Security Policy

Reporting a Vulnerability

Please use the CVE Program Web Forms (choose “General Support”) to report security vulnerabilities for the CVE website.

Please include:

We appreciate concise and high-quality reports.

The CVE website and CVE Website repository on GitHub are in scope for reporting vulnerabilities.

We will release fixes for verified security vulnerabilities. We expect to publish vulnerabilities using GitHub security advisories.

We appreciate the opportunity to investigate and develop fixes before public disclosure, following coordinated vulnerability disclosure practices.