Entry includes appropriate references. Each reference used in CVE (1) identifies the source, (2) includes a well-defined identifier to facilitate searching on a source's website, and (3) notes the associated CVE Entry. CVE also includes a Reference Maps page with links to documents from the commonly used information sources that are used as references for CVE Entries.

CVE List Documentation (hosted on GitHub)

Additional CVE List-related documents are hosted on our CVEProject Documentation website on, including CVE Counting (Draft) and Key Details Phrasing.

CVE Program Root CNA PGP Key

PGP key last updated: March 2018
Fingerprint:  9C98 A172 9BE8 01B2 FF6D 14BA 7496 C064 7C2D 8720
Key ID:  7C2D8720  |  Key size:  4096

Search Tips for the CVE List

Provides tips for searching or viewing the CVE List hosted on this CVE website. Also notes that advanced searching of CVE enhanced content is available on the U.S. National Vulnerability Database (NVD).

CVE Request Web Form Documentation

CVE Request Web Form FAQs

Includes questions and answers on web form basics, using the web form, and after submitting a web form request.

CVE Request Web Form Overview

This presentation provides an overview of how to use the CVE Request web form, which is used to request CVE IDs from the CVE Program Root CNA, request an update to an existing CVE entry, provide notification about a vulnerability publication, or submit comments.

CVE Request Web Form Tip Sheet

A brief overview of information and tips for using each of the CVE Request web forms: Request a CVE ID; Request a block of IDs (for CNAs only); Notify CVE about a publication; Request an update to an existing CVE; and Other.

CVE Numbering Authorities (CNAs) Documentation

CVE Numbering Authority (CNA) Rules,
Version 2.0

Includes detailed information about the following: CNAs Overview – Federated CNA Structure, and Purpose and Goal of the CNA Rules; Rules for All CNAs – Assignment, Communication, and Administration; Responsibilities of Root and the CVE Program Root CNA – Specific Assignment, Communications, and Administration Rules for Root CNAs and for the Program Root CNA; CNA Candidate Process – Qualifications, and On-Boarding Process; Appeals Process; Definitions; CVE Information Format; Common Vulnerabilities and Exposures (CVE) Counting Rules – Purpose, Introduction, Definitions, Vulnerability Report, Inclusion Decisions, and Counting Decisions; Terms of Use; Process to Correct Counting Issues; Acronyms; Quarterly Metrics; and Disclosure and Embargo Policies. Version 2.0 – January 1, 2018 (NOTE: updated annually or as needed)

CVE Overview for Prospective CNAs

Provides detailed information for prospective CNAs about the following: Conceptual Basis of CVE; Design and Operational Choices for CVE – CVEs Purposely Provide Minimal Information About a Vulnerability, The CVE List is a Simple List, CVE Only Publishes Already-Disclosed Vulnerabilities, and The Anatomy of a CVE Entry - Example; CVE and the National Vulnerability Database (NVD); CVE and CNAs – Sources of Vulnerability Information, Benefits of Early CVE ID Assignment, Roles and Responsibilities of a CVE CNA - High Level View, and Benefits of Operating as a CNA; and Special Considerations for Prospective CNAs – Requirements for Assigning a CVE ID and Challenges When Assigning CVE IDs; More Information; Acronyms; and References. Version 1.0 – September 29, 2017

Submitting CVE Entry Information to CVE Team

Explains the three methods to submit “CVE Entry information” to the CVE Team: (1) CVE Request Web Form, (2) Email Address, and (3) Git (Experimental).

Researcher Reservation Guidelines

Provides information on how to reserve a CVE ID before publicizing a new vulnerability so that CVE ID can be included in the initial public announcement of the vulnerability and can be used to track the vulnerability.

CNA Processes Documentation & Onboarding Slides
(hosted on GitHub)

Additional CNA documents and slides are hosted on our CVEProject Documentation website on, including several under the following categories: CNA Resources, CNA Processes Documentation, and CNA Onboarding Slides (Becoming a CNA, CNA Processes, Counting Rules Guidance, Creating a CVE Entry for Submission, and Submitting CVE Entries to the CVE Program Root CNA).

CVE Working Groups

CNACWG Charter

This document provides information about the CNA Coordination Working Group (CNACWG) including its goals, operating principles, and objectives. Version 1.2 – December 9, 2019

CVE ID Allocation Service Specification

Specification for the CVE ID Allocation Service developed by the CVE Automation Working Group (AWG). Version 1.0 – February 12, 2019

AWG Charter

This document provides information about the CVE Automation Working Group (AWG) including its goals, operating principles, and objectives. Version 1.0 – May 29, 2018

SPWG Repositories & Projects

Repositories and projects developed by the CVE Strategic Planning Working Group (SPWG).

AWG Repositories & Projects

Repositories and projects developed by the CVE Automation Working Group (AWG).

CVE Board Documents

CVE Board Charter

This document provides information about the CVE Board and how it functions, including Board structure, membership, and operations. A member nomination form is also included. Version 3.0 – November 22, 2019

Presentations & More

CVE Compatibility Guidelines (White Paper)

This white paper provides detailed guidelines for making cybersecurity product(s) or service(s) compatible with CVE. September 29, 2017

CVE IDs and How to Get Them (Presentation)

This briefing was presented at the “Wall of Sheep” by the CVE Team at DEF CON 25 in Las Vegas, Nevada, USA. July 28, 2017

Archived Documents

Documents listed on this archive page are no longer current, and are retained on the CVE website for historical purposes only.

Page Last Updated or Reviewed: December 12, 2019