CVE - 2020 News & Events


News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Minutes from CVE Board Teleconference Meeting on December 16 Now Available
December 22, 2020 | Share this article

The CVE Board held a teleconference meeting on December 16, 2020. Read the meeting minutes.

Coalfire Labs Added as CVE Numbering Authority (CNA)
December 17, 2020 | Share this article

Coalfire Labs is now a CVE Numbering Authority (CNA) for all CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope. Coalfire Labs’ Root CNA is the MITRE Top-Level Root CNA. Read the Coalfire Labs news release.

To date, 149 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Milind Kulkarni of NVIDIA
December 15, 2020 | Share this article

In his article on the CVE Blog, CVE community member Milind Kulkarni of CVE Numbering Authority (CNA) NVIDIA discusses the benefits of leveraging the CVE Program for vulnerability disclosure practices in “Our CVE Story: Using the CVE Program to Provide Reliable Vulnerability Information.”

Minutes from CVE Board Teleconference Meeting on December 2 Now Available
December 11, 2020 | Share this article

The CVE Board held a teleconference meeting on December 2, 2020. Read the meeting minutes.

COMPLETED: CVE List Content Updates Unavailable from 6:00am-11:00pm (EST) on December 10
December 8, 2020 (Updated December 11, 2020)| Share this article

UPDATE: Infrastructure upgrades on the CVE website were completed, and normal operations resumed, on December 10, 2020 at 11:00 p.m. (EST). We apologize for any inconvenience. Please contact us with any comments or concerns.

The CVE Program is upgrading the infrastructure used to add CVE List content to the CVE website. As a result, from 6:00 a.m. through 11:00 p.m. (EST) on December 10, 2020 any data that is updated daily on a periodic basis (e.g., CVE List, @CVEnew tweets, download files) will not be updated. Normal operations are scheduled to resume on December 10, 2020 at 11:00 p.m. (EST).

Previously published CVE List content on the CVE website will remain accessible, as will all other website content, during the upgrades. In addition, submissions via the CVE Request Web Form and GitHub (CVE Numbering Authorities (CNAs)-only) may still be made during this time but will processed once the upgrade is completed.

This announcement was also posted to Twitter and LinkedIn.

JPCERT/CC Blog Announces Two New CNAs from Japan and Encourages Other Vendors to Participate
December 8, 2020 | Share this article

JPCERT/CC posted a blog article on December 4, 2020 that explained its role as a Root CVE Numbering Authority (CNA) and announced Mitsubishi Electric and LINE Corporation as CNAs with JPCERT/CC as their Root CNA.

In addition to announcing that two organizations have joined the CVE Program as CNAs, JPCERT/CC also encouraged other organizations in Japan to participate: “As a CNA, JPCERT/CC assigns CVE IDs to reported vulnerabilities, when publishing the advisories on JVN. However, considering the nature of CVE IDs, it would be more natural for the product developers who can acknowledge and verify the vulnerabilities to assign CVE IDs on their own, than by the organizations who coordinate and publish vulnerability information. The involvement of the 2 new CNAs is welcome by the CVE Program, as vendors’ participation to the program as CNAs is highly encouraged … If you are interested in becoming a CNA or have any opinions on this topic, please contact us at vuls@jpcert.or.jp.”

Read the complete blog article in English or Japanese.

Mitsubishi Electric Added as CVE Numbering Authority (CNA)
December 4, 2020 | Share this article

Mitsubishi Electric Corporation is now a CVE Numbering Authority (CNA) for Mitsubishi Electric issues only. Mitsubishi Electric’s Root CNA is the JPCERT/CC Root CNA.

To date, 148 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

LINE Added as CVE Numbering Authority (CNA)
December 4, 2020 | Share this article

LINE Corporation is now a CVE Numbering Authority (CNA) for current versions of LINE Messenger Application for iOS, Android, Mac, and Windows, plus LINE Open Source projects hosted on https://github.com/line. LINE’s Root CNA is the JPCERT/CC Root CNA.

To date, 147 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Introducing the New CVE Logo!
December 1, 2020 | Share this article

The CVE Program has new logo! As a reminder, the new CVE logo was chosen by the community in a contest held earlier this year.


