CVE® is a list of entries—each containing an identification number, a
description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

CVE Entries are used in numerous cybersecurity products and services from around the world,
including the U.S. National Vulnerability Database (NVD).

CNAs World Map - June 2018

CVE Numbering Authorities (CNAs)

Totals CNAs: 88 | Total Countries: 14

CNAs include vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs.

CNAs are how the CVE List is built. Every CVE Entry added to the list is assigned by a CNA.

More >>

CNA Processes Documentation Now on GitHub

We have updated the collection of processes documentation for CVE Numbering Authorities (CNAs) on our CVEProject Documentation website on GitHub.

The purpose of the collection is to provide training and assistance to CNAs so that they can correctly fulfill their responsibilities for properly writing and completing the information required for each CVE Entry they submit to the Primary CNA to be added to the CVE List, as defined by the CNA Rules, Version 2.0.

Page Last Updated or Reviewed: July 05, 2018