Skip to content

Security: CVEProject/cve-website

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please use the CVE Program web forms to report security vulnerabilities for the CVE website. Please include vulnerability details, steps to reproduce (e.g., proof-of-concept code, screenshots) and an assessment of the impact in your report. We appreciate concise and high-quality reports.

Web Form Submissions

  • In the “Select a request type” drop down menu, please select “Other”
  • Enter your email address in the space provided
  • You may enter a PGP key if you prefer to encrypt your correspondence
  • In the “Type of comment” drop down menu, please select “Issue”
  • In the textbox labeled “Please provide your question, issue, comment, etc.” please start the message with the following information:
    • First Line: “CVE Website Security Anomaly Report”
    • Second Line: “Distribution: CVE Website Development Team”
    • Third Line: "Description: [Free Text description of the anomaly]”
  • Enter the Security code
  • Click “Submit Request”

Scope

The CVE website and CVE Website repository on GitHub are in scope for reporting vulnerabilities.

Fixes

We will release fixes for verified security vulnerabilities. We expect to publish vulnerabilities using GitHub security advisories.

Coordination

We appreciate the opportunity to investigate and develop fixes before public disclosure, following coordinated vulnerability disclosure practices.

There aren’t any published security advisories