New CVE Logo


The new CVE logo will be rolled out across all of our communications materials in the coming weeks. Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on November 18 Now Available
November 25, 2020 | Share this article

The CVE Board held a teleconference meeting on November 18, 2020. Read the meeting minutes.

Secomea Added as CVE Numbering Authority (CNA)
November 20, 2020 | Share this article

Secomea A/S is now a CVE Numbering Authority (CNA) for supported Secomea products only. Secomea’s Root CNA is the CISA ICS Top-Level Root CNA.

To date, 146 organizations from 25 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

The Joomla! Project Added as CVE Numbering Authority (CNA)
November 18, 2020 | Share this article

The Joomla! Project is now a CVE Numbering Authority (CNA) for core Joomla! CMS, the Joomla Framework, and Joomla! Extensions issues only. The Joomla! Project’s Root CNA is the MITRE Top-Level Root CNA.

To date, 145 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member GS McNamara of Forcepoint
November 16, 2020 | Share this article

In his article on the CVE Blog, CVE community member GS McNamara of CVE Numbering Authority (CNA) Forcepoint discusses the many benefits of participating in the CVE Program in “Our CVE Story: The Gift of CVE.”

Minutes from CVE Board Teleconference Meeting on November 4 Now Available
November 11, 2020 | Share this article

The CVE Board held a teleconference meeting on November 4, 2020. Read the meeting minutes.

WhiteSource Added as CVE Numbering Authority (CNA)
November 5, 2020 | Share this article

WhiteSource is now a CVE Numbering Authority (CNA) for vulnerabilities in its own products and vulnerabilities in third-party software discovered by WhiteSource that are not in another CNA’s scope. WhiteSource’s Root CNA is the MITRE Top-Level Root CNA.

To date, 144 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Cyber Security Works Added as CVE Numbering Authority (CNA)
November 3, 2020 | Share this article

Cyber Security Works Pvt. Ltd. (CSW) is now a CVE Numbering Authority (CNA) for vulnerabilities in third-party software discovered by CSW that are not in another CNA’s scope. Cyber Security Work’s Root CNA is the MITRE Top-Level Root CNA.

To date, 143 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on October 28 Now Available
November 3, 2020 | Share this article

The CVE Board held a teleconference meeting on October 28, 2020. Read the meeting minutes.

NLnet Labs Added as CVE Numbering Authority (CNA)
October 28, 2020 | Share this article

NLnet Labs is now a CVE Numbering Authority (CNA) for all NLnet Labs projects. NLnet Labs’s Root CNA is the MITRE Top-Level Root CNA.

To date, 142 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Logitech Added as CVE Numbering Authority (CNA)
October 26, 2020 | Share this article

Logitech is now a CVE Numbering Authority (CNA) for all current products/software/apps made by Logitech, Ultimate Ears, Jaybird, Streamlabs, Logitech G, Logicool, Blue, and Astro Gaming. Logitech’s Root CNA is the MITRE Top-Level Root CNA.

To date, 141 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Chandan Nandakumaraiah of Palo Alto Networks
October 21, 2020 | Share this article

In his article on the CVE Blog, CVE Quality Working Group Co-Chair Chandan Nandakumaraiah discusses how and why CVE Numbering Authority (CNA) Palo Alto Networks decided to use only CVE IDs in its security advisories in “Our CVE Story: CVE IDs for Simplifying Vulnerability Communications.”

Minutes from CVE Board Teleconference Meeting on October 14 Now Available
October 20, 2020 | Share this article

The CVE Board held a teleconference meeting on October 14, 2020. Read the meeting minutes.

CVE Blog Also Now on Medium for Easier Commenting and Sharing
October 19, 2020 (Updated October 21, 2020) | Share this article

CVE Blog articles posted on the CVE website will also now be posted on the CVE Blog on Medium for easier commenting and sharing of posts.

