CVE-CWE-CAPEC Relationships

CVE, CWE, and CAPEC are community-driven standardization projects addressing common needs among IT and cybersecurity professionals.

Common Vulnerabilities and Exposures (CVE®)

Contact: CVE Request Web Form (select “Other” from dropdown)

CVE provides a list of common identifiers for publicly known cybersecurity vulnerabilities called “CVE Records” that are assigned by CVE Numbering Authorities from around the world and are used by individuals and within products to enhance security and enable automated data exchange.

Common Weakness Enumeration (CWE™)


Based in part on the CVE List, CWE is a community-developed list of common software and hardware security weaknesses that serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

Common Attack Pattern Enumeration and Classification (CAPEC™)


Developed by leveraging CWE and CVE, CAPEC is a comprehensive dictionary and classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.

Page Last Updated or Reviewed: December 22, 2020