Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage or MITRE coverage tables below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name Scope CNA Contact Email CNA Website Information (if applicable)
MITRE Corporation All vulnerabilities listed in the MITRE Coverage table below, plus all vulnerabilities not already listed on this page MITRE CVE Request web form https://cveform.mitre.org/
Adobe Systems Incorporated Adobe issues only psirt@adobe.com Adobe security page
Android (associated with Google Inc. or Open Handset Alliance) Android issues only security@android.com Android security page
Apache Software Foundation Apache Software and Apache HTTP Server issues only security@apache.org Apache security page
Apple Inc. Apple issues only product-security@apple.com Apple security page
BlackBerry BlackBerry issues only secure@blackberry.com N/A
Brocade Communications Systems, Inc. Brocade and Ruckus Wireless issues only sirt@brocade.com Brocade security page
CERT/CC Vulnerability assignment related to its vulnerability coordination role cert@cert.org CERT/CC contact page
Check Point Software Technologies Ltd. Check Point Security Gateways product line only cve@checkpoint.com N/A
Cisco Systems, Inc. Cisco issues only cve_assign@cisco.com Cisco security page
Debian GNU/Linux Debian issues only security@debian.org Debian security page
Dell EMC Dell EMC, Dell, RSA, Pivotal, and VCE issues only security_alert@emc.com Dell EMC security page
Distributed Weakness Filing Project Open source software issues not already covered by MITRE or another CNA http://iwantacve.org/ DWF GitHub page
Drupal.org All projects hosted under drupal.org only security@drupal.org Drupal security advisories page
Eclipse Foundation Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only security@eclipse.org Eclipse security page
Elastic Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only security@eclipse.org Elastic security page
F5 Networks F5 issues only f5sirt@f5.com N/A
Flexera Software LLC All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA PSIRT-CNA@flexerasoftware.com N/A
FreeBSD Primarily FreeBSD issues only secteam@freebsd.org N/A
Fortinet, Inc. Fortinet issues only psirt@fortinet.com N/A
Google Inc. Chrome and Chrome OS issues only security@google.com Google app security page
HackerOne Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform support@hackerone.com Hackerone contact page
Hewlett Packard Enterprise (HPE) HPE issues only security-alert@hpe.com N/A
HP Inc. HP Inc. issues only hp-security-alert@hp.com N/A
Huawei Technologies Huawei issues only psirt@huawei.com N/A
IBM Corporation IBM issues only psirt@us.ibm.com N/A
ICS-CERT Infrastructure sector control systems ics-cert@hq.dhs.gov N/A
Intel Corporation Intel issues only secure@intel.com Intel security page
Internet Systems Consortium (ISC) All ISC.org projects security-officer@isc.org ISC report a bug page
IOActive Third-party products it researches info@ioactive.com IOActive contact page
Juniper Networks, Inc. Juniper issues only sirt@juniper.net Juniper security page
JPCERT/CC Asia Pacific region vultures@jpcert.or.jp JPCERT/CC contact page
KrCERT/CC Korea vuln@krcert.or.kr N/A
Lenovo Group Ltd. Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only psirt@lenovo.com N/A
MarkLogic Corporation MarkLogic issues only security@marklogic.com N/A
McAfee McAfee issues only psirt@mcafee.com N/A
Micro Focus International Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only security@suse.com Micro Foucus security page
Microsoft Corporation Microsoft issues only secure@microsoft.com Microsoft security page
Mozilla Corporation Mozilla issues only security@mozilla.org Mozilla security page
Netgear, Inc. Netgear issues only security@netgear.com Netgear security page
Nvidia Corporation Nvidia issues only psirt@nvidia.com N/A
Objective Development Software GmbH Objective Development issues only N/A Objective Development security page
OpenSSL Software Foundation OpenSSL software projects only openssl-security@openssl.org OpenSSL contact web page
Oracle: Oracle issues only Oracle issues only secalert_us@oracle.com Oracle security page
Puppet Puppet issues only security@puppet.com Puppet security page
Qihoo 360 Technology Co. Ltd. 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only security@360.cn Qihoo 360 security page
Qualcomm, Inc. Qualcomm and Snapdragon issues only product-security@qualcomm.com N/A
Red Hat, Inc. Linux issues only secalert@redhat.com Red Hat security page
Schneider Electric SE Schneider Electric products only cybersecurity@schneider-electric.com Schneider Electric security page
Siemens AG Siemens issues only productcert@siemens.com Siemens security page
Silicon Graphics (SGI) SGI issues only security-info@sgi.com N/A
Symantec Corporation Symantec issues only secure@symantec.com Symantec security page
TIBCO Software Inc. TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only security@tibco.com N/A
Ubuntu/Linux (Canonical Ltd.) Ubuntu/Linux issues only security@ubuntu.com Ubuntu security page
VMware VMware issues only security@vmware.com N/A
Yandex N.V. Yandex issues only browser-security@yandex-team.ru N/A