CVE Blog articles co-posted on Medium to date: CVE Blog on Medium

Our CVE Story: CVE IDs for Simplifying Vulnerability Communications (guest author)

CVE Program Report for Calendar Year Q3-2020

Our CVE Story: Ancient History of the CVE Program – Did the Microsoft Security Response Center have Precognition? (guest author)

CVE Program Partners with Cybersecurity & Infrastructure Security Agency to Protect Industrial Control Systems and Medical Devices

Our CVE Story: Rapid7 (guest author)

Process for Assigning CVE IDs to End-of-Life (EOL) Products

Our CVE Story: Bringing Our ZDI Community to the CVE Community (guest author)

We encourage you to engage with us on these and future posts. Please contact us with any suggestions for future blog topics. We look forward to hearing from you!

Minutes from CVE Board Teleconference Meeting on September 30 Now Available
October 8, 2020 | Share this article

The CVE Board held a teleconference meeting on September 30, 2020. Read the meeting minutes.

New CVE Board Member from JPMorgan Chase
October 1, 2020 | Share this article

Jessica Colvin of JPMorgan Chase has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

CVE Blog Publishes Article by CVE Community Member Lisa Olson of Microsoft
September 22, 2020 | Share this article

In her article on the CVE Blog, CVE Board Member Lisa Olson discusses how Microsoft has partnered with the CVE Program as a CVE Numbering Authority (CNA) since the very beginnings of CVE more than 20 years ago in “Our CVE Story: Ancient History of the CVE Program – Did the Microsoft Security Response Center have Precognition?.”

TianoCore.org Added as CVE Numbering Authority (CNA)
September 18, 2020 | Share this article

TianoCore.org is now a CVE Numbering Authority (CNA) for software vulnerabilities related to the TianoCore Open Source. TianoCore.org’s Root CNA is the MITRE Top-Level Root CNA.

To date, 140 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Crafter CMS Added as CVE Numbering Authority (CNA)
September 16, 2020 | Share this article

Crafter CMS is now a CVE Numbering Authority (CNA) for Crafter CMS issues only. Crafter CMS’s Root CNA is the MITRE Top-Level Root CNA.

To date, 139 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Mattermost Added as CVE Numbering Authority (CNA)
September 15, 2020 | Share this article

Mattermost, Inc. is now a CVE Numbering Authority (CNA) for all Mattermost issues, and vulnerabilities discovered by Mattermost that are not in another CNA’s scope. Mattermost’s Root CNA is the MITRE Top-Level Root CNA. Read the Mattermost news release.

To date, 138 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CISA ICS Added as Top-Level Root CVE Numbering Authority (CNA)
September 15, 2020 (updated October 1, 2020) | Share this article

Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) is now a Top-Level Root CVE Numbering Authority (CNA) for ICS and medical devices.

CNAs” are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. A “Top-Level Root CNA” manages a group of CNAs within a given domain or community and may assign CVE IDs to vulnerabilities. As the Top-Level Root for ICS and medical devices, CISA ICS is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CNAs under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope.

Read the CVE Program news release or see our “CVE Program Partners with Cybersecurity & Infrastructure Security Agency to Protect Industrial Control Systems and Medical Devices” blog post for additional information.

To date, 137 organizations from 24 countries participate in the CVE Program as CNAs, and of these 3 are Root CNAs. To request a CVE ID number from a CNA, visit Request a CVE ID.

Below is a partial list of news media articles about the announcement as of October 1, 2020:

CISA Joins MITRE to Issue Vulnerability Identifiers, Dark Reading

CISA to oversee CVE numbering authorities for industrial control systems and medical devices, Security Magazine

CISA Named Top-Level Root CVE Numbering Authority, Security Week

CISA to Oversee CVE Numbering Authorities for Industrial Control Systems and Medical Devices, Homeland Security Today

Mitre Taps CISA to Lead Cataloging Efforts for Cyber Vulnerability Identification Program, Executive Biz

CISA Named Top-Level Root CVE Numbering Authority (CNA), Security Affairs

CISA Named Top-Level Root CVE Numbering Authority (CNA), IT Security News

Nozomi Networks Added as CVE Numbering Authority (CNA)
September 15, 2020 | Share this article

Nozomi Networks Inc. is now a CVE Numbering Authority (CNA) for all Nozomi Networks products, as well as vulnerabilities in third-party software discovered by Nozomi Networks that are not in another CNA’s scope. Read the Nozomi Networks news release.

