Request a CVE Identifier

CVE Entry reservation allows researchers and vendors to include CVE Identifiers (also called CVE-IDs and CVEs) in the initial public announcement of a vulnerability, and ensures that the CVE Identifier is instantly available to all CVE users and makes it easier to track vulnerabilities over time. The methods by which researchers may request CVE Identifier number(s) are described below.

Main Methods

Contact one of the officially recognized CVE Numbering Authorities (CNAs), which will then include a CVE Identifier number in its initial public announcement about your new vulnerability.

Or, contact an emergency response team such as CERT/CC, etc., post the information to mailing lists such as Bugtraq, or provide the information to a vulnerability analysis team.

Alternative Method

If you are unable to obtain a CVE Identifier via the main methods above, you may request a CVE Identifier directly from the CVE project. To reserve a CVE Identifier before publicizing a new vulnerability, vulnerability researchers may contact cve-assign@mitre.org and we will provide you with our "CVE ID Reservation Guidelines for Researchers" document. We will then work with you to assign a CVE Identifier for the issue while you work through the process of publicly disclosing the vulnerability.

Please review the Researcher Responsibilities.

A PGP key is available for encrypted communications:
Key ID: AF9AF9AC
Fingerprint: 9F4D 81B7 60E2 20D7 8A86 FE9F A965 5407 AF9A F9AC
Key size: 2048
NOTE: PGP key updated September 2013
 
Page Last Updated: September 06, 2013