CVE prioritizes the assignment of CVE Identifiers (CVE IDs) for the products, vendors, and product categories listed below, but you may request a CVE ID for any vulnerability.
CNA Name & Scope
CNA Contact Method
Disclosure Policy
Security Advisories
CNA Role & Type
CNA’s Root
Country
Airbus
All Airbus products (supported products and end-of-life/end-of-service products), as well as vulnerabilities in third-party software discovered by Airbus that are not in another CNA’s scope
vuln@airbus.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Netherlands
Alias Robotics S.L.
All Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope
cve@aliasrobotics.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
CISA ICS
Spain
Bitdefender
All Bitdefender products, as well as vulnerabilities in third-party software discovered by Bitdefender that are not in another CNA’s scope
cve-requests@bitdefender.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Romania
CERT@VDE
Products of the vendors: Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO. Also, industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability
info@cert.vde.com
Policy
Advisories
CNA
National and Industry CERTs
CISA ICS
Germany
Check Point Software Ltd.
Check Point Security Gateways product line only, and any vulnerabilities discovered by Check Point that are not in another CNA’s scope
cve@checkpoint.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Israel
Coalfire Labs
All CoalfireONE products, as well as vulnerabilities in third-party software discovered by Coalfire Labs that are not in another CNA’s scope
support@coalfire.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Cybellum Technologies LTD
All Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope
info@cybellum.com
Policy
Advisories
CNA
Vendors and Projects
MITRE
Israel
Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
Industrial control systems and medical devices
Submit a Report
Policy
Advisories
Top-Level Root CNA
National & Industry CERTs
N/A
USA
DeepSurface Security, Inc.
All DeepSurface products, as well as vulnerabilities in third-party software discovered by DeepSurface that are not in another CNA’s scope
security@deepsurface.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Document Foundation, The
Projects within The Document Foundation only, e.g., LibreOffice, LibreOffice Online; The Document Foundation discourages reporting denial of service bugs as security issues
security@documentfoundation.org
Policy
Advisories
CNA
Vendors and Projects
MITRE
Germany
Eclipse Foundation
Eclipse IDE and the Eclipse Foundation's eclipse.org, polarysys.org, and locationtech.org open source projects only
security@eclipse.org
Policy
Advisories
CNA
Vendors and Projects
MITRE
Canada
Elastic
Elasticsearch, Kibana, Beats, Logstash, X-Pack, and Elastic Cloud Enterprise products only
security@elastic.co
Policy
Advisories
CNA
Vendors and Projects
MITRE
Netherlands
Fedora Project
Vulnerabilities in open-source projects affecting the Fedora Project, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported releases by the Fedora Project
Fedora Bug Report page
Policy
Advisories
CNA
Vendors and Projects
MITRE
USA
Flexera Software LLC
All Flexera products, and vulnerabilities discovered by Secunia Research that are not in another CNA’s scope
psirt-cna@flexerasoftware.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Fluid Attacks
Vulnerabilities in third-party software discovered by Fluid Attacks that are not in another CNA’s scope
help@fluidattacks.com
Policy
Advisories
CNA
Vulnerability Researchers
MITRE
Colombia
FPT Software Co., Ltd.
All products and services developed and operated by FPT Software, as well as vulnerabilities in third-party software discovered by FPT Software that are not in another CNA’s scope
security@fsoft.com.vn
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Vietnam
F-Secure
All F-Secure products and security vulnerabilities discovered by F-Secure in third-party software not in another CNA’s scope
cve@f-secure.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Finland
GitLab Inc.
The GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope
cve@gitlab.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
GS McNamara LLC
GS McNamara LLC products and services, including the Floodspark portfolio, and any vulnerabilities discovered in components or projects that we are researching or coordinating that are not in another CNA’s scope
psirt@gsmcnamara.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
huntr.dev
Vulnerabilities in third-party code reported to huntr.dev that are not in another CNA’s scope
security@huntr.dev
Policy
Advisories
CNA
Bug Bounty Programs
MITRE
UK
IBM Corporation
All IBM products, as well as vulnerabilities in third-party software discovered by IBM X-Force Red that are not in another CNA’s scope
psirt@us.ibm.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Israel National Cyber Directorate
Vulnerability assignment related to its vulnerability coordination role
cna@cyber.gov.il
Policy
Advisories
CNA
National & Industry CERTs
MITRE
Israel
Kaspersky
Kaspersky B2C and B2B products, as well as vulnerabilities discovered in third-party software not in another CNA’s scope
cna@kaspersky.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Russia
KrCERT/CC
Vulnerability assignment related to its vulnerability coordination role
vuln@krcert.or.kr
None
Advisories
CNA
National and Industry CERTs
MITRE
South Korea
Lenovo Group Ltd.
