CVE

  • Updated:2024-07-05

CVE is the abbreviation of Common Vulnerabilities and Exposures. There is one CVE Record with an unique ID for each published vulnerability. The CVE Records are stored and retrievable from a centralized database (NVD) (external link) through a public API.

Each CVE Record contains:

  • Severity scores and impact ratings
  • Common Platform Enumeration (CPE) information i.e. what softwares are affected.
  • Fix information
  • Searching by OS; by vendor name, product name, and/or version number; and by vulnerability type, severity, related exploit range, and impact
  • Enhanced CVE content data feeds.

The CVSS (Common Vulnerability Scoring System) sets a score (0-10) to the CVE, rating the severity of the vulnerability. The overall CVSS score is composed of three sub groups of metrics (Base, Temporal, Environmental), of which each metric group has several subcomponent.

More information at:

  • NVD (external link), National Vulnerability Database.
  • Mitre (external link), Mitre Corporation.
  • CNA (external link), CVE partnering program.
  • First (external link), Forum of Incident Response and Security Teams.