CVE List▾ CVE List Search Search Tips CVE Request Web Form Web Form Help PGP Key Terms of Use        CNAs▾ CVE Numbering Authorities (CNAs) How to Become a CNA         WGs▾ CVE Working Groups         Board▾ CVE Board Meeting Archives Email Archives         About▾ About CVE       News▾ News, Blogs & Podcasts
Search CVE List         Downloads         Data Feeds         Update a CVE Record         Request CVE IDs
TOTAL CVE Records: 240830 NOTICE: Transition to the all-new CVE website at WWW.CVE.ORG and CVE Record Format JSON are underway. NOTICE: Support for the legacy CVE download formats ended on June 30, 2024. New CVE List download format is available now on CVE.ORG.



News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

The CVE Board held a teleconference meeting on December 16, 2020. Read the meeting minutes.

Coalfire Labs is now a CVE Numbering Authority (CNA) for all CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope. Coalfire Labs’ Root CNA is the MITRE Top-Level Root CNA. Read the Coalfire Labs news release.

To date, 149 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In his article on the CVE Blog, CVE community member Milind Kulkarni of CVE Numbering Authority (CNA) NVIDIA discusses the benefits of leveraging the CVE Program for vulnerability disclosure practices in “Our CVE Story: Using the CVE Program to Provide Reliable Vulnerability Information.”

The CVE Board held a teleconference meeting on December 2, 2020. Read the meeting minutes.

UPDATE: Infrastructure upgrades on the CVE website were completed, and normal operations resumed, on December 10, 2020 at 11:00 p.m. (EST). We apologize for any inconvenience. Please contact us with any comments or concerns.

The CVE Program is upgrading the infrastructure used to add CVE List content to the CVE website. As a result, from 6:00 a.m. through 11:00 p.m. (EST) on December 10, 2020 any data that is updated daily on a periodic basis (e.g., CVE List, @CVEnew tweets, download files) will not be updated. Normal operations are scheduled to resume on December 10, 2020 at 11:00 p.m. (EST).

Previously published CVE List content on the CVE website will remain accessible, as will all other website content, during the upgrades. In addition, submissions via the CVE Request Web Form and GitHub (CVE Numbering Authorities (CNAs)-only) may still be made during this time but will processed once the upgrade is completed.

This announcement was also posted to Twitter and LinkedIn.

JPCERT/CC posted a blog article on December 4, 2020 that explained its role as a Root CVE Numbering Authority (CNA) and announced Mitsubishi Electric and LINE Corporation as CNAs with JPCERT/CC as their Root CNA.

In addition to announcing that two organizations have joined the CVE Program as CNAs, JPCERT/CC also encouraged other organizations in Japan to participate: “As a CNA, JPCERT/CC assigns CVE IDs to reported vulnerabilities, when publishing the advisories on JVN. However, considering the nature of CVE IDs, it would be more natural for the product developers who can acknowledge and verify the vulnerabilities to assign CVE IDs on their own, than by the organizations who coordinate and publish vulnerability information. The involvement of the 2 new CNAs is welcome by the CVE Program, as vendors’ participation to the program as CNAs is highly encouraged … If you are interested in becoming a CNA or have any opinions on this topic, please contact us at vuls@jpcert.or.jp.”

Read the complete blog article in English or Japanese.

Mitsubishi Electric Corporation is now a CVE Numbering Authority (CNA) for Mitsubishi Electric issues only. Mitsubishi Electric’s Root CNA is the JPCERT/CC Root CNA.

To date, 148 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

LINE Corporation is now a CVE Numbering Authority (CNA) for current versions of LINE Messenger Application for iOS, Android, Mac, and Windows, plus LINE Open Source projects hosted on https://github.com/line. LINE’s Root CNA is the JPCERT/CC Root CNA.

To date, 147 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Program has new logo! As a reminder, the new CVE logo was chosen by the community in a contest held earlier this year.

The new CVE logo will be rolled out across all of our communications materials in the coming weeks. Please contact us with any comments or concerns.

The CVE Board held a teleconference meeting on November 18, 2020. Read the meeting minutes.

Secomea A/S is now a CVE Numbering Authority (CNA) for supported Secomea products only. Secomea’s Root CNA is the CISA ICS Top-Level Root CNA.

To date, 146 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The Joomla! Project is now a CVE Numbering Authority (CNA) for core Joomla! CMS, the Joomla Framework, and Joomla! Extensions issues only. The Joomla! Project’s Root CNA is the MITRE Top-Level Root CNA.

To date, 145 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In his article on the CVE Blog, CVE community member GS McNamara of CVE Numbering Authority (CNA) Forcepoint discusses the many benefits of participating in the CVE Program in “Our CVE Story: The Gift of CVE.”

The CVE Board held a teleconference meeting on November 4, 2020. Read the meeting minutes.

