CVE Coverage Goals

CVE aspires to cover the software used most by enterprises, thus only the software products cited below are currently covered.

CVE's coverage goals are stated in terms of:

  1. Products Covered – for CVE IDs assigned by all CVE Numbering Authorities (CNAs), including MITRE as Primary CNA.
  2. Data Sources – used by MITRE only to assign CVE IDs as Primary CNA.

Products Covered

CVE covers only the products listed in the two tables below and open source software. For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

To request a CVE ID for a product listed on this page, contact the CNA listed for that product.

Product Name CNA Website Contact (if applicable) CNA Contact Email
Adobe Adobe Systems Incorporated psirt@adobe.com
Android (associated with Google or Open Handset Alliance) Google Inc. security@google.com
Apache Software Foundation and Apache HTTP Server Apache Software Foundation security@apache.org
Apple Apple Inc. product-security@apple.com
BlackBerry   secure@blackberry.com
Cisco Cisco Systems, Inc. cve_assign@cisco.com
Debian Debian GNU/Linux security@debian.org
EMC EMC Corporation security_alert@emc.com
FreeBSD   secteam@freebsd.org
Google Chrome Google Inc. security@google.com
Hewlett Packard Enterprise (HPE)   security-alert@hpe.com
HP Inc.   hp-security-alert@hp.com
IBM   psirt@us.ibm.com
Intel and McAfee Intel Corporation secure@intel.com
Juniper Juniper Networks, Inc. sirt@juniper.net
Microsoft Microsoft Corporation secure@microsoft.com
Novell Micro Focus International security@suse.com
Mozilla Mozilla Corporation security@mozilla.org
Oracle Oracle secalert_us@oracle.com
Red Hat Red Hat, Inc. secalert@redhat.com
Silicon Graphics (SGI)   security-info@sgi.com
SUSE Micro Focus International security@suse.com
Symantec Symantec Corporation secure@symantec.com
Ubuntu Ubuntu Linux security@ubuntu.com

MITRE is the CNA for all products listed below.

To contact MITRE, see Request a CVE ID.
Product Name
A10 Networks
Acer: PC Server/Desktop/Notebook product lines
Adtran
Agilent
AirWatch
Alcatel-Lucent
AMD
ARCserve
Arista Networks
Aruba Networks
ASUS: PC Server/Desktop/Notebook product lines
Atlassian
Avast
Avaya
b2evolution
Barracuda Networks
Bitdefender
Blue Coat
BMC
Borland
Brocade Communications Systems
CA Technologies
CentOS
certificate-transparency
Check Point: Security Gateways product line
Citrix
Cloudera
CMS Made Simple
CommuniGate Pro
Corel
CoreMedia CMS
Dart
Dell: Desktop/Notebook product lines
Dell: general-purpose computers and tablets, software for general-purpose operating systems, printers, enterprise storage and networking products
Dell: SonicWALL Network Security product line
django CMS
docSTAR eclipse
DokuWiki
Dotclear
DotCMS
DotNetNuke
Drupal
Duo Security
Ektron CMS
ESET
Exponent CMS
F5
Fedora
FirstSpirit
Fortinet
Fortinet: FortiGate product line
Foswiki
Foxit (foxitsoftware.com)
FreeSWITCH
F-Secure
Fujitsu: Desktop/Notebook product lines
Geeklog
Gentoo (Linux)
Good for Enterprise
Grails
Groovy
Hitachi Information Technology products
HTC
Huawei
iDirect
ikiwiki
ImpressPages
Internet Systems Consortium (ISC)
Invision Power Suite
Ipswitch
Joomla!
Kaspersky Lab
kernel.org: Linux kernel
knockoutjs.com Knockout
Lenovo: general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage and networking products
Lexmark
LG: mobile devices
LibreOffice
LibreSSL
Liferay
LiteSpeed Web Server
LogMeIn
Magento
McAfee (Intel)
MIT Kerberos
MobileIron
MODX
MoinMoin
Motorola Mobility: mobile devices
Movable Type
Mura CMS
MyBB
MySQL
NaviServer
NetApp
NetBSD
Nokia
Novius OS
Nvidia
OpenBSD
OpenLDAP
OpenSSH
OpenSSL
OpenStack
openSUSE
OpenText FirstClass
OpenXava
Open-Xchange
Opera
Palo Alto Networks
Panda Security
Perl
PHP
PhpWiki
Pivotal
PivotX
Play Framework
Plone
Pluck
PmWiki
polymer-project.org Polymer
PowerMTA
Pulse Secure (formerly Juniper Junos)
Python
RealNetworks
Resin
Ruby
Samba
Samsung: mobile devices
SAP
SAS
Scalix
SDL Tridion
Sendmail
Serendipity
SilverStripe
Sitecore Experience Platform
SolarWinds
Sophos
Splunk
Tenable Network Security
Tibco
Tiki
Trend Micro
TrueCrypt
TWiki
TYPO3
Ubiquiti Networks
Umbraco
vBulletin
VeraCrypt
Veritas Software
VMware
WatchGuard
WebKit
Webroot
Websense
WinZip
WordPress
Workshare
Xen
XOOPS
Zikula
Zimbra Collaboration Suite

Data Sources

The information in this section applies to CVE IDs assigned by MITRE only, functioning as the Primary CNA. In addition to responding to direct requests for CVE ID numbers, MITRE also monitors specific data sources to ascertain issues that should require the assignment of a CVE ID.

CVE separates data sources into two major groups:

  1. Full Coverage – For nearly all issues disclosed by the source that could be associated with a CVE entry, there will be an associated CVE entry, regardless of the criticality of the issue. Although a source is named as Full Coverage, we purposely use the phrasing "nearly all issues disclosed" to allow the flexibility to potentially postpone coverage of minor issues.
  2. Partial Coverage – The source will be actively monitored but issues will be processed and associated with CVE entries based on a variety of editorial judgments.

As a bridge to the product coverage goals (see Products Covered above), we further sub-divide both of these lists into two sub-lists:

NOTE: As Primary CNA, MITRE actively monitors many sources beyond this list. These sources include things like blogs from vulnerability researchers, conference proceedings, and media outlets. Monitoring this set of sources has proven to be productive for and informative to the CVE analysts. Which sources are of most utility is highly dependent on a given situation. As such, we don't believe it of general utility to list them all specifically.

MITRE's current lists of full-coverage and partial-coverage sources of data are included below.

Full Coverage Sources - Vendor Related

Full Coverage Sources - Other

Partial Coverage Sources - Vendor Related

Partial Coverage Sources - Other

Help

For questions, or assistance about how to use the information on this page, please contact cve@mitre.org.

Page Last Updated or Reviewed: September 20, 2016