CVE - Common Vulnerabilities and Exposures

CVE is a program launched by MITRE, a nonprofit that operates federal government-sponsored research and development centers, to identify and catalog vulnerabilities in software or firmware into a free “dictionary” for organizations to use as a resource to improve their security.


"The dictionary’s main purpose is to standardize the way each known vulnerability or exposure is identified. Standard IDs allow security administrators to access technical information about a specific threat across multiple CVE-compatible information sources. CVE is sponsored by US-CERT, within the Department of Homeland Security (DHS) Office of Cybersecurity and Information Assurance (OCSIA). MITRE, maintains the CVE dictionary and public website. It also manages the CVE Compatibility Program, which promotes the use of standard CVE identifiers by authorized CVE numbering authorities (CNAs).

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.