CVE® is a list of entries—each containing an identification number, a
description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

CVE Entries are used in numerous cybersecurity products and services from around the world,
including the U.S. National Vulnerability Database (NVD).

CNAs World Map - November 2019

CVE Numbering Authorities (CNAs)

Totals CNAs: 105 | Total Countries: 18

CNAs include vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs.

CNAs are how the CVE List is built. Every CVE Entry added to the list is assigned by a CNA.

More News >>

Become a CNA to Assign Your Own CVE IDs

CVE Numbering Authorities, or “CNAs,” are organizations authorized to assign and populate CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope.

A CNA may be a software vendor, open source project, coordination center, bug bounty service provider, or research group.

CNAs are essential to the CVE Program’s success and every CVE Entry added to the CVE List is added by a CNA ...

Page Last Updated or Reviewed: November 12, 2019