Request a CVE Identifier

CVE Identifier number reservation allows researchers and vendors to include CVE Identifier numbers — also called CVE-IDs and CVEs — in the initial public announcement of a vulnerability, and ensures that the CVE Identifier number is instantly available to all CVE users and makes it easier to track vulnerabilities over time. The methods by which researchers may request CVE Identifier number(s) are described below.

Main Methods

Contact one of the officially recognized CVE Numbering Authorities (CNAs), which will then include a CVE Identifier number in its initial public announcement about your new vulnerability.

Or, contact an emergency response team such as CERT/CC, etc., post the information to mailing lists such as Bugtraq, or provide the information to a vulnerability analysis team.

Alternative Method

If you are unable to obtain a CVE Identifier number via the main methods above, you may request a CVE Identifier number directly from the CVE project. To reserve a CVE Identifier number before publicizing a new vulnerability, vulnerability researchers may contact and we will provide you with our "CVE-ID Reservation Guidelines for Researchers" document. We will then work with you to assign a CVE Identifier number for the issue while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.

A PGP key is available for encrypted communications:
Fingerprint: 9F4D 81B7 60E2 20D7 8A86 FE9F A965 5407 AF9A F9AC
Key size: 2048
NOTE: PGP key updated September 2013
Page Last Updated: February 12, 2015