Power user
shortcuts:

All CNAs contact info

MITRE CNA-LR only : CVE Request web form

MITRE CNA-LR PGP Key

Request a block of CVE IDs (CNAs only)

Request CVE IDs

CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.

New users, follow these steps to request CVE IDs:

  1. Locate the correct CVE Numbering Authority (CNA) whose scope includes the product affected by the vulnerability in the CNAs table below.
  2. Contact that CNA using the contact method provided.
  3. If the product affected by the vulnerability is not covered by a CNA listed below , please contact the appropriate CNA of Last Resort (CNA-LR) in the CNA-LR table below.

Participating CNAs

Roots, CNAs of Last Resort, and all other CNAs, are listed below.

Root Name & Scope Contact Method Disclosure Policy Security Advisories Program Role & Type Country
Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
Industrial control systems and medical devices CISA ICS Root contact page

Submit a Report Policy Alerts

Advisories Top-Level Root

CNA of Last Resort

National & Industry CERTs USA
MITRE Corporation
All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page MITRE CVE Request web form N/A N/A Top-Level Root

CNA of Last Resort USA
JPCERT/CC
Japan organizations vuls@jpcert.or.jp

JPCERT/CC contact page Policy Advisories Root

National & Industry CERTs Japan
Spanish National Cybersecurity Institute, S.A. (INCIBE)
Spain organizations INCIBE CNA contact email address Policy (Spanish)

Policy (English) Advisories (Spanish)

Advisories (English) Root

National & Industry CERTs Spain


CNA-LR Name & Scope Contact Method Disclosure Policy Other Program Role
CISA ICS
Industrial control systems and medical devices CISA ICS Root contact page

Submit a Report Policy Top-Level Root
MITRE
All vulnerabilities, and Open Source software product vulnerabilities, not already covered by a CNA listed on this page MITRE CVE Request web form N/A Top-Level Root


CNAs are listed alphabetically:


CNA Name & Scope CNA Contact Method Disclosure Policy Security Advisories CNA Role & Type CNA’s Root Country
Adobe Systems Incorporated
Adobe issues only psirt@adobe.com

Adobe security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Advanced Micro Devices Inc.
AMD branded products and technologies only psirt@amd.com Policy Advisories CNA

Vendors and Projects MITRE USA
Airbus
All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope vuln@airbus.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Netherlands
Alias Robotics S.L.
All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope cve@aliasrobotics.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers CISA ICS Spain
Ampere Computing
Ampere issues only psirt@amperecomputing.com Policy Advisories CNA

Vendors and Projects MITRE USA
Android (associated with Google Inc. or Open Handset Alliance)
Android issues, as well as vulnerabilities in third-party software discovered by Android that are not in another CNA’s scope android-cna-team@google.com

Android Security Rewards Program Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Apache Software Foundation
All Apache Software Foundation issues only security@apache.org

Apache security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Apple Inc.
Apple issues only product-security@apple.com

Apple security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Arista Networks, Inc.
All Arista products only psirt@arista.com Policy Advisories CNA

Vendors and Projects MITRE USA
Asea Brown Boveri Ltd. (ABB)
ABB issues only cybersecurity@ch.abb.com Policy Advisories CNA

Vendors and Projects CISA ICS Switzerland
Atlassian
All Atlassian products, as well as Atlassian-maintained projects hosted on https://bitbucket.org/atlassian and https://github.com/atlassian/ security@atlassian.com Policy Advisories CNA

Vendors and Projects MITRE Australia
Avaya, Inc.
All Avaya products only securityalerts@avaya.com Policy Advisories CNA

Vendors and Projects MITRE USA
Axis Communications AB
Axis products and solutions only product-security@axis.com Policy Advisories CNA

Vendors and Projects MITRE Sweden
Becton, Dickinson and Company (BD)
BD software-enabled medical devices only cybersecurity@bd.com

Report a Cybersecurity Issue Policy Advisories CNA

Vendors and Projects CISA ICS USA
Bitdefender
All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope cve-requests@bitdefender.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Romania
BlackBerry
BlackBerry and Good product issues only secure@blackberry.com

Blackberry security contact page Policy Advisories CNA

Vendors and Projects MITRE Canada
Brocade Communications Systems, LLC
Brocade products only brocade.sirt@broadcom.com Policy Advisories CNA

Vendors and Projects MITRE USA
Canonical Ltd.
All Canonical issues (including Ubuntu Linux) only security@ubuntu.com