To date, 137 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on August 19 Now Available
August 26, 2020 | Share this article

The CVE Board held a teleconference meeting on August 19, 2020. Read the meeting minutes.

CVE Board Charter Updated to Version 3.3
August 25, 2020 | Share this article

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.3, which adds two additional sections: Section 1.3.2 CVE Program Secretariat and Section 2.12 Executive Sessions.

Electronic Arts Added as CVE Numbering Authority (CNA)
August 19, 2020 | Share this article

Electronic Arts, Inc. is now a CVE Numbering Authority (CNA) for EA issues only.

To date, 136 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes Article by CVE Community Member Tod Beardsley of Rapid7
August 18, 2020 | Share this article

In his article on the CVE Blog, CVE Board Member Tod Beardsley discusses how Rapid7 partnered with the CVE Program as a CVE Numbering Authority (CNA) in “Our CVE Story: Rapid7.”

Minutes from CVE Board Teleconference Meeting on August 5 Now Available
August 11, 2020 | Share this article

The CVE Board held a teleconference meeting on August 5, 2020. Read the meeting minutes.

F-Secure Added as CVE Numbering Authority (CNA)
August 10, 2020 | Share this article

F-Secure is now a CVE Numbering Authority (CNA) for all F-Secure products and security vulnerabilities discovered by F-Secure in third-party software not in another CNA’s scope. Read F-Secure’s news release.

To date, 135 organizations from 24 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

VDOO Added as CVE Numbering Authority (CNA)
August 10, 2020 | Share this article

VDOO Connected Trust Ltd. is now a CVE Numbering Authority (CNA) for all VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope.

To date, 134 organizations from 23 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on July 22 Now Available
July 29, 2020 | Share this article

The CVE Board held a teleconference meeting on July 22, 2020. Read the meeting minutes.

Gallagher Added as CVE Numbering Authority (CNA)
July 27, 2020 | Share this article

Gallagher Group Ltd. is now a CVE Numbering Authority (CNA) for all Gallagher security products only. Read Gallagher’s news release.

To date, 133 organizations from 23 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Replicated Added as CVE Numbering Authority (CNA)
July 20, 2020 | Share this article

Replicated, Inc. is now a CVE Numbering Authority (CNA) for Replicated products and services only.

To date, 132 organizations from 22 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on July 8 Now Available
July 17, 2020 | Share this article

The CVE Board held a teleconference meeting on July 8, 2020. Read the meeting minutes.

Zabbix Added as CVE Numbering Authority (CNA)
July 14, 2020 | Share this article

Zabbix LLC is now a CVE Numbering Authority (CNA) for Zabbix products and Zabbix projects listed on https://git.zabbix.com/ only.

To date, 131 organizations from 22 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Synaptics Added as CVE Numbering Authority (CNA)
July 7, 2020 | Share this article

Synaptics, Inc. is now a CVE Numbering Authority (CNA) for Synaptics issues only.

To date, 130 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Japanese Translations of CNA Onboarding Slides Now Available
June 30, 2020 | Share this article

Thank you to JPCERT/CC for providing Japanese translations of our CVE Numbering Authority (CNA) Program onboarding slides for new CNAs: CVE Program Overview, Becoming a CNA, CNA Processes, Assigning CVE IDs, CVE Entry Creation, and CVE Entry Submission Process.

Please visit CNA Onboarding Slides & Videos for English versions of the slides and videos.

To learn more about the CNA Program, and the business benefits of becoming a CNA, visit Why Become a CNA?

Minutes from CVE Board Teleconference Meeting on June 24 Now Available
June 30, 2020 | Share this article

The CVE Board held a teleconference meeting on June 24, 2020. Read the meeting minutes.

openEuler Added as CVE Numbering Authority (CNA)
June 24, 2020 | Share this article

openEuler is now a CVE Numbering Authority (CNA) for openEuler issues only.

To date, 129 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Blog Publishes First-Ever Article Authored by a CVE Community Member: Shannon Sabens of ZDI/Trend Micro
June 22, 2020 | Share this article

In her article on the CVE Blog, CVE Board Member Shannon Sabens of Zero Day Initiative (ZDI)/Trend Micro discusses “Our CVE Story: Bringing Our ZDI Community to the CVE Community.”

