Dispute

If an entity actively disagrees with a vulnerability entry or a CVE assigned by our CNA team, it is possible to ask for a dispute.

File a Dispute

To file a dispute, please contact us and state the following with a clear and complete rationale:

  • Which VulDB entry and/or CVE assignment you want to dispute
  • What the dispute is for (wrong data, false-positive, duplicate for example)
  • What the reasoning for the dispute is (including a proof, keep it short and professional)
In general, please consider the articles which explain what we declare as a vulnerability and when we revoke entries.

Result of a Successful Dispute

If a dispute is reasonable, we will flag the entry as disputed via the field advisory_disputed which will be shown on the web site and via the API. The reasoning statement by the disputee is added to the public entry as well.

If an entry is entirely wrong, we will revoke it and reject the associated CVE.

To provide transparency we have to quote or paraphrase a dispute rationale as required by the CVE Record Dispute Policy. Statements might be disclosed unless strictly prohibited. This complies with national and international copyright law.

Disputes for other CNA Entries

We can only process disputes for CVE entries that we are the assigned CNA. CVE entries maintained by other CNAs must be disputed by direct contact with them or their Root-CNA. Please consult the CNA Rules and the associated dispute process for more details.

Uppdaterad: 09/09/2024 förbi VulDB Documentation Team

Do you need the next level of professionalism?

Upgrade your account now!