CVE - Common Vulnerabilities and Exposures (CVE)

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Obtain a CVE Identifier
Search CVE
Search NVD
CVE In Use

CVE Adoption
CVE-Compatible Products
NVD for CVE Fix Information
More . . .
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site

Latest News

CVE and NIST Partner to Create New CVE Adoption/Validation Programs

Catbird Networks Inc. Posts CVE Compatibility Questionnaire

TMC y Cia Posts CVE Compatibility Questionnaire

Beijing Venus Information Security Technology, Inc. Makes CVE Compatibility Declaration

CVE/Making Security Measurable booth at Black Hat Briefings 2008

CVE Adoption Announced by Oracle on Global Product Security Blog

More News > >

Upcoming Events

Making Security Measurable briefing at ISSEA Conference, October 22-24

More Events > >

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE's common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Widespread Adoption of CVE
Vulnerability Management Patch Management Vulnerability Alerting Intrusion Detection	NVD (National Vulnerability Database) US-CERT Bulletins SANS Top 20

Similar Standards
Configurations (CCE) Software Weakness Types (CWE) Attack Patterns (CAPEC) Platforms (CPE) Log Format (CEE) Reporting (CRF)	Checklist Language (XCCDF) Assessment Language (OVAL) Security Content Automation (SCAP) Making Security Measurable

Focus On

CVE Identifiers

CVE Identifiers (also called "CVE-IDs," "CVE names," "CVE numbers," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities.

Each CVE Identifier on the CVE List includes a CVE identifier number (i.e., "CVE-1999-0067"); indication of "entry" or "candidate" status; a brief description of the security vulnerability or exposure; and any pertinent references (i.e., vulnerability reports and advisories or OVAL-ID).

CVE Identifiers are used by information security product/service vendors and researchers as a standard method for identifying vulnerabilities and for cross-linking with other repositories that also use CVE Identifiers.

Page Last Updated: August 20, 2008