Request a CVE ID

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

Shortcuts for experienced users:

CNA contact info
MITRE CVE Request web form
Request a block of CVE IDs (CNAs only)

New users, follow these steps to request CVE IDs:

1) Locate the correct CVE Numbering Authority (CNA) for your vulnerability in the CNA coverage table below.

2) Contact the CNA specified below using the contact method provided.

3) If your vulnerability is not listed on this page but you still would like a CVE ID, please contact MITRE (Primary CNA).

CNA Coverage

For open source software products not listed below, request a CVE ID through the Distributed Weakness Filing Project CNA.

Product, Vendor, or Product Category Name Scope CNA Contact Email and/or
Webpage (if applicable)
CNA Type*
MITRE Corporation All vulnerabilities not already listed on this page MITRE CVE Request web form Primary CNA
Distributed Weakness Filing Project Any open source software issues not already covered by the Primary CNA or another CNA cve-assign@distributedweaknessfiling.org


https://iwantacve.org/


DWF GitHub page
Vendors and Projects
Adobe Systems Incorporated Adobe issues only psirt@adobe.com

Adobe security page
Vendors and Projects
Airbus All Airbus products as well as vulnerabilities in third-party software discovered by Airbus that are not covered by another CNA cert@airbus.com Vulnerability Researchers
Alibaba, Inc. Projects listed on its Alibaba GitHub website only Alibaba website

Alibaba GitHub website
Vendors and Projects
Android (associated with Google Inc. or Open Handset Alliance) Android issues only security@android.com

Android security page
Vendors and Projects
Apache Software Foundation Apache Software and Apache HTTP Server issues only security@apache.org

Apache security page
Vendors and Projects
Apple Inc. Apple issues only product-security@apple.com

Apple security page
Vendors and Projects
ASUSTOR Inc. ASUSTOR network attached storage (NAS) products, as well as its ADM systems, NAS apps, mobile apps, and utilities security@asustor.com Vendors and Projects
Atlassian Atlassian issues only security@atlassian.com Vendors and Projects
Autodesk All currently supported Autodesk Applications and Cloud Services psirt@autodesk.com Vendors and Projects
BlackBerry BlackBerry and Good product issues only secure@blackberry.com

Blackberry security page
Vendors and Projects
Brocade Communications Systems, Inc. Brocade and Ruckus Wireless issues only sirt@brocade.com

Brocade security page
Vendors and Projects
Canonical Ltd. All Canonical issues (including Ubuntu Linux) only security@ubuntu.com

Ubuntu security page
Vendors and Projects
CA Technologies CA Technologies issues only vuln@ca.com

CA security page
Vendors and Projects
CERT/CC Vulnerability assignment related to its vulnerability coordination role cert@cert.org

CERT/CC contact page
National and Industry CERTs
Check Point Software Technologies Ltd. Check Point Security Gateways product line only cve@checkpoint.com Vendors and Projects
Cisco Systems, Inc. Cisco issues only psirt@cisco.com

Cisco security page
Vendors and Projects
Dahua Technologies Dahua issues only cybersecurity@dahuatech.com

Dahua security page
Vendors and Projects
Debian GNU/Linux Debian issues only security@debian.org

Debian security page
Vendors and Projects
Dell EMC Dell EMC, Dell, RSA, Pivotal, and VCE issues only security_alert@emc.com

Dell EMC security page
Vendors and Projects
Distributed Weakness Filing Project (DWF) See listing at top of this table
Drupal.org All projects hosted under drupal.org only security@drupal.org

Drupal security advisories page
Vendors and Projects
Duo Security, Inc. All Duo products and any third-party research targets that are not already in another CNA's scope security@duo.com Vulnerability Researchers
Eclipse Foundation Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only security@eclipse.org

Eclipse security page
Vendors and Projects
Elastic Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only security@eclipse.org

Elastic security page
Vendors and Projects
F5 Networks F5 issues only f5sirt@f5.com Vendors and Projects
Flexera Software LLC All Flexera products and vulnerabilities discovered by Secunia Research that are not covered by another CNA PSIRT-CNA@flexerasoftware.com Vendors and Projects
Forcepoint Forcepoint products only psirt@forcepoint.com

Forcepoint security page
Vendors and Projects
Fortinet, Inc. Fortinet issues only psirt@fortinet.com Vendors and Projects
FreeBSD Primarily FreeBSD issues only secteam@freebsd.org Vendors and Projects
Google Inc. Chrome and Chrome OS issues only security@google.com

Google app security page
Vendors and Projects
HackerOne Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform support@hackerone.com

HackerOne contact page
Bug Bounty Programs
Hewlett Packard Enterprise (HPE) HPE issues only security-alert@hpe.com Vendors and Projects
HP Inc. HP Inc. issues only hp-security-alert@hp.com Vendors and Projects
Huawei Technologies Huawei issues only psirt@huawei.com

Huawei security page
Vendors and Projects
IBM Corporation IBM issues only psirt@us.ibm.com Vendors and Projects
ICS-CERT Infrastructure sector control systems ics-cert@hq.dhs.gov National and Industry CERTs
Intel Corporation Intel branded products and technologies and Intel managed open source projects secure@intel.com

Intel security page
Vendors and Projects
Internet Systems Consortium (ISC) All ISC.org projects security-officer@isc.org