Minutes from CVE Board Teleconference Meeting on June 10 Now Available
June 16, 2020 | Share this article

The CVE Board held a teleconference meeting on June 10, 2020. Read the meeting minutes.

CVE Board Charter Updated to Version 3.2
June 2, 2020 | Share this article

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.2, which adds one additional section: Section 2.15 Charter Exceptions.

Minutes from CVE Board Teleconference Meeting on May 27 Now Available
June 2, 2020 | Share this article

The CVE Board held a teleconference meeting on May 27, 2020. Read the meeting minutes.

Xiaomi Added as CVE Numbering Authority (CNA)
May 28, 2020 | Share this article

Xiaomi Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Xiaomi issues only.

To date, 128 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

COMPLETED: CVE Main Website and CVE Request Web Form – Possible Intermittent Outages from 7:00pm May 21 until 10:00pm EDT on May 23
May 23, 2020 (Updated from May 21 and 22, 2020) | Share this article

Maintenance for the CVE Website and CVE Request Web Form was completed on May 23, 2020. The CVE Main Website and CVE Request Web Form were temporarily unavailable at times from 7:00 p.m. on Thursday, May 21, 2020 until 10:00 p.m. EDT on Saturday, May 23, 2020. This announcement was also posted to Twitter and LinkedIn.

We apologize for any inconvenience. Please contact us with any comments or concerns.

GitLab Added as CVE Numbering Authority (CNA)
May 22, 2020 | Share this article

GitLab Inc. is now a CVE Numbering Authority (CNA) for the GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope. Read GitLab’s news release.

To date, 127 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

NOTICE: CVE Main Website – Possible Intermittent Outages from 7:00pm May 21 until 7:00am EDT on May 22
May 21, 2020 | Share this article

Please see the updated notice for the most recent information.

New CVE Board Member from Cybersecurity and Infrastructure Security Agency (CISA)
May 20, 2020 | Share this article

Jay Gazlay of U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

OpenVPN Added as CVE Numbering Authority (CNA)
May 19, 2020 | Share this article

OpenVPN Inc. is now a CVE Numbering Authority (CNA) for all products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel.

To date, 126 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on May 13 Now Available
May 19, 2020 | Share this article

The CVE Board held a teleconference meeting on May 13, 2020. Read the meeting minutes.

NortonLifeLock Added as CVE Numbering Authority (CNA)
May 15, 2020 | Share this article

NortonLifeLock Inc. is now a CVE Numbering Authority (CNA) for NortonLifeLock products only.

To date, 125 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

NOTICE: CVE Request Web Form – Possible Intermittent Outages from 6:00pm EDT May 15 through 6:00pm EDT May 16
May 14, 2020 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times, and confirmation emails may be delayed, from 6:00 p.m. Eastern time on Friday, May 15, 2020 until 6:00 p.m. Eastern time on Saturday, May 16, 2020. Any delayed confirmation emails will be sent once the upgrade is completed.

The 123 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

CVE Entries Used in CISA and FBI’s “Top 10 Most Routinely Exploited Vulnerabilities”
May 14, 2020 | Share this article

CVE Entries are used to identify the vulnerabilities cited in the “Top 10 Routinely Exploited Vulnerabilities” list released on May 12, 2020 by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA sponsors the CVE Program.

The list was created to “advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors. [The list] provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)[1]—to help organizations reduce the risk of these foreign threats.”

The CVE Entries cited in the “Top 10 Routinely Exploited Vulnerabilities” are:

The report also includes “indicators of compromise (IOCs) and additional guidance associated with the CVEs” in a Mitigations section of the document.

Visit “CISA Alert (AA20-133A): Top 10 Routinely Exploited Vulnerabilities” for detailed information.

Sierra Wireless Added as CVE Numbering Authority (CNA)
May 14, 2020 | Share this article

Sierra Wireless Inc. is now a CVE Numbering Authority (CNA) for Sierra Wireless products only.

To date, 124 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Teradici Added as CVE Numbering Authority (CNA)
May 12, 2020 | Share this article

Teradici Corporation is now a CVE Numbering Authority (CNA) for Teradici issues only.

