VulDB is an officially certified CVE Numbering Authority (CNA) by MITRE and Authorized Data Publisher (ADP) by NIST NVD. CNAs are organizations which are authorized by the CVE program to assign CVEs to vulnerabilities and disclose CVE records within their own scope of coverage. ADPs are allowed to submit data to enrich CVE records.

Submission Process

You are able to submit a new vulnerability to our database and request a CVE assignment. Please read our submission guidelines for new CVE requests.

Be sure that there is no CVE assigned for your finding and no CVE assignment in process by another CNA. If you have approached another CNA before and received a reply, please include this reply so we may co-ordinate the CVE assignment properly.

Coordination Handling

Our processing of CVE assignment requests is defined by the official CNA Rules and handled like this:

  1. Contact the responsible CNA with the matching scope (if available, usually the vendor).
  2. Ask the responsible CNA for acceptance, reject, or dispute of report.
  3. If the responsible CNA accepts the report, the whole CNA processing is transferred to them. If they reject or dispute the report, we handle further CNA processing.
  4. If a report is eligible for a CVE assignment we will reserve a CVE, attach it to our vulnerability entry, and make it public.

Interested in the pricing of exploits?

See the underground prices here!