|
|||||
Power user
shortcuts:
CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
New users, follow these steps to request CVE IDs:
For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.
CNAs are listed alphabetically:
Product, Vendor, or Product Category Name | Scope | CNA Contact Email and/or Webpage (if applicable) |
CNA Type* |
MITRE Corporation | All vulnerabilities not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA |
Distributed Weakness Filing Project | Any open source software issues not already covered by the Program Root CNA or another CNA |
https://iwantacve.org/
DWF GitHub page |
Root CNA
Vendors and Projects |
Adobe Systems Incorporated | Adobe issues only | psirt@adobe.com Adobe security page | Vendors and Projects |
Airbus | All Airbus products as well as vulnerabilities in third-party software discovered by Airbus that are not covered by another CNA | cert@airbus.com | Vulnerability Researchers |
Alibaba, Inc. | Projects listed on its Alibaba GitHub website only | alibaba-cna@list.alibaba-inc.com
Alibaba website Alibaba GitHub website |
Vendors and Projects |
Android (associated with Google Inc. or Open Handset Alliance) | Android issues only | security@android.com
Android security page |
Vendors and Projects |
Apache Software Foundation | All Apache Software Foundation issues | security@apache.org Apache security page | Vendors and Projects |
Apple Inc. | Apple issues only | product-security@apple.com Apple security page | Vendors and Projects |
Appthority | All Appthority products, as well as vulnerabilities in third-party software discovered by Appthority that are not covered by another CNA | security@appthority.com
Appthority Disclosure Policy Appthority Advisories | Vendors and Projects |
Atlassian | All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ | security@atlassian.com | Vendors and Projects |
Autodesk | All currently supported Autodesk Applications and Cloud Services | psirt@autodesk.com | Vendors and Projects |
Avaya, Inc. | All Avaya products | securityalerts@avaya.com
Avaya Disclosure Policy Avaya Advisories | Vendors and Projects |
BlackBerry | BlackBerry and Good product issues only | secure@blackberry.com Blackberry security page | Vendors and Projects |
Booz Allen Hamilton, Inc. | All Booz Allen Hamilton products as well as vulnerabilities in third-party software discovered by Booz Allen Hamilton that are not covered by another CNA | cve@bah.com | Vendors and Projects |
Brocade Communications Systems, LLC | Brocade products only | brocade.sirt@broadcom.com Brocade security page | Vendors and Projects |
Canonical Ltd. | All Canonical issues (including Ubuntu Linux) only | security@ubuntu.com Ubuntu security page | Vendors and Projects |
CA Technologies - A Broadcom Company | CA Technologies issues only | vuln@ca.com CA security page | Vendors and Projects |
CERT/CC | Vulnerability assignment related to its vulnerability coordination role | cert@cert.org CERT/CC contact page | National and Industry CERTs |
Check Point Software Technologies Ltd. | Check Point Security Gateways product line only | cve@checkpoint.com | Vendors and Projects |
Cisco Systems, Inc. | Cisco issues only | psirt@cisco.com Cisco security page | Vendors and Projects |
Cloudflare, Inc. | All Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not covered by another CNA | cna@cloudflare.com
Cloudflare Disclosure Policy Cloudflare Advisories |
Vendors and Projects |
CyberSecurity Philippines - CERT | Vulnerability assignment related to its vulnerability coordination role that are not covered by another CNA | vulnerability@cspcert.ph
CyberSecurity Philippines - CERT Disclosure Policy CyberSecurity Philippines - CERT Advisories | National and Industry CERTs |
Dahua Technologies | Dahua issues only | cybersecurity@dahuatech.com Dahua security page | Vendors and Projects |
Debian GNU/Linux | Debian issues only | security@debian.org Debian security page | Vendors and Projects |
Dell | Dell, Dell EMC, RSA, Pivotal, and VCE issues only | secure@dell.com Dell security page | Vendors and Projects |
Distributed Weakness Filing Project | Any open source software issues not already covered by the Program Root CNA or another CNA |
https://iwantacve.org/
DWF GitHub page | Root CNA
Vendors and Projects |
Drupal.org | All projects hosted under drupal.org only | security@drupal.org Drupal security advisories page | Vendors and Projects |
Duo Security, Inc. | All Duo products and any third-party research targets that are not already in another CNA's scope | security@duo.com | Vulnerability Researchers |
Eclipse Foundation | Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only | security@eclipse.org Eclipse security page | Vendors and Projects |