To date, 123 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Advanced Micro Devices Added as CVE Numbering Authority (CNA)
May 6, 2020 | Share this article

Advanced Micro Devices, Inc. (AMD) is now a CVE Numbering Authority (CNA) for AMD branded products and technologies only.

To date, 122 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Pegasystems Added as CVE Numbering Authority (CNA)
May 5, 2020 | Share this article

Pegasystems, Inc. is now a CVE Numbering Authority (CNA) for Pegasystems products only.

To date, 121 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 29 Now Available
May 5, 2020 | Share this article

The CVE Board held a teleconference meeting on April 29, 2020. Read the meeting minutes.

Silver Peak Added as CVE Numbering Authority (CNA)
April 23, 2020 | Share this article

Silver Peak Systems, Inc. is now a CVE Numbering Authority (CNA) for Silver Peak product issues only.

To date, 120 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Board Charter Updated to Version 3.1
April 23, 2020 | Share this article

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.1, which adds two additional sections about CVE Working Groups: Section 2.13 Disbanding or Pausing Working Groups and Section 2.14 Guidelines.

CERT@VDE Added as CVE Numbering Authority (CNA)
April 22, 2020 (updated April 30, 2020) | Share this article

CERT@VDE is now a CVE Numbering Authority (CNA) for Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO products, as well as industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability.

To date, 119 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 15 Now Available
April 21, 2020 | Share this article

The CVE Board held a teleconference meeting on April 15, 2020. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on April 1 Now Available
April 7, 2020 | Share this article

The CVE Board held a teleconference meeting on April 1, 2020. Read the meeting minutes.

Zscaler Added as CVE Numbering Authority (CNA)
April 6, 2020 | Share this article

Zscaler, Inc. is now a CVE Numbering Authority (CNA) for Zscaler issues only.

To date, 118 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Vivo Added as CVE Numbering Authority (CNA)
April 2, 2020 | Share this article

Vivo Mobile Communication Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Vivo issues only.

To date, 117 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

CVE Program Launches YouTube Channel
March 31, 2020 | Share this article

The CVE Program is now on YouTube!

Our new CVE Program Channel on YouTube currently includes two playlists: “CVE Basics” with introductory videos for all audiences, and “CNA Onboarding Guidance” with several videos of detailed processes and procedures guidance for organizations that have signed on to participate as official CVE Numbering Authorities (CNAs).


CVE Program Channel on YouTube


You can watch the videos and download the slides to follow along here on the CVE website, or you can watch directly on YouTube. Please check out the videos and let us know what you think by commenting on YouTube. We look forward to hearing from you!

NOTICE: CVE Request Web Form – Possible Intermittent Outages from 7:30am-9:30am EDT on March 31
March 30, 2020 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times from 7:30 a.m. until 9:30 a.m. Eastern time on Tuesday, March 31, 2020.

The 115 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on March 18 Now Available
March 25, 2020 | Share this article

The CVE Board held a teleconference meeting on March 18, 2020. Read the meeting minutes.

GitHub (Products Only) Added as CVE Numbering Authority (CNA)
March 12, 2020 | Share this article

GitHub, Inc. (Products Only) is now a CVE Numbering Authority (CNA) for GitHub Enterprise Server issues only. GitHub, Inc. is also a CNA for libraries and products hosted on github.com in a public repository. Read the GitHub (Products Only) announcement.

To date, 116 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Announcing the Winner of the CVE Logo Contest
March 6, 2020 | Share this article

The CVE Program is extremely happy to announce the winner of our CVE logo contest!

The contest began in January 2020, with 38 designers providing 260 initial design concepts, from which the CVE Outreach and Communications Working Group (OCWG) selected 8 finalists for the community to vote upon. The contest ran for two weeks, and one logo design by graphic designer Joe Abelgas received the most votes.

We are excited to announce that our new CVE logo is:


CVE Logo Contest Winner Announced - March 6, 2020

Our new CVE logo!


The new logo will be rolled out on the website, social media accounts, and in our other communications materials over the next few months. Thank you again to everyone in the CVE Community who voted to help us choose our new CVE logo; we really appreciate it!