Ubuntu security contact page Policy Advisories CNA

Vendors and Projects MITRE UK
CA Technologies - A Broadcom Company
CA Technologies issues only ca.psirt@broadcom.com Policy Advisories CNA

Vendors and Projects MITRE USA
CERT/CC
Vulnerability assignment related to its vulnerability coordination role cert@cert.org

CERT/CC contact page Policy Advisories CNA

National and Industry CERTs MITRE USA
CERT@VDE
Products of the vendors: Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability info@cert.vde.com Policy Advisories CNA

National and Industry CERTs CISA ICS Germany
Check Point Software Ltd.
Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope cve@checkpoint.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Israel
Chrome
Chrome and Chrome OS issues, and projects that are not in another CNA’s scope Report Chrome vulnerabilities
(email)

Questions about Chrome’s
CVE Records (email) Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Cisco Systems, Inc.
All Cisco and Duo Security products, and any third-party research targets that are not in another CNA’s scope psirt@cisco.com

psirt@duosecurity.com Cisco Policy

Duo Policy Cisco Advisories

Duo Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Cloudflare, Inc.
All Cloudflare products, projects hosted at https://github.com/cloudflare/ , and any vulnerabilities discovered by Cloudflare that are not in another CNA’s scope cna@cloudflare.com Policy Advisories CNA

Vendors and Projects MITRE USA
Coalfire Labs
All CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope support@coalfire.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Crafter CMS
Crafter CMS issues only security@craftersoftware.com Policy Advisories CNA

Vendors and Projects MITRE USA
Cybellum Technologies LTD
All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope info@cybellum.com Policy Advisories CNA

Vendors and Projects MITRE Israel
Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
Industrial control systems and medical devices Submit a Report Policy Advisories Top-Level Root CNA

National & Industry CERTs N/A USA
Cyber Security Works Pvt. Ltd.
Vulnerabilities in third-party software discovered by CSW that are not in another CNA’s scope disclose@cybersecurityworks.com Policy Advisories CNA

Vulnerability Researchers MITRE India
Dahua Technologies
Dahua issues only cybersecurity@dahuatech.com

Dahua security page Policy Advisories CNA

Vendors and Projects MITRE China
Debian GNU/Linux
Debian issues only security@debian.org

Debian security page Policy Advisories CNA

Vendors and Projects MITRE USA
DeepSurface Security, Inc.
All DeepSurface products, as well as vulnerabilities in third-party software discovered by DeepSurface that are not in another CNA’s scope security@deepsurface.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Dell
Dell, Dell EMC, and VCE issues only secure@dell.com Policy Advisories CNA

Vendors and Projects MITRE USA
Devolutions Inc.
Remote Desktop Manager and Devolutions Server products security@devolutions.net Policy Advisories CNA

Vendors and Projects MITRE Canada
Document Foundation, The
Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues security@documentfoundation.org Policy Advisories CNA

Vendors and Projects MITRE Germany
Drupal.org
All projects hosted under drupal.org only security@drupal.org Policy Advisories CNA

Vendors and Projects MITRE USA
Eaton
Eaton issues only psirt@eaton.com Policy Advisories CNA

Vendors and Projects MITRE Ireland
Eclipse Foundation
Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only security@eclipse.org Policy Advisories CNA

Vendors and Projects MITRE Canada
Elastic
Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only security@elastic.co Policy Advisories CNA

Vendors and Projects MITRE Netherlands
Electronic Arts, Inc.
EA issues only secure@ea.com Policy Advisories CNA

Vendors and Projects MITRE USA
Environmental Systems Research Institute, Inc.
All Esri products only psirt@esri.com Policy Advisories CNA

Vendors and Projects MITRE USA
ESET, spol. s r.o.
All ESET products only and vulnerabilities discovered by ESET that are not covered by another CNA’s scope ESET PSIRT

ESET Research Inbound Reports Policy

Outbound Reports Policy ESET PSIRT Advisories

ESET Research Advisories

WeLiveSecurity Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Slovak Republic
F5 Networks
F5 issues only f5sirt@f5.com Policy Advisories CNA

Vendors and Projects MITRE USA
Facebook, Inc.
Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not in another CNA’s scope; see: https://www.facebook.com/whitehat and https://github.com/facebook/ Facebook security contact page Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Fedora Project
Vulnerabilities in open-source projects affecting the Fedora Project, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported releases by the Fedora Project Fedora Bug Report page Policy Advisories CNA

