The CPE Dictionary is the official collection of CPE Names. Its purpose
is to provide a source of all known CPE Names as well as bind descriptive prose and
diagnostic tests to a CPE Name. This metadata includes a title, notes, and an automated
check to determine if a given platform matches the CPE Name.
The official CPE Dictionary is hosted by NIST as part of the National Vulnerability Database
(NVD). This dictionary is maintained by NIST to conform to the CPE Specification and be
the source for all known CPE Names. It includes contributions from the community and is
supported by many software vendors that have helped validate the names of their products.
To search this dictionary, or to download a copy of the dictionary in XML form, please follow
the link below.
On April 15, 2008 NIST released a greatly expanded and improved Official CPE Dictionary. Regular updates will occur, as needed, on a monthly basis.
Official CPE Dictionary
If a new CPE Name is needed but is not in the CPE
Dictionary it can be submitted for inclusion in a future version.
Submissions should be sent via email to cpe@mitre.org. All submissions
should be in XML form and should validate against the schema below.
This will make the update process much easier.
If an error is discovered in the existing CPE Dictionary, or
if modifications need to be made, please send these to cpe@mitre.org
as well. These should also be in the valid CPE Dictionary XML format. Modifications
should be in a separate file than new submissions.
cpe-dictionary_2.1.zip
Interested software vendors should contact the CPE Team at cpe@mitre.org
to help offer support for their products. Vendors are by far the
most knowledgeable about their products and are important in helping
get their names correct.
overview | official cpe dictionary
|