If an entity disagrees with a vulnerability entry or a CVE assigned by our CNA team, it is possible to ask for a dispute. To do so, please contact us and state the following with a clear and complete rationale:

  • Which VulDB entry and/or CVE assignment you want to dispute
  • What the dispute is for (wrong data, false-positive, duplicate for example)
  • What the reasoning for the dispute is
Please consider the Knowledge Base entries which explain what we declare as a vulnerability and when we revoke entries.

We can only process disputes for CVE entries that we are the assigned CNA. CVE entries maintained by other CNAs must be disputed by direct contact with them or their Root-CNA. Please consult the CNA Rules for more details about this process.

If a dispute is reasonable, we will flag the entry as disputed via the field advisory_disputed which will be shown on the web site and via the API. The reasoning statement by the disputee is added to the public entry as well.

If an entry is entirely wrong, we will revoke it and reject the associated CVE.

更新済み: 2024年05月16日

Want to stay up to date on a daily basis?

Enable the mail alert feature now!