Vendors and Projects MITRE USA
Fidelis Cybersecurity, Inc.
Fidelis issues only security@fidelissecurity.com Policy Advisories CNA

Vendors and Projects MITRE USA
Flexera Software LLC
All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope psirt-cna@flexerasoftware.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
floragunn GmbH
All issues related to Search Guard only security@search-guard.com Policy Advisories CNA

Vendors and Projects MITRE Germany
Fluid Attacks
Vulnerabilities in third-party software discovered by Fluid Attacks that are not in another CNA’s scope help@fluidattacks.com Policy Advisories CNA

Vulnerability Researchers MITRE Colombia
Forcepoint
Forcepoint products only psirt@forcepoint.com

Forcepoint security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Fortinet, Inc.
Fortinet issues only PSIRT contact form Policy Advisories CNA

Vendors and Projects MITRE USA
FPT Software Co., Ltd.
All products and services developed and operated by FPT Software, as well as vulnerabilities in third-party software discovered by FPT Software that are not in another CNA’s scope security@fsoft.com.vn Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Vietnam
FreeBSD
Primarily FreeBSD issues only secteam@freebsd.org Policy Advisories CNA

Vendors and Projects MITRE USA
F-Secure
All F-Secure products and security vulnerabilities discovered by F-Secure in third-party software not in another CNA’s scope cve@f-secure.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Finland
Gallagher Group Ltd.
All Gallagher security products only disclosures@gallagher.com Policy Advisories CNA

Vendors and Projects CISA ICS New Zealand
GitHub, Inc.
GitHub currently only covers CVEs requested by software maintainers using the GitHub Security Advisories feature security-advisories@github.com Policy Advisories CNA

Vendors and Projects MITRE USA
GitHub, Inc. (Products Only)
GitHub Enterprise Server issues only product-cna@github.com Policy Advisories CNA

Vendors and Projects MITRE USA
GitLab Inc.
The GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope cve@gitlab.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Google LLC
Google products that are not covered by Android and Chrome, as well as vulnerabilities in third-party software discovered by Google that are not in another CNA’s scope security@google.com

Report a vulnerability Policy Cloud Advisories

Application Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
GS McNamara LLC
GS McNamara LLC products and services, including the Floodspark portfolio, and any vulnerabilities discovered in components or projects that we are researching or coordinating that are not in another CNA’s scope psirt@gsmcnamara.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
HackerOne
Provides CVE IDs for its customers as part of its bug bounty and vulnerability coordination platform support@hackerone.com

HackerOne contact page Policy Advisories CNA

Bug Bounty Programs MITRE USA
Hangzhou Hikvision Digital Technology Co., Ltd.
All Hikvision Internet of Things (IoT) products including cameras and digital video recorders (DVRs) hsrc@hikvision.com Policy Advisories CNA

Vendors and Projects MITRE China
HCL Software
All HCL products only psirt@hcl.com Policy Advisories CNA

Vendors and Projects MITRE India
Hewlett Packard Enterprise (HPE)
HPE issues only security-alert@hpe.com

Report vulnerabilities to HPE Policy Advisories CNA

Vendors and Projects MITRE USA
Hillstone Networks, Inc.
All Hillstone products only sec@hillstonenet.com Policy Advisories CNA

Vendors and Projects MITRE China
Hitachi ABB Power Grids
Hitachi ABB Power Grids products cybersecurity@hitachi-powergrids.com Policy Advisories CNA

Vendors and Projects CISA ICS Switzerland
HP Inc.
HP Inc. issues only hp-security-alert@hp.com Policy Advisories CNA

Vendors and Projects MITRE USA
Huawei Technologies
Huawei issues only psirt@huawei.com

Huawei security contact page Policy Advisories CNA

Vendors and Projects MITRE China
huntr.dev
Vulnerabilities in third-party code reported to huntr.dev that are not in another CNA’s scope security@huntr.dev Policy Advisories CNA

Bug Bounty Programs MITRE UK
IBM Corporation
All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope psirt@us.ibm.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Intel Corporation
Intel branded products and technologies and Intel managed open source projects secure@intel.com

Intel security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Internet Systems Consortium (ISC)
All ISC.org projects security-officer@isc.org

