Back to glossary

Common Vulnerabilities and Exposures (CVE)

A list of publicly disclosed cybersecurity vulnerabilities, each assigned a unique identification number.

AbbreviationCVE
Categorysecurity

Overview

CVE is a dictionary of common names for publicly known security vulnerabilities. It is maintained by the MITRE Corporation and funded by the US Department of Homeland Security. Each entry (e.g., CVE-2021-44228) provides a standardized way to identify and track a specific flaw across different tools and databases.

Structure of a CVE Entry

  • ID: The unique identifier (CVE-YYYY-NNNNN).
  • Description: A brief summary of the vulnerability and the affected software.
  • References: Links to advisories, reports, and patches.

Importance

CVE provides a common language for security professionals, allowing them to communicate clearly about threats and ensure that their security tools are covering the same set of known issues.

Related Terms

Common Vulnerability Scoring System (CVSS)Common Weakness Enumeration (CWE)National Vulnerability Database (NVD)Vulnerability Management