CNA Rules, Version 3.0 Document Now Available
March 5, 2020 | Share this article

The CVE Numbering Authorities (CNA) Rules, Version 3.0 document is now available on the CVE website. For details, please see our March 5, 2020 blog post: “CNA Rules, Version 3.0 Now in Effect”.

Thank You to Everyone Who Voted in Our Poll to Help Us Choose a New CVE Logo
March 1, 2020 | Share this article

The CVE Program would like to thank the CVE Community for helping us choose a new CVE logo.

The poll closed at 12:00 a.m. EST on Friday, February 28, 2020. Votes are currently being tallied, and the winner of the contest will be determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on February 19 Now Available
February 25, 2020 | Share this article

The CVE Board held a teleconference meeting on February 19, 2020. Read the meeting minutes.

CVE at RSA 2020
February 24, 2020 | Share this article

Members of the CVE Team will be at RSA Conference 2020 at the Moscone Center in San Francisco, California, USA on February 24-28, 2020. Please look for us on the show floor and say hello. We look forward to seeing you!

Ampere Computing Added as CVE Numbering Authority (CNA)
February 14, 2020 | Share this article

Ampere Computing is now a CVE Numbering Authority (CNA) for Ampere issues only.

To date, 115 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

UPDATED: Voting Extended through February 28 to Help Choose a New CVE Logo!
February 13, 2020 (updated February 24, 2019) | Share this article

The CVE Program would like the CVE Community to help us choose a new CVE logo!

The CVE Outreach and Communications Working Group (OCWG) officially launched the CVE logo contest on January 29, 2020. We received over 260 logo design concepts and the OCWG down selected to eight logo design finalists.

There are eight logo options to vote on via our CVE Logo Poll on 99 Designs. The winner of the contest is determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

How to Vote

  1. Visit https://99designs.com/contests/poll/aa730ecca6.
  2. Vote for one or more logo designs by awarding each logo between 0-5 stars (0 is lowest and 5 highest).
  3. Add a Comment about each logo (optional).
  4. Enter your name and email address and click Submit.

Voting opens at 12:00 p.m. EST on Thursday, February 13, 2020, and closes at 12:00 a.m. EST on Friday, February 28, 2020 (updated from February 21). Participation is free.

Thank you for participating! Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on February 5 Now Available
February 11, 2020 | Share this article

The CVE Board held a teleconference meeting on February 5, 2020. Read the meeting minutes.

Google LLC Added as CVE Numbering Authority (CNA)
February 4, 2020 | Share this article

Google LLC is now a CVE Numbering Authority (CNA) for Google products that are not covered by Android and Chrome only. Android and Chrome are also CNAs.

To date, 114 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Alias Robotics Added as CVE Numbering Authority (CNA)
February 3, 2020 | Share this article

Alias Robotics S.L. is now a CVE Numbering Authority (CNA) for all Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope.

To date, 113 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 22 Now Available
January 28, 2020 | Share this article

The CVE Board held a teleconference meeting on January 22, 2020. Read the meeting minutes.

Tcpdump Group Added as CVE Numbering Authority (CNA)
January 23, 2020 | Share this article

Tcpdump Group is now a CVE Numbering Authority (CNA) for Tcpdump and Libpcap only.

To date, 112 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Spanish National Cybersecurity Institute (INCIBE) Added as CVE Numbering Authority (CNA)
January 16, 2020 | Share this article

Spanish National Cybersecurity Institute, S.A. (INCIBE) is now a CVE Numbering Authority (CNA) for vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level.

To date, 111 organizations from 21 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Cybellum Added as CVE Numbering Authority (CNA)
January 14, 2020 | Share this article

Cybellum Technologies LTD is now a CVE Numbering Authority (CNA) for all Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope. Read Cybellum’s news release.

To date, 110 organizations from 20 countries participate in the CVE Program as CNAs. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

To request a CVE ID number from a CNA, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 8 Now Available
January 14, 2020 | Share this article

The CVE Board held a teleconference meeting on January 8, 2020. Read the meeting minutes.

Page Last Updated or Reviewed: December 30, 2020