ISC report a bug page Policy Advisories CNA

Vendors and Projects MITRE USA
Israel National Cyber Directorate
Vulnerability assignment related to its vulnerability coordination role cna@cyber.gov.il Policy Advisories CNA

National & Industry CERTs MITRE Israel
Jenkins Project
Jenkins and Jenkins plugins distributed by the Jenkins Project (listed on plugins.jenkins.io) only jenkinsci-cert@googlegroups.com Policy Advisories CNA

Vendors and Projects MITRE USA
Johnson Controls
Johnson Controls products only productsecurity@jci.com Policy Advisories CNA

Vendors and Projects CISA ICS USA
Joomla! Project
Core Joomla! CMS, the Joomla Framework, and Joomla! Extensions issues only security@joomla.org Policy Advisories CNA

Vendors and Projects MITRE USA
JPCERT/CC
Vulnerability assignment related to its vulnerability coordination role vuls@jpcert.or.jp

JPCERT/CC contact page Policy Advisories Root CNA

National & Industry CERTs MITRE Japan
Juniper Networks, Inc.
Juniper issues only sirt@juniper.net

Juniper security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Kaspersky
Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope cna@kaspersky.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Russia
KrCERT/CC
Vulnerability assignment related to its vulnerability coordination role vuln@krcert.or.kr None Advisories CNA

National and Industry CERTs MITRE South Korea
Kubernetes
Kubernetes issues only security@kubernetes.io Policy Advisories CNA

Vendors and Projects MITRE USA
Larry Cashdollar
Third-party products he researches larry0@me.com Policy Advisories CNA

Vulnerability Researchers MITRE USA
Lenovo Group Ltd.
Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only psirt@lenovo.com Policy Advisories CNA

Vendors and Projects MITRE USA
LINE Corporation

Current versions of LINE Messenger Application for iOS, Android, Mac, and Windows, plus LINE Open Source projects hosted on https://github.com/line . dl_cve@linecorp.com Policy Advisories CNA

Vendors and Projects JPCERT/CC Japan
Logitech
All current products/software/apps made by Logitech , Ultimate Ears , Jaybird , Streamlabs , Logitech G , Logicool , Blue , and Astro Gaming
cve-coordination@logitech.com Policy Advisories CNA

Vendors and Projects MITRE Switzerland
MarkLogic Corporation
MarkLogic issues only security@marklogic.com Policy Advisories CNA

Vendors and Projects MITRE USA
Mattermost, Inc.
All Mattermost issues, and vulnerabilities discovered by Mattermost that are not in another CNA’s scope responsibledisclosure@
mattermost.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Mautic
Mautic core and officially supported plugins Mautic Security Team

security@mautic.org Policy Advisories CNA

Vendors and Projects MITRE USA
McAfee Enterprise
All McAfee Enterprise products, as well as vulnerabilities in third-party software discovered by McAfee Advanced Threat Research (McAfee ATR) that are not in another CNA’s scope security_report@mcafee.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Micro Focus International
All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites security@microfocus.com Policy Advisories CNA

Vendors and Projects MITRE USA
Microsoft Corporation
Microsoft issues only secure@microsoft.com

Microsoft security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Mitsubishi Electric Corporation
Mitsubishi Electric issues only Mitsubishielectric.Psirt@
yd.MitsubishiElectric.co.jp Policy Advisories CNA

Vendors and Projects JPCERT/CC Japan
MongoDB, Inc.
MongoDB products only cna@mongodb.com Policy Advisories CNA

Vendors and Projects MITRE USA
Mozilla Corporation
Mozilla issues only security@mozilla.org Policy Advisories CNA

Vendors and Projects MITRE USA
Naver Corporation
Naver products only, except Line products cve@navercorp.com Policy Advisories CNA

Vendors and Projects MITRE South Korea
NEC Corporation
NEC issues only psirt-info@cyber.jp.nec.com Policy Advisories CNA

Vendors and Projects JPCERT/CC Japan
NetApp, Inc.
All NetApp products as well as projects hosted on https://github.com/netapp security-alert@netapp.com

NetApp security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Netflix, Inc.
Current versions of Netflix Mobile Streaming Application for iOS, Android, and Windows Mobile, plus all Netflix Open Source projects hosted on https://github.com/Netflix and https://github.com/spinnaker security-report@netflix.com Policy Advisories CNA

Vendors and Projects MITRE USA
NetMotion Software
NetMotion issues only securityresponse@absolute.com Policy Advisories CNA