Elastic | Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only | security@elastic.co Elastic security page | Vendors and Projects |
F5 Networks | F5 issues only | f5sirt@f5.com | Vendors and Projects |
Facebook, Inc. | Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not covered by another CNA; see: https://www.facebook.com/whitehat and https://github.com/facebook/ | Facebook security page | Vendors and Projects |
Flexera Software LLC | All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA | PSIRT-CNA@flexerasoftware.com | Vendors and Projects |
Forcepoint | Forcepoint products only | psirt@forcepoint.com Forcepoint security page | Vendors and Projects |
Fortinet, Inc. | Fortinet issues only | psirt@fortinet.com | Vendors and Projects |
FreeBSD | Primarily FreeBSD issues only | secteam@freebsd.org | Vendors and Projects |
Google Inc. | Chrome and Chrome OS issues only | Report vulnerabilities: security@chromium.org Questions about Google’s CVE Entries: chrome-cve-admin@google.com Google app security page |
Vendors and Projects |
HackerOne | Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform | support@hackerone.com HackerOne contact page | Bug Bounty Programs |
Hangzhou Hikvision Digital Technology Co., Ltd. | All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) | hsrc@hikvision.com | Vendors and Projects |
Hewlett Packard Enterprise (HPE) | HPE issues only | security-alert@hpe.com | Vendors and Projects |
Hillstone Networks, Inc. | All Hillstone products only |
wjxu@hillstonenet.com
Hillstone Disclosure Policy Hillstone Advisories | Vendors and Projects |
HP Inc. | HP Inc. issues only | hp-security-alert@hp.com | Vendors and Projects |
Huawei Technologies | Huawei issues only | psirt@huawei.com Huawei security page | Vendors and Projects |
IBM Corporation | All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not covered by another CNA | psirt@us.ibm.com | Vendors and Projects |
ICS-CERT | Infrastructure sector control systems | ics-cert@hq.dhs.gov | National and Industry CERTs |
Intel Corporation | Intel branded products and technologies and Intel managed open source projects | secure@intel.com Intel security page | Vendors and Projects |
Internet Systems Consortium (ISC) | All ISC.org projects | security-officer@isc.org ISC report a bug page | Vendors and Projects |
Johnson Controls | Johnson Controls products only | productsecurity@jci.com
Johnson Controls Disclosure Policy Johnson Controls Advisories | Vendors and Projects |
JPCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vultures@jpcert.or.jp JPCERT/CC contact page | Root CNA
National and Industry CERTs |
Juniper Networks, Inc. | Juniper issues only | sirt@juniper.net Juniper security page | Vendors and Projects |
Kaspersky Labs | Kaspersky B2C and B2B products as well as vulnerabilities discovered in third-party software not covered by another CNA | vulnerability@kaspersky.com | Vulnerability Researchers |
KrCERT/CC | Vulnerability assignment related to its vulnerability coordination role | vuln@krcert.or.kr | National and Industry CERTs |
Larry Cashdollar | Third-party products he researches | larry0@me.com | Vulnerability Researchers |
Lenovo Group Ltd. | Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only | psirt@lenovo.com | Vendors and Projects |
MarkLogic Corporation | MarkLogic issues only | security@marklogic.com | Vendors and Projects |
McAfee | McAfee issues only | psirt@mcafee.com | Vendors and Projects |
Micro Focus International | All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, Serena, and SUSE products, as well as all former HP Enterprise software suites | security@suse.com Micro Focus security page | Vendors and Projects |
Microsoft Corporation | Microsoft issues only | secure@microsoft.com
Microsoft security page |
Vendors and Projects |
MITRE Corporation | All vulnerabilities not already covered by a CNA listed on this page | MITRE CVE Request web form | Program Root CNA |
MongoDB, Inc. | MongoDB products only | product.security@mongodb.com
MongoDB Disclosure Policy MongoDB Advisories | Vendors and Projects |
Mozilla Corporation | Mozilla issues only | security@mozilla.org Mozilla security page | Vendors and Projects |
Naver Corporation | Naver products only, except Line products | cve@navercorp.com
Naver Disclosure Policy Naver Advisories | Vendors and Projects |
NetApp, Inc. | All NetApp products as well as projects hosted on https://github.com/netapp | security-alert@netapp.com NetApp security page | Vendors and Projects |
Netflix, Inc. | Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker | security-report@netflix.com | Vendors and Projects |
