CVE Services CVE Services are the CVE Program’s automated tools for CVE Numbering Authority (CNA) ID assignment and record publication. JSON is the format used by CNAs for publishing CVE Records. Any CNA may use the CVE Services. Please contact your Root to register for a CVE Services Organizational Administrator (OA) Account to begin the process. Services Overview CVE Services is a CVE Program Web Application that allows members of the CVE Number Authority (CNA) community to reserve CVE IDs and publish/update/reject CVE Records 24/7. It is meