Please use the CVE Program web forms to report security vulnerabilities for the CVE website. Please include vulnerability details, steps to reproduce (e.g., proof-of-concept code, screenshots) and an assessment of the impact in your report. We appreciate concise and high-quality reports.
- In the “Select a request type” drop down menu, please select “Other”
- Enter your email address in the space provided
- You may enter a PGP key if you prefer to encrypt your correspondence
- In the “Type of comment” drop down menu, please select “Issue”
- In the textbox labeled “Please provide your question, issue, comment, etc.” please start the message with the following information:
- First Line: “CVE Website Security Anomaly Report”
- Second Line: “Distribution: CVE Website Development Team”
- Third Line: "Description: [Free Text description of the anomaly]”
- Enter the Security code
- Click “Submit Request”
The CVE website and CVE Website repository on GitHub are in scope for reporting vulnerabilities.
We will release fixes for verified security vulnerabilities. We expect to publish vulnerabilities using GitHub security advisories.
We appreciate the opportunity to investigate and develop fixes before public disclosure, following coordinated vulnerability disclosure practices.