Netgear, Inc. | Netgear issues only | security@netgear.com Netgear security page | Vendors and Projects |
Node.js | All actively developed versions of software developed under the Node.js project on https://github.com/nodejs | cve-request@iojs.org Node.js security page | Vendors and Projects |
NVIDIA Corporation | NVIDIA issues only | psirt@nvidia.com NVIDIA security page | Vendors and Projects |
Objective Development Software GmbH | Objective Development issues only | Objective Development security page | Vendors and Projects |
Odoo | Odoo issues only | security@odoo.com
Odoo Disclosure Policy Odoo Advisories | Vendors and Projects |
OpenSSL Software Foundation | OpenSSL software projects only | openssl-security@openssl.org OpenSSL contact web page | Vendors and Projects |
Oracle | Oracle Premier and Extended Support product versions per Oracle’s Lifetime Support Policy | secalert_us@oracle.com Oracle security page | Vendors and Projects |
Palo Alto Networks, Inc. | All Palo Alto Networks products |
psirt@paloaltonetworks.com
Palo Alto Networks Disclosure Policy Palo Alto Networks Advisories | Vendors and Projects |
Puppet | All Puppet products, as well as all projects on https://github.com/puppetlabs | security@puppet.com Puppet security page | Vendors and Projects |
QNAP Systems, Inc. | QNAP QTS, QES, and QVR products as well as its mobile apps and utilities | security@qnap.com | Vendors and Projects |
Qualcomm, Inc. | Qualcomm and Snapdragon issues only | product-security@qualcomm.com | Vendors and Projects |
Rapid7, Inc. | All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA | cve@rapid7.com Rapid7 security page | Vulnerability Researchers |
Red Hat, Inc. | Linux issues only | secalert@redhat.com Red Hat security page | Vendors and Projects |
Riverbed Technology, Inc. | Riverbed products only | product-security@riverbed.com | Vendors and Projects |
SAP SE | All SAP products | cna@sap.com | Vendors and Projects |
Schneider Electric SE | All Schneider Electric products, including Proface, Pelco, APC, and Eurotherm | cybersecurity@se.com Schneider Electric security page | Vendors and Projects |
Siemens AG | Siemens issues only | productcert@siemens.com Siemens security page | Vendors and Projects |
SonicWALL, Inc. | SonicWALL issues only | PSIRT@sonicwall.com
SonicWALL Disclosure Policy SonicWALL Advisories | Vendors and Projects |
Symantec Corporation | Symantec issues only | secure@symantec.com Symantec security page | Vendors and Projects |
Synology Inc. | Synology issues only | security@synology.com Synology security page | Vendors and Projects |
Talos | Third-party products it researches | talos-cna@cisco.com Talos web page | Vulnerability Researchers |
Tenable Network Security, Inc. | Tenable products and third-party products they research not covered by another CNA | vulnreport@tenable.com Tenable security page | Vendors and Projects |
360 Security Technology, Inc. | 360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 |
security@360.cn
360 Disclosure Policy 360 Advisories |
Vulnerability Researchers |
TIBCO Software Inc. | TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only | security@tibco.com | Vendors and Projects |
Trend Micro, Inc. | Trend Micro supported products and end-of-life products issues only | security@trendmicro.com Trend Micro security page | Vendors and Projects |
TWCERT/CC | Vulnerability assignment related to its vulnerability coordination role |
cve@cert.org.tw
Chinese: TWCERT/CC Disclosure Policy TWCERT/CC Advisories English: TWCERT/CC Disclosure Policy TWCERT/CC Advisories |
National and Industry CERTs |
VMware | VMware issues only | security@vmware.com | Vendors and Projects |
Yandex N.V. | Yandex issues only | browser-security@yandex-team.ru | Vendors and Projects |
Zephyr Project | Zephyr project components and vulnerabilities that are not covered by another CNA | vulnerabilities@zephyrproject.org | Vendors and Projects |
Zero Day Initiative | Products and projects covered by its bug bounty programs not already covered by another CNA | zdi-disclosures@trendmicro.com ZDI contact page | Bug Bounty Programs |
ZTE Corporation | ZTE products only | psirt@zte.com.cn | Vendors and Projects |
* Key for CNA Types:
Please use our CVE Request web form to request CVE IDs directly from the CVE Program Root CNA (currently MITRE). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.
View our web form help.
Key ID: 7C2D8720 Fingerprint: 9C98 A172 9BE8 01B2 FF6D 14BA 7496 C064 7C2D 8720 Key size: 4096 Public key: Click to download
NOTE: PGP key updated March 2018
For questions, or assistance about how to use the information on this page, please contact us.