ISC report a bug page
Vendors and Projects
IOActive Third-party products it researches info@ioactive.com

IOActive contact page
Vulnerability Researchers
Juniper Networks, Inc. Juniper issues only sirt@juniper.net

Juniper security page
Vendors and Projects
JPCERT/CC Vulnerability assignment related to its vulnerability coordination role vultures@jpcert.or.jp

JPCERT/CC contact page
National and Industry CERTs
Kaspersky Labs Kaspersky B2C and B2B products as well as vulnerabilities discovered in third-party software not covered by another CNA vulnerability@kaspersky.com Vulnerability Researchers
KrCERT/CC Vulnerability assignment related to its vulnerability coordination role vuln@krcert.or.kr National and Industry CERTs
Larry Cashdollar Third-party products he researches larry0@me.com Vulnerability Researchers
Lenovo Group Ltd. Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only psirt@lenovo.com Vendors and Projects
MarkLogic Corporation MarkLogic issues only security@marklogic.com Vendors and Projects
McAfee McAfee issues only psirt@mcafee.com Vendors and Projects
Micro Focus International Attachmate, Micro Focus, NetIQ, Novell, and SUSE issues only security@suse.com

Micro Focus security page
Vendors and Projects
Microsoft Corporation Microsoft issues only secure@microsoft.com

Microsoft security page
Vendors and Projects
MITRE Corporation See listing at top of this table
Mozilla Corporation Mozilla issues only security@mozilla.org

Mozilla security page
Vendors and Projects
NetApp, Inc. All NetApp products as well as projects hosted on https://github.com/netapp security-alert@netapp.com

NetApp security page
Vendors and Projects
Netflix, Inc. Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker only security-report@netflix.com Vendors and Projects
Netgear, Inc. Netgear issues only security@netgear.com

Netgear security page
Vendors and Projects
Nvidia Corporation Nvidia issues only psirt@nvidia.com Vendors and Projects
Objective Development Software GmbH Objective Development issues only Objective Development security page Vendors and Projects
OpenSSL Software Foundation OpenSSL software projects only openssl-security@openssl.org

OpenSSL contact web page
Vendors and Projects
Oracle Oracle issues only secalert_us@oracle.com

Oracle security page
Vendors and Projects
Puppet Puppet issues only security@puppet.com

Puppet security page
Vendors and Projects
Qihoo 360 Technology Co. Ltd. 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products only security@360.cn

Qihoo 360 security page
Vendors and Projects
QNAP Systems, Inc. QNAP QTS, QES, and QVR products as well as its mobile apps and utilities security@qnap.com Vendors and Projects
Qualcomm, Inc. Qualcomm and Snapdragon issues only product-security@qualcomm.com Vendors and Projects
Rapid7, Inc. All Rapid7 products and vulnerabilities discovered by Rapid7 that are not covered by another CNA cve@rapid7.com

Rapid7 security page
Vulnerability Researchers
Red Hat, Inc. Linux issues only secalert@redhat.com

Red Hat security page
Vendors and Projects
Riverbed Technology, Inc. Riverbed products only product-security@riverbed.com Vendors and Projects
Schneider Electric SE Schneider Electric products only cybersecurity@schneider-electric.com

Schneider Electric security page
Vendors and Projects
Siemens AG Siemens issues only productcert@siemens.com

Siemens security page
Vendors and Projects
Silicon Graphics (SGI) SGI issues only security-info@sgi.com Vendors and Projects
Symantec Corporation Symantec issues only secure@symantec.com

Symantec security page
Vendors and Projects
Synology Inc. Synology issues including its network attached storage (NAS) products only security@synology.com

Synology security page
Vendors and Projects
Talos Third-party products it researches talos-cna@cisco.com

Talos web page
Vulnerability Researchers
Tenable Network Security, Inc. Tenable products and third-party products they research not covered by another CNA vulnreport@tenable.com

Tenable security page
Vendors and Projects
TIBCO Software Inc. TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only security@tibco.com Vendors and Projects
Trend Micro, Inc. Trend Micro supported products and end-of-life products issues only security@trendmicro.com

Trend Micro security page
Vendors and Projects
VMware VMware issues only security@vmware.com Vendors and Projects
Yandex N.V. Yandex issues only browser-security@yandex-team.ru Vendors and Projects
Zephyr Project Zephyr project components and vulnerabilities that are not covered by another CNA vulnerabilities@zephyrproject.org Vendors and Projects
Zero Day Initiative Products and projects covered by its bug bounty programs not already covered by another CNA zdi-disclosures@trendmicro.com

ZDI contact page
Bug Bounty Programs
ZTE Corporation ZTE products only psirt@zte.com.cn Vendors and Projects

* Key for CNA Types:

MITRE (Primary CNA) PGP Key

Please use our CVE Request web form to request CVE IDs directly from MITRE. Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help.

A PGP key is available for encrypted communications:

Key ID:		8B5618B6
Fingerprint:	3661 5122 7CF5 FC6B BCCC 7943 76FF 3305 8B56 18B6
Key size:	4096
Public key:	Click to download
NOTE: PGP key updated August 2016

For questions, or assistance about how to use the information on this page, please contact us.

Page Last Updated or Reviewed: October 23, 2017