Lenovo general-purpose computers, software for general-purpose operating systems, mobile devices, enterprise storage, and networking products only
psirt@lenovo.com
Policy
Advisories
CNA
Vendors and Projects
MITRE
USA
McAfee Enterprise
All McAfee Enterprise products, as well as vulnerabilities in third-party software discovered by McAfee Advanced Threat Research (McAfee ATR) that are not in another CNA’s scope
security_report@mcafee.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Micro Focus International
All Attachmate, Borland, Gwava, Micro Focus, NetIQ, Novell, and Serena products, as well as all former HP Enterprise software suites
security@microfocus.com
Policy
Advisories
CNA
Vendors and Projects
MITRE
USA
Nozomi Networks Inc.
All Nozomi Networks products, as well as vulnerabilities in third-party software discovered by Nozomi Networks that are not in another CNA’s scope
prodsec@nozominetworks.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Palo Alto Networks, Inc.
All Palo Alto Networks products, and vulnerabilities discovered by Palo Alto Networks that are not in another CNA’s scope
psirt@paloaltonetworks.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Rapid7, Inc.
All Rapid7 products, and vulnerabilities discovered by Rapid7 that are not in another CNA’s scope
cve@rapid7.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Red Hat, Inc.
Vulnerabilities in open-source projects affecting Red Hat offerings, that are not covered by a more specific CNA. CVEs can be assigned to vulnerabilities affecting end-of-life or unsupported Red Hat offerings
secalert@redhat.com
Red Hat security contact page
Policy
Advisories
CNA
Vendors and Projects
MITRE
USA
Spanish National Cybersecurity Institute, S.A. (INCIBE)
Vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level, and vulnerabilities reported to INCIBE by Spain organizations and researchers that are not in another CNA’s scope
INCIBE CNA contact email address
Policy (Spanish)
Policy (English)
Advisories (Spanish)
Advisories (English)
CNA
National and Industry CERTs
MITRE
Spain
Symantec - A Division of Broadcom
Symantec Enterprise products as well as vulnerabilities in third-party software discovered by Symantec that are not in another CNA’s scope
symantec.psirt@broadcom.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Synopsys
All Synopsys SIG products, as well as vulnerabilities in third-party software discovered by Synopsys SIG that are not in another CNA’s scope
disclosure@synopsys.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
360 Security Technology, Inc.
360 Total Security, 360 Safeguard, 360 Mobile Safe, and 360 Safe Router products, and vulnerabilities in third-party products discovered by 360 that are not covered by another CNA
security@360.cn
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researcher
MITRE
China
TIBCO Software Inc.
TIBCO, Talarian, Spotfire, Data Synapse, Foresight, Kabira, Proginet, LogLogic, StreamBase, JasperSoft, and Mashery products/brands only
security@tibco.com
Policy
Advisories
CNA
Vendors and Projects
MITRE
USA
TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
Vulnerability assignment related to its vulnerability coordination role
cve@usom.gov.tr
Policy
Advisories
CNA
National and Industry CERTs
MITRE
Turkey
VDOO Connected Trust Ltd.
All VDOO products (supported products and end-of-life/end-of-service products); Vulnerabilities in third-party software discovered by VDOO that are not in another CNA’s scope; Vulnerabilities in third-party software discovered by external researchers and disclosed to VDOO (includes any embedded devices and their associated mobile applications) that are not in another CNA’s scope
vuln@vdoo.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
Israel
Wordfence
WordPress Plugins, Themes, and Core Vulnerabilities discovered by, or reported to, the Wordfence/Defiant team
security@wordfence.com
Policy
Advisories
CNA
Vendors and Projects
Vulnerability Researchers
MITRE
USA
Xen Project
All sub-projects under Xen Project’s umbrella (see
Xen Project Teams
), except those sub-projects that have their own security response process; and the Xen components inside other projects, where Xen Project is the primary developer
security@xen.org
Policy
Advisories
CNA
Vendors and Projects
MITRE
UK
For questions, or assistance about how to use the information on this page, please
contact us.