Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage table below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name Scope CNA Contact Email and/or
Webpage (if applicable)
CNA Type*
MITRE Corporation All vulnerabilities not already listed on this page MITRE CVE Request web form Primary CNA
Adobe Systems Incorporated Adobe issues only psirt@adobe.com

Adobe security page
Software Vendor
Android (associated with Google Inc. or Open Handset Alliance) Android issues only security@android.com

Android security page
Software Vendor
Apache Software Foundation Apache Software and Apache HTTP Server issues only security@apache.org

Apache security page
Software Vendor
Apple Inc. Apple issues only product-security@apple.com

Apple security page
Software Vendor
Atlassian Atlassian issues only security@atlassian.com Software Vendor
BlackBerry BlackBerry and Good product issues only secure@blackberry.com

Blackberry security page
Software Vendor
Brocade Communications Systems, Inc. Brocade and Ruckus Wireless issues only sirt@brocade.com

Brocade security page
Software Vendor
CA Technologies CA Technologies issues only vuln@ca.com

CA security page
Software Vendor
CERT/CC Vulnerability assignment related to its vulnerability coordination role cert@cert.org

CERT/CC contact page
Third-Party Coordinator
Check Point Software Technologies Ltd. Check Point Security Gateways product line only cve@checkpoint.com Software Vendor
Cisco Systems, Inc. Cisco issues only cve_assign@cisco.com

Cisco security page
Software Vendor
Dahua Technologies Dahua issues only cybersecurity@dahuatech.com

Dahua security page
Software Vendor
Debian GNU/Linux Debian issues only security@debian.org

Debian security page
Software Vendor
Dell EMC Dell EMC, Dell, RSA, Pivotal, and VCE issues only security_alert@emc.com

Dell EMC security page
Software Vendor
Distributed Weakness Filing Project Open source software issues not already covered by MITRE or another CNA http://iwantacve.org/

DWF GitHub page
Third-Party Coordinator
Drupal.org All projects hosted under drupal.org only security@drupal.org

Drupal security advisories page
Software Vendor
Eclipse Foundation Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only security@eclipse.org

Eclipse security page
Software Vendor
Elastic Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only security@eclipse.org

Elastic security page
Software Vendor
F5 Networks F5 issues only f5sirt@f5.com Software Vendor
Flexera Software LLC All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA PSIRT-CNA@flexerasoftware.com Software Vendor
FreeBSD Primarily FreeBSD issues only secteam@freebsd.org Software Vendor
Fortinet, Inc. Fortinet issues only psirt@fortinet.com Software Vendor
Google Inc. Chrome and Chrome OS issues only security@google.com

Google app security page
Software Vendor
HackerOne Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform support@hackerone.com

HackerOne contact page
Third-Party Coordinator
Hewlett Packard Enterprise (HPE) HPE issues only security-alert@hpe.com Software Vendor
HP Inc. HP Inc. issues only hp-security-alert@hp.com Software Vendor
Huawei Technologies Huawei issues only psirt@huawei.com

Huawei security page
Software Vendor
IBM Corporation IBM issues only psirt@us.ibm.com Software Vendor
ICS-CERT Infrastructure sector control systems ics-cert@hq.dhs.gov Third-Party Coordinator
Intel Corporation Intel issues only secure@intel.com

Intel security page
Software Vendor
Internet Systems Consortium (ISC) All ISC.org projects security-officer@isc.org

ISC report a bug page
Software Vendor
IOActive Third-party products it researches info@ioactive.com

IOActive contact page
Vulnerability Researcher
Juniper Networks, Inc. Juniper issues only sirt@juniper.net

Juniper security page
Software Vendor
JPCERT/CC Vulnerability assignment related to its vulnerability coordination role vultures@jpcert.or.jp

JPCERT/CC contact page
Third-Party Coordinator
KrCERT/CC Vulnerability assignment related to its vulnerability coordination role vuln@krcert.or.kr Third-Party Coordinator
Larry Cashdollar Third-party products he researches larry0@me.com Vulnerability Researcher
Lenovo Group Ltd. Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only psirt@lenovo.com Software Vendor
MarkLogic Corporation MarkLogic issues only security@marklogic.com Software Vendor
McAfee McAfee issues only psirt@mcafee.com Software Vendor
Micro Focus International Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only security@suse.com

Micro Foucus security page
Software Vendor
Microsoft Corporation Microsoft issues only secure@microsoft.com

Microsoft security page
Software Vendor
Mozilla Corporation Mozilla issues only security@mozilla.org

Mozilla security page
Software Vendor
Netflix, Inc. Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker only security-report@netflix.com Software Vendor
Netgear, Inc. Netgear issues only security@netgear.com

Netgear security page
Software Vendor
Nvidia Corporation Nvidia issues only psirt@nvidia.com Software Vendor
Objective Development Software GmbH Objective Development issues only Objective Development security page Software Vendor
OpenSSL Software Foundation OpenSSL software projects only openssl-security@openssl.org

OpenSSL contact web page
Software Vendor
Oracle Oracle issues only secalert_us@oracle.com

Oracle security page
Software Vendor
Puppet Puppet issues only security@puppet.com

Puppet security page
Software Vendor
Qihoo 360 Technology Co. Ltd. 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only security@360.cn

Qihoo 360 security page
Software Vendor
Qualcomm, Inc. Qualcomm and Snapdragon issues only product-security@qualcomm.com Software Vendor
Rapid7, Inc. All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA security@rapid7.com

Rapid7 security page
Vulnerability Researcher
Red Hat, Inc. Linux issues only secalert@redhat.com

Red Hat security page
Software Vendor
Schneider Electric SE Schneider Electric products only cybersecurity@schneider-electric.com

Schneider Electric security page
Software Vendor
Siemens AG Siemens issues only productcert@siemens.com

Siemens security page
Software Vendor
Silicon Graphics (SGI) SGI issues only security-info@sgi.com Software Vendor
Symantec Corporation Symantec issues only secure@symantec.com

Symantec security page
Software Vendor
Synology Inc. Synology issues including its network attached storage (NAS) products only security@synology.com

Synology security page
Software Vendor
Talos Third-party products it researches talos-cna@cisco.com

Talos web page
Vulnerability Researcher
TIBCO Software Inc. TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only security@tibco.com Software Vendor
Trend Micro, Inc. Trend Micro supported products and end-of-life products issues only security@trendmicro.com

Trend Micro security page
Software Vendor
Ubuntu/Linux (Canonical Ltd.) Ubuntu/Linux issues only security@ubuntu.com

Ubuntu security page
Software Vendor
VMware VMware issues only security@vmware.com Software Vendor
Yandex N.V. Yandex issues only browser-security@yandex-team.ru Software Vendor
Zero Day Initiative Products and projects covered by its bug bounty programs not already covered by another CNA zdi-disclosures@trendmicro.com

ZDI contact page
Third-Party Coordinator
ZTE Corporation ZTE products only psirt@zte.com.cn Software Vendor

* Key for CNA Types:

MITRE (Primary CNA) PGP Key

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: July 20, 2017