Vendors and Projects MITRE USA
NLnet Labs
All NLnet Labs projects sep@nlnetlabs.nl Policy RPKI Advisories

NSD Advisories

Unbound Advisories CNA

Vendors and Projects MITRE Netherlands
Node.js
All actively developed versions of software developed under the Node.js project on https://github.com/nodejs cve-request@iojs.org Policy Advisories CNA

Vendors and Projects MITRE USA
NortonLifeLock Inc.
All NortonLifeLock product issues only security@nortonlifelock.com Policy Advisories CNA

Vendors and Projects MITRE USA
Nozomi Networks Inc.
All Nozomi Networks products, as well as vulnerabilities in third-party software discovered by Nozomi Networks that are not in another CNA’s scope prodsec@nozominetworks.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
NVIDIA Corporation
NVIDIA issues only psirt@nvidia.com

NVIDIA security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Objective Development Software GmbH
Objective Development issues only Objective Development security
page Policy Advisories CNA

Vendors and Projects MITRE Austria
Octopus Deploy
All Octopus Deploy products, as well as Octopus Deploy maintained projects hosted on https://github.com/OctopusDeploy security@octopus.com Policy Advisories CNA

Vendors and Projects MITRE Australia
Odoo
Odoo issues only security@odoo.com Policy Advisories CNA

Vendors and Projects MITRE Belgium
openEuler
openEuler issues only security-openeuler@openeuler.org Policy Advisories CNA

Vendors and Projects MITRE China
OpenSSL Software Foundation
OpenSSL software projects only openssl-security@openssl.org Policy Advisories CNA

Vendors and Projects MITRE USA
OpenVPN Inc.
All products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel security@openvpn.net Policy Business VPN Advisories

Community Advisories CNA

Vendors and Projects MITRE USA
Opera
Opera issues only Opera security contact page Policy Advisories CNA

Vendors and Projects MITRE Norway
OPPO Mobile Telecommunication Corp., Ltd.
OPPO devices only security@oppo.com Policy Advisories CNA

Vendors and Projects MITRE China
Oracle
Oracle supported version product issues only; CVE IDs will not be assigned for unsupported products or versions (Oracle will confirm support status and notify researcher) secalert_us@oracle.com

Oracle security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
OTRS AG
Vulnerabilities for OTRS and ((OTRS)) Community Edition and modules only security@otrs.com Policy Advisories CNA

Vendors and Projects MITRE Germany
Palo Alto Networks, Inc.
All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope psirt@paloaltonetworks.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Patchstack
Vulnerabilities in third-party PHP products discovered by Patchstack and Patchstack Red Team audit@patchstack.com Policy Database

Advisories CNA

Vendors and Projects
Bug Bounty Programs MITRE Estonia
Pegasystems Inc.
Pegasystems products only security@pega.com Policy Advisories CNA

Vendors and Projects MITRE USA
PHP Group
Vulnerabilities in PHP code (code in https://github.com/php/php-src ) only security@php.net Policy Advisories CNA

Vendors and Projects MITRE USA
Pivotal Software, Inc.
Pivotal, Spring, and Cloud Foundry issues only security@pivotal.io Pivotal Policy

Cloud Foundry Policy Pivotal Advisories

Spring Advisories

Cloud Foundry Advisories CNA

Vendors and Projects MITRE USA
Puppet
All Puppet products, as well as all projects on https://github.com/puppetlabs security@puppet.com Policy Advisories CNA

Vendors and Projects MITRE USA
QNAP Systems, Inc.
QNAP issues only security@qnap.com Policy Advisories CNA

Vendors and Projects MITRE Taiwan
Qualcomm, Inc.
Qualcomm and Snapdragon issues only product-security@
qualcomm.com Policy Advisories CNA

Vendors and Projects MITRE USA
Rapid7, Inc.
All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope cve@rapid7.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Red Hat, Inc.
Vulnerabilities in open-source projects affecting Red Hat offerings, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported Red Hat offerings secalert@redhat.com

Red Hat security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Replicated, Inc.
Replicated products and services only security@replicated.com Policy Advisories CNA

Vendors and Projects MITRE USA
Robert Bosch GmbH
Bosch products only psirt@bosch.com Policy Advisories CNA

Vendors and Projects CISA ICS Germany
Salesforce, Inc.
Salesforce products only security@salesforce.com Policy Advisories CNA

