Common Vulnerabilities and Exposures

Latest News

CVE Identifiers Used throughout Symantec's "2014 Internet Security Threat Report"

CVE Identifier "CVE-2014-0224" Cited in Numerous Security Advisories and News Media References about the Most Critical OpenSSL Vulnerability since Heartbleed

CVE, CWE, and CAPEC Are Main Topics of Article about the "Heartbleed" Bug on MITRE's Cybersecurity Blog

CVE Identifier "CVE-2014-0160" Cited in Numerous Security Advisories and News Media References about the Heartbleed Vulnerability

CVE and CWE Cited in White Paper about the Heartbleed Vulnerability

CVE and CWE Mentioned in Article about Mitigating Risks of Counterfeit and Tainted Components in March/April 2014 Issue of Crosstalk

More News »

CVE® International in scope and free for public use, CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE’s common identifiers enable data exchange between security products and provide a baseline index point for evaluating coverage of tools and services.

Technical Guidance for Handling the New CVE-ID Syntax is now available on the CVE Web site. As of January 1, 2014, the format for CVE-IDs changed from 4 fixed digits to arbitrary digits in CVE-IDs.

This new resource on the CVE Web site provides technical guidance and test data for developers and consumers for tools, web sites, and other capabilities that use CVE Identifiers (CVE-IDs), including the following: considerations for input and output formats, considerations for extraction or parsing, extraction and conversion methods for CVE-IDs, an example conversion algorithm for incoming IDs, and CVE-ID Test Data for Implementers available for download in a ZIP file.

Feedback about this guidance, and/or the test data, is welcome at cve-id-change@mitre.org.