The CVE (Common Vulnerabilities and Exposures) directory is a free, searchable database of publicly disclosed cybersecurity vulnerabilities. Each vulnerability has a unique CVE ID. You can request CVE IDs for your program’s vulnerabilities, and a CVE Assignment Authority (CNA) will assign a valid CVE ID and help you disclose the vulnerability.
As a CNA, HackerOne can assign CVE IDs and help you disclose vulnerabilities. You can request CVE IDs for your program’s vulnerabilities through the HackerOne platform. Once you publicly post your security advisory, HackerOne will automatically assign a CVE ID and publish it to MITRE.
Note: To opt-in to this feature, talk to your Customer Success Manager
Requesting a CVE ID
To request a CVE ID from your report:
Go to the report in your inbox that you want to add a CVE ID to.
Click Edit or Add next to CVE ID.
Click Need a CVE? to request a CVE ID.
Fill out the following fields then click Submit for approval.
Option | Details |
Report ID | (Optional) The ID number of the report. |
Vulnerability Date | The date the vulnerability was found. |
Weaknesses | The type of the potential issue. Learn more about weaknesses here. |
Product | The name of the product the vulnerability is found in. |
Product Version | The affected version of the product and the fixed version. |
Description | A public description of the vulnerability. |
References | Links to where the advisory report, security report, or other information about the vulnerability can be found. |
The CVE ID Summary section on the Request CVE ID homepage will list the status of all of your requests. To access the CVE ID Requests page, go to Settings > Customization > Request CVE ID. Your CVE ID request can have the following statuses:
Option | Detail |
Needs action | There are errors within the form that you need to fix or additional information is needed. Click edit to fix your form. |
Pending H1 approval | HackerOne is in the process of approving your request. |
HackerOne approved | HackerOne has approved your request and the request will be sent to MITRE for processing. |
Pending MITRE approval | MITRE is in the process of publishing your ID. |
Published | A CVE ID has been successfully assigned and the ID and vulnerability are published. |
You can modify and view the descriptions of your vulnerability by selecting Edit or View within the CVE ID Summary section.