Vendors and Projects MITRE USA
Samsung Mobile
Samsung Mobile Galaxy products, personal computers, and related services only mobile.security@samsung.com Policy Advisories CNA

Vendors and Projects MITRE South Korea
SAP SE
All SAP products cna@sap.com Policy Advisories CNA

Vendors and Projects MITRE Germany
Secomea A/S
Supported Secomea products only vulnerabilityreporting@
secomea.com Policy Advisories CNA

Vendors and Projects CISA ICS Denmark
Schneider Electric
All Schneider Electric products, including Proface, APC, and Eurotherm cybersecurity@se.com

Schneider Electric security
contact page Policy Advisories CNA

Vendors and Projects MITRE France
SICK AG
SICK AG issues only psirt@sick.de Policy Advisories CNA

Vendors and Projects MITRE Germany
Siemens
Siemens issues only productcert@siemens.com

Siemens security contact page Policy Advisories CNA

Vendors and Projects CISA ICS Germany
Sierra Wireless Inc.
Sierra Wireless products only security@sierrawireless.com Policy Advisories CNA

Vendors and Projects MITRE Canada
Silver Peak Systems, Inc.
Silver Peak product issues only sirt@silver-peak.com Policy Advisories CNA

Vendors and Projects MITRE USA
Simplinx Ltd.
Simplinx products only security@simplinx.com Policy Advisories CNA

Vendors and Projects CISA ICS Turkey
Snyk
Vulnerabilities in third-party products discovered by Snyk only report@snyk.io Policy Advisories CNA

Vulnerability Researchers MITRE UK
SolarWinds
SolarWinds products only psirt@solarwinds.com Policy Advisories CNA

Vendors and Projects MITRE USA
SonicWall, Inc.
SonicWall issues only PSIRT@sonicwall.com Policy Advisories CNA

Vendors and Projects MITRE USA
Sophos Limited
Sophos issues only security-alert@sophos.com Policy Advisories CNA

Vendors and Projects MITRE UK
Spanish National Cybersecurity Institute, S.A. (INCIBE)
Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level, and vulnerabilities reported to INCIBE by Spain organizations and researchers that are not in another CNA’s scope INCIBE CNA contact email address Policy (Spanish)

Policy (English) Advisories (Spanish)

Advisories (English) CNA

National and Industry CERTs MITRE Spain
Splunk Inc.
Splunk products only prodsec@splunk.com Policy Advisories CNA

Vendors and Projects MITRE USA
SUSE
SUSE and Rancher issues only security@suse.de Policy Advisories

Advisories (by CVE ID) CNA

Vendors and Projects MITRE USA
Swift Project
The Swift Project only cve@forums.swift.org Policy Advisories CNA

Vendors and Projects MITRE USA
Symantec - A Division of Broadcom
Symantec Enterprise products as well as vulnerabilities in third-party software discovered by Symantec that are not in another CNA’s scope symantec.psirt@broadcom.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Synology Inc.
Synology issues only security@synology.com

Synology security contact page Policy Advisories CNA

Vendors and Projects MITRE Taiwan
Synopsys
All Synopsys SIG products, as well as vulnerabilities in third-party software discovered by Synopsys SIG that are not in another CNA’s scope disclosure@synopsys.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Talos
Third-party products it researches talos-cna@cisco.com

Talos security page Policy Advisories CNA

Vulnerability Researchers MITRE USA
Tcpdump Group
Tcpdump and Libpcap only security@tcpdump.org Policy Advisories CNA

Vendors and Projects MITRE Canada
Tenable Network Security, Inc.
Tenable products and third-party products it researches not covered by another CNA vulnreport@tenable.com

Tenable security contact page Policy Advisories CNA

Vendors and Projects MITRE USA
Teradici Corporation
Teradici issues only security@teradici.com Policy Advisories CNA

Vendors and Projects MITRE Canada
360 Security Technology, Inc.
360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA security@360.cn Policy Advisories CNA

Vendors and Projects
Vulnerability Researcher MITRE China
TianoCore.org
Software vulnerabilities related to the TianoCore Open Source infosec@edk2.groups.io Policy Advisories CNA

Vendors and Projects MITRE USA
TIBCO Software Inc.
TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only security@tibco.com Policy Advisories CNA

Vendors and Projects MITRE USA
Tigera, Inc.
All vulnerabilities for Calico and all of Tigera’s products only psirt@tigera.io Policy Advisories CNA

Vendors and Projects MITRE USA
Toshiba Corporation
Vulnerabilities related to products and services of Toshiba Corporation hdq-toshiba-psirt@ml.toshiba.co.jp Policy Advisories CNA

Vendors and Projects JPCERT/CC Japan
TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
Vulnerability assignment related to its vulnerability coordination role cve@usom.gov.tr Policy Advisories CNA

National and Industry CERTs MITRE Turkey
TWCERT/CC
Vulnerability assignment related to its vulnerability coordination role cve@cert.org.tw Policy (Chinese)

Policy (English) Advisories (Chinese)

Advisories (English) CNA

National and Industry CERTs MITRE Taiwan
Vaadin Ltd.
All Vaadin products and supported open-source projects hosted at https://github.com/vaadin security@vaadin.com Policy Advisories CNA

Vendors and Projects MITRE Finland
VDOO Connected Trust Ltd.
All VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope vuln@vdoo.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE Israel
Vivo Mobile Communication Co., Ltd.
Vivo issues only security@vivo.com Policy Advisories CNA

Vendors and Projects MITRE China
VMware
VMware issues only security@vmware.com Policy Advisories CNA

Vendors and Projects MITRE USA
WhiteSource
Vulnerabilities in WhiteSource products and vulnerabilities in third-party software discovered by WhiteSource that are not in another CNA’s scope vulnerabilitylab@
whitesourcesoftware.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Wordfence
WordPress Plugins, Themes, and Core Vulnerabilities discovered by, or reported to, the Wordfence/Defiant team security@wordfence.com Policy Advisories CNA

Vendors and Projects
Vulnerability Researchers MITRE USA
Xen Project
All sub-projects under Xen Project’s umbrella (see Xen Project Teams ), except those sub-projects that have their own security response process; and the Xen components inside other projects, where Xen Project is the primary developer security@xen.org Policy Advisories CNA

Vendors and Projects MITRE UK
Xiaomi Technology Co., Ltd.
Xiaomi issues only security@xiaomi.com Policy Advisories CNA

Vendors and Projects MITRE China
Xylem
Xylem products and technologies only product.security@xyleminc.com Policy Advisories CNA

Vendors and Projects CISA ICS USA
Yandex N.V.
Yandex issues only browser-security@yandex-team.ru Policy Advisories CNA

Vendors and Projects MITRE Russia
Zabbix
Zabbix products and Zabbix projects listed on https://git.zabbix.com/ only security@zabbix.com Policy Advisories CNA

Vendors and Projects MITRE Latvia
Zephyr Project
Zephyr project components, and vulnerabilities that are not in another CNA’s scope vulnerabilities@zephyrproject.org Policy Advisories CNA

Vendors and Projects MITRE USA
Zero Day Initiative
Products and projects covered by its bug bounty programs that are not in another CNA’s scope zdi-disclosures@trendmicro.com

ZDI contact page Policy Advisories CNA

Bug Bounty Programs MITRE Japan
Zoom Video Communications, Inc.
Zoom and Keybase issues only security@zoom.us Policy Advisories CNA

Vendors and Projects MITRE USA
Zscaler, Inc.
Zscaler issues only cve@zscaler.com Policy Advisories CNA

Vendors and Projects MITRE USA
ZTE Corporation
ZTE products only psirt@zte.com.cn Policy Advisories CNA

Vendors and Projects MITRE China
Zyxel Corporation
Zyxel products issues only security@zyxel.com.tw Policy Advisories CNA

Vendors and Projects MITRE Taiwan

Key to CNA Roles, Types, and Countries

Roles

Types

Countries

Back to top

MITRE CNA of Last Resort PGP Key

Please use our CVE Request web form to request CVE IDs directly from the MITRE CNA of Last Resort (CNA-LR). Upon completion of the form, you will receive a confirmation email message that includes a reference number. Any additional communications related to that request will be done through email using the same subject line as the confirmation email.

View our web form help .

A PGP key is available for encrypted communications:

Key ID:		903E4008
Fingerprint:	F59F 1525 57C5 3CE4 BEAE B86E F357 D0E9 903E 4008
Key size:	4096
Public key:	Click to download 
NOTE: PGP key updated March 2020

For questions, or assistance about how to use the information on this page, please contact us.

Back to top
Page Last Updated or Reviewed: August 31, 2021

AltStyle によって変換されたページ (->オリジナル) /