WhiteSource is now a CVE Numbering Authority (CNA) for vulnerabilities in its own products and vulnerabilities in third-party software discovered by WhiteSource that are not in another CNA’s scope. WhiteSource’s Root CNA is the MITRE Top-Level Root CNA.

To date, 144 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Cyber Security Works Pvt. Ltd. (CSW) is now a CVE Numbering Authority (CNA) for vulnerabilities in third-party software discovered by CSW that are not in another CNA’s scope. Cyber Security Work’s Root CNA is the MITRE Top-Level Root CNA.

To date, 143 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on October 28, 2020. Read the meeting minutes.

NLnet Labs is now a CVE Numbering Authority (CNA) for all NLnet Labs projects. NLnet Labs’s Root CNA is the MITRE Top-Level Root CNA.

To date, 142 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Logitech is now a CVE Numbering Authority (CNA) for all current products/software/apps made by Logitech, Ultimate Ears, Jaybird, Streamlabs, Logitech G, Logicool, Blue, and Astro Gaming. Logitech’s Root CNA is the MITRE Top-Level Root CNA.

To date, 141 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In his article on the CVE Blog, CVE Quality Working Group Co-Chair Chandan Nandakumaraiah discusses how and why CVE Numbering Authority (CNA) Palo Alto Networks decided to use only CVE IDs in its security advisories in “Our CVE Story: CVE IDs for Simplifying Vulnerability Communications.”

The CVE Board held a teleconference meeting on October 14, 2020. Read the meeting minutes.

CVE Blog articles posted on the CVE website will also now be posted on the CVE Blog on Medium for easier commenting and sharing of posts.

CVE Blog articles co-posted on Medium to date:

We encourage you to engage with us on these and future posts. Please contact us with any suggestions for future blog topics. We look forward to hearing from you!

The CVE Board held a teleconference meeting on September 30, 2020. Read the meeting minutes.

Jessica Colvin of JPMorgan Chase has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

In her article on the CVE Blog, CVE Board Member Lisa Olson discusses how Microsoft has partnered with the CVE Program as a CVE Numbering Authority (CNA) since the very beginnings of CVE more than 20 years ago in “Our CVE Story: Ancient History of the CVE Program – Did the Microsoft Security Response Center have Precognition?.”

TianoCore.org is now a CVE Numbering Authority (CNA) for software vulnerabilities related to the TianoCore Open Source. TianoCore.org’s Root CNA is the MITRE Top-Level Root CNA.

To date, 140 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Crafter CMS is now a CVE Numbering Authority (CNA) for Crafter CMS issues only. Crafter CMS’s Root CNA is the MITRE Top-Level Root CNA.

To date, 139 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Mattermost, Inc. is now a CVE Numbering Authority (CNA) for all Mattermost issues, and vulnerabilities discovered by Mattermost that are not in another CNA’s scope. Mattermost’s Root CNA is the MITRE Top-Level Root CNA. Read the Mattermost news release.

To date, 138 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) is now a Top-Level Root CVE Numbering Authority (CNA) for ICS and medical devices.

“CNAs” are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. A “Top-Level Root CNA” manages a group of CNAs within a given domain or community and may assign CVE IDs to vulnerabilities. As the Top-Level Root for ICS and medical devices, CISA ICS is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CNAs under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope.

Read the CVE Program news release or see our “CVE Program Partners with Cybersecurity & Infrastructure Security Agency to Protect Industrial Control Systems and Medical Devices” blog post for additional information.

To date, 137 organizations from 24 countries participate in the CVE Program as CNAs, and of these 3 are Root CNAs. To request a CVE ID number from a CNA, visit Request a CVE ID.

Below is a partial list of news media articles about the announcement as of October 1, 2020:

Nozomi Networks Inc. is now a CVE Numbering Authority (CNA) for all Nozomi Networks products, as well as vulnerabilities in third-party software discovered by Nozomi Networks that are not in another CNA’s scope. Read the Nozomi Networks news release.

To date, 137 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on August 19, 2020. Read the meeting minutes.

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.3, which adds two additional sections: Section 1.3.2 CVE Program Secretariat and Section 2.12 Executive Sessions.

Electronic Arts, Inc. is now a CVE Numbering Authority (CNA) for EA issues only.

To date, 136 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In his article on the CVE Blog, CVE Board Member Tod Beardsley discusses how Rapid7 partnered with the CVE Program as a CVE Numbering Authority (CNA) in “Our CVE Story: Rapid7.”

The CVE Board held a teleconference meeting on August 5, 2020. Read the meeting minutes.

F-Secure is now a CVE Numbering Authority (CNA) for all F-Secure products and security vulnerabilities discovered by F-Secure in third-party software not in another CNA’s scope. Read F-Secure’s news release.

To date, 135 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

VDOO Connected Trust Ltd. is now a CVE Numbering Authority (CNA) for all VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope.

To date, 134 organizations from 23 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on July 22, 2020. Read the meeting minutes.

Gallagher Group Ltd. is now a CVE Numbering Authority (CNA) for all Gallagher security products only. Read Gallagher’s news release.

To date, 133 organizations from 23 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Replicated, Inc. is now a CVE Numbering Authority (CNA) for Replicated products and services only.

To date, 132 organizations from 22 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on July 8, 2020. Read the meeting minutes.

Zabbix LLC is now a CVE Numbering Authority (CNA) for Zabbix products and Zabbix projects listed on https://git.zabbix.com/ only.

To date, 131 organizations from 22 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Synaptics, Inc. is now a CVE Numbering Authority (CNA) for Synaptics issues only.

To date, 130 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Thank you to JPCERT/CC for providing Japanese translations of our CVE Numbering Authority (CNA) Program onboarding slides for new CNAs: CVE Program Overview, Becoming a CNA, CNA Processes, Assigning CVE IDs, CVE Entry Creation, and CVE Entry Submission Process.

Please visit CNA Onboarding Slides & Videos for English versions of the slides and videos.

To learn more about the CNA Program, and the business benefits of becoming a CNA, visit Why Become a CNA?

The CVE Board held a teleconference meeting on June 24, 2020. Read the meeting minutes.

openEuler is now a CVE Numbering Authority (CNA) for openEuler issues only.

To date, 129 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

In her article on the CVE Blog, CVE Board Member Shannon Sabens of Zero Day Initiative (ZDI)/Trend Micro discusses “Our CVE Story: Bringing Our ZDI Community to the CVE Community.”

The CVE Board held a teleconference meeting on June 10, 2020. Read the meeting minutes.

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.2, which adds one additional section: Section 2.15 Charter Exceptions.

The CVE Board held a teleconference meeting on May 27, 2020. Read the meeting minutes.

Xiaomi Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Xiaomi issues only.

To date, 128 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Maintenance for the CVE Website and CVE Request Web Form was completed on May 23, 2020. The CVE Main Website and CVE Request Web Form were temporarily unavailable at times from 7:00 p.m. on Thursday, May 21, 2020 until 10:00 p.m. EDT on Saturday, May 23, 2020. This announcement was also posted to Twitter and LinkedIn.

We apologize for any inconvenience. Please contact us with any comments or concerns.

GitLab Inc. is now a CVE Numbering Authority (CNA) for the GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope. Read GitLab’s news release.

To date, 127 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Please see the updated notice for the most recent information.

Jay Gazlay of U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

OpenVPN Inc. is now a CVE Numbering Authority (CNA) for all products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel.

To date, 126 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on May 13, 2020. Read the meeting minutes.

NortonLifeLock Inc. is now a CVE Numbering Authority (CNA) for NortonLifeLock products only.

To date, 125 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times, and confirmation emails may be delayed, from 6:00 p.m. Eastern time on Friday, May 15, 2020 until 6:00 p.m. Eastern time on Saturday, May 16, 2020. Any delayed confirmation emails will be sent once the upgrade is completed.

The 123 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

CVE Entries are used to identify the vulnerabilities cited in the “Top 10 Routinely Exploited Vulnerabilities” list released on May 12, 2020 by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA sponsors the CVE Program.

The list was created to “advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors. [The list] provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)[1]—to help organizations reduce the risk of these foreign threats.”

The CVE Entries cited in the “Top 10 Routinely Exploited Vulnerabilities” are:

• CVE-2017-11882
• CVE-2017-0199
• CVE-2017-5638
• CVE-2012-0158
• CVE-2019-0604
• CVE-2017-0143
• CVE-2018-4878
• CVE-2017-8759
• CVE-2015-1641
• CVE-2018-7600

The report also includes “indicators of compromise (IOCs) and additional guidance associated with the CVEs” in a Mitigations section of the document.

Visit “CISA Alert (AA20-133A): Top 10 Routinely Exploited Vulnerabilities” for detailed information.

Sierra Wireless Inc. is now a CVE Numbering Authority (CNA) for Sierra Wireless products only.

To date, 124 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Teradici Corporation is now a CVE Numbering Authority (CNA) for Teradici issues only.

To date, 123 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Advanced Micro Devices, Inc. (AMD) is now a CVE Numbering Authority (CNA) for AMD branded products and technologies only.

To date, 122 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Pegasystems, Inc. is now a CVE Numbering Authority (CNA) for Pegasystems products only.

To date, 121 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on April 29, 2020. Read the meeting minutes.

Silver Peak Systems, Inc. is now a CVE Numbering Authority (CNA) for Silver Peak product issues only.

To date, 120 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.1, which adds two additional sections about CVE Working Groups: Section 2.13 Disbanding or Pausing Working Groups and Section 2.14 Guidelines.

CERT@VDE is now a CVE Numbering Authority (CNA) for Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO products, as well as industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability.

To date, 119 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on April 15, 2020. Read the meeting minutes.

The CVE Board held a teleconference meeting on April 1, 2020. Read the meeting minutes.

Zscaler, Inc. is now a CVE Numbering Authority (CNA) for Zscaler issues only.

To date, 118 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Vivo Mobile Communication Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Vivo issues only.

To date, 117 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Program is now on YouTube!

Our new CVE Program Channel on YouTube currently includes two playlists: “CVE Basics” with introductory videos for all audiences, and “CNA Onboarding Guidance” with several videos of detailed processes and procedures guidance for organizations that have signed on to participate as official CVE Numbering Authorities (CNAs).

You can watch the videos and download the slides to follow along here on the CVE website, or you can watch directly on YouTube. Please check out the videos and let us know what you think by commenting on YouTube. We look forward to hearing from you!

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times from 7:30 a.m. until 9:30 a.m. Eastern time on Tuesday, March 31, 2020.

The 115 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

The CVE Board held a teleconference meeting on March 18, 2020. Read the meeting minutes.

GitHub, Inc. (Products Only) is now a CVE Numbering Authority (CNA) for GitHub Enterprise Server issues only. GitHub, Inc. is also a CNA for libraries and products hosted on github.com in a public repository. Read the GitHub (Products Only) announcement.

To date, 116 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Program is extremely happy to announce the winner of our CVE logo contest!

The contest began in January 2020, with 38 designers providing 260 initial design concepts, from which the CVE Outreach and Communications Working Group (OCWG) selected 8 finalists for the community to vote upon. The contest ran for two weeks, and one logo design by graphic designer Joe Abelgas received the most votes.

We are excited to announce that our new CVE logo is:

The new logo will be rolled out on the website, social media accounts, and in our other communications materials over the next few months. Thank you again to everyone in the CVE Community who voted to help us choose our new CVE logo; we really appreciate it!

The CVE Numbering Authorities (CNA) Rules, Version 3.0 document is now available on the CVE website. For details, please see our March 5, 2020 blog post: “CNA Rules, Version 3.0 Now in Effect”.

The CVE Program would like to thank the CVE Community for helping us choose a new CVE logo.

The poll closed at 12:00 a.m. EST on Friday, February 28, 2020. Votes are currently being tallied, and the winner of the contest will be determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

Please contact us with any comments or concerns.

The CVE Board held a teleconference meeting on February 19, 2020. Read the meeting minutes.

Members of the CVE Team will be at RSA Conference 2020 at the Moscone Center in San Francisco, California, USA on February 24-28, 2020. Please look for us on the show floor and say hello. We look forward to seeing you!

Ampere Computing is now a CVE Numbering Authority (CNA) for Ampere issues only.

To date, 115 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Program would like the CVE Community to help us choose a new CVE logo!

The CVE Outreach and Communications Working Group (OCWG) officially launched the CVE logo contest on January 29, 2020. We received over 260 logo design concepts and the OCWG down selected to eight logo design finalists.

There are eight logo options to vote on via our CVE Logo Poll on 99 Designs. The winner of the contest is determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

How to Vote

1. Visit https://99designs.com/contests/poll/aa730ecca6.
2. Vote for one or more logo designs by awarding each logo between 0-5 stars (0 is lowest and 5 highest).
3. Add a Comment about each logo (optional).
4. Enter your name and email address and click Submit.

Voting opens at 12:00 p.m. EST on Thursday, February 13, 2020, and closes at 12:00 a.m. EST on Friday, February 28, 2020 (updated from February 21). Participation is free.

Thank you for participating! Please contact us with any comments or concerns.

The CVE Board held a teleconference meeting on February 5, 2020. Read the meeting minutes.

Google LLC is now a CVE Numbering Authority (CNA) for Google products that are not covered by Android and Chrome only. Android and Chrome are also CNAs.

To date, 114 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Alias Robotics S.L. is now a CVE Numbering Authority (CNA) for all Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope.

To date, 113 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on January 22, 2020. Read the meeting minutes.

Tcpdump Group is now a CVE Numbering Authority (CNA) for Tcpdump and Libpcap only.

To date, 112 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Spanish National Cybersecurity Institute, S.A. (INCIBE) is now a CVE Numbering Authority (CNA) for vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level.

To date, 111 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Cybellum Technologies LTD is now a CVE Numbering Authority (CNA) for all Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope. Read Cybellum’s news release.

To date, 110 organizations from 20 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The CVE Board held a teleconference meeting on January 8, 2020. Read the meeting minutes.