New Method to Request CVE IDs, Updates, and More from MITRE in Effect
Beginning August 29, 2016, anyone requesting a CVE ID from MITRE, requesting an update to a CVE, providing notification about a vulnerability publication, or submitting comments will do so by submitting a “CVE Request” web form. The previous practice of submitting requests via email has been discontinued.

The new CVE Request web form will make it easier for requestors to know what information to include in their initial request, and will enhance MITRE's ability to respond to those requests in a timely manner. User instructions will be available on the website and on the form itself. View the web form guidance for more information. Upon completion of the form, the requestor will receive an immediate web acknowledgement that their form was submitted successfully, and an email confirmation which will include a reference number.

Contacting a CVE Numbering Authority (CNA) continues to be the first method that should be used when requesting a CVE ID related to a CNA’s products.

Please send any comments or concerns to

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Widespread Use of CVE
Focus On

CVE Numbering Authorities (CNAs)

CNAs are the main method for requesting a CVE-ID number.

CNAs are major OS vendors, security researchers, and research organizations that assign CVE-IDs to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE-ID numbers in the first public disclosure of the vulnerabilities.

The following 25 organizations currently participate as CNAs: Adobe; Apple; Attachmate; BlackBerry; CERT/CC; Cisco; Debian GNU/Linux; Distributed Weakness Filing Project; EMC; FreeBSD; Google; HP; HPE; IBM; ICS-CERT; JPCERT/CC; Juniper; Microsoft; MITRE (primary CNA); Mozilla; Oracle; Red Hat; Silicon Graphics; Symantec; and Ubuntu Linux.

A message about turnaround times for requesting CVE-ID numbers from MITRE is posted above. For more information about requesting CVE-ID numbers from CNAs, visit the CVE Numbering Authorities page.

Page Last Updated: August 29, 2016