CVE® is a list of entries—each containing an identification number, a
description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

CVE Entries are used in numerous cybersecurity products and services from around the world,
including the U.S. National Vulnerability Database (NVD).

CNAs World Map - March 2018

CVE Numbering Authorities (CNAs)

Totals CNAs: 84 | Total Countries: 14

CNAs include vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs.

CNAs are how the CVE List is built. Every CVE Entry added to the list is assigned by a CNA.

More >>

CNA Rules, Version 2.0 Now in Effect

Version 2.0 of the CVE Numbering Authorities (CNA) Rules took effect on January 1, 2018.

The CNA Rules are the policies and processes for managing the CVE Numbering Authorities (CNAs) Program, and were revised with significant input from the CNA community.

Page Last Updated or Reviewed: March 22, 2018