Common Vulnerabilities and Exposures

The Common Vulnerabilities and Exposures (CVE) system, originally Common Vulnerability Enumeration,^[1] provides a reference method for publicly known information-security vulnerabilities and exposures.^[2] The United States' Homeland Security Systems Engineering and Development Institute FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security.^[3] The system was officially launched for the public in September 1999.^[4]

The Security Content Automation Protocol uses CVE, and CVE IDs are listed on MITRE's system as well as the basis for the US National Vulnerability Database.^[5]

^ "CVE - Towards a Common Enumeration of Vulnerabilities". web.archive.org. 18 April 2025. Retrieved 29 April 2025.
^ Wu, Xiaoxue; Zheng, Wei; Chen, Xiang; Wang, Fang; Mu, Dejun (2020). "CVE-assisted large-scale security bug report dataset construction method". Journal of Systems and Software. 160: 110456. doi:10.1016/j.jss.2019.110456. S2CID 209056007.
^ "CVE – Common Vulnerabilities and Exposures". Mitre Corporation. 3 July 2007. Retrieved 18 June 2009. CVE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.
^ "CVE - History". cve.mitre.org. Retrieved 25 March 2020.
^ "CVE - Common Vulnerabilities and Exposures (CVE)". cve.mitre.org. Archived from the original on 7 April 2013. Retrieved 8 April 2013.