MITRE Coverage

MITRE is the CNA for all products listed below, as well as for any other products not list on this page.

To contact MITRE, use the CVE Request web form.
Product Name
A10 Networks
Acer: PC Server/Desktop/Notebook product lines
Adtran
Agilent
AirWatch
Alcatel-Lucent
AMD
ARCserve
Arista Networks
Aruba Networks
ASUS: PC Server/Desktop/Notebook product lines
Atlassian
Avast
Avaya
b2evolution
Barracuda Networks
Bitdefender
Blue Coat
BMC
Borland
CA Technologies
CentOS
certificate-transparency
Citrix
Cloudera
CMS Made Simple
CommuniGate Pro
Corel
CoreMedia CMS
Dart
django CMS
docSTAR eclipse
DokuWiki
Dotclear
DotCMS
DotNetNuke
Duo Security
Ektron CMS
ESET
Exponent CMS
Fedora
FirstSpirit
Foswiki
Foxit (foxitsoftware.com)
FreeSWITCH
F-Secure
Fujitsu: Desktop/Notebook product lines
Geeklog
Gentoo (Linux)
Good for Enterprise
Grails
Groovy
Hitachi Information Technology products
HTC
iDirect
ikiwiki
ImpressPages
Invision Power Suite
Ipswitch
Joomla!
Kaspersky Lab
kernel.org: Linux kernel
knockoutjs.com Knockout
Lexmark
LG: mobile devices
LibreOffice
LibreSSL
Liferay
LiteSpeed Web Server
LogMeIn
Magento
MIT Kerberos
MobileIron
MODX
MoinMoin
Motorola Mobility: mobile devices
Movable Type
Mura CMS
MyBB
MySQL
NaviServer
NetApp
NetBSD
Nokia
Novius OS
OpenBSD
OpenLDAP
OpenSSH
OpenStack
openSUSE
OpenText FirstClass
OpenXava
Open-Xchange
Opera
Palo Alto Networks
Panda Security
Perl
PHP
PhpWiki
Pivotal
PivotX
Play Framework
Plone
Pluck
PmWiki
polymer-project.org Polymer
PowerMTA
Pulse Secure (formerly Juniper Junos)
Python
RealNetworks
Resin
Ruby
Samba
Samsung: mobile devices
SAP
SAS
Scalix
SDL Tridion
Sendmail
Serendipity
SilverStripe
Sitecore Experience Platform
SolarWinds
Sophos
Splunk
Tenable Network Security
Tiki
Trend Micro
TrueCrypt
TWiki
TYPO3
Ubiquiti Networks
Umbraco
vBulletin
VeraCrypt
Veritas Software
WatchGuard
WebKit
Webroot
Websense
WinZip
WordPress
Workshare
Xen
XOOPS
Zikula
Zimbra Collaboration Suite

Requesting CVE IDs from MITRE (Primary CNA)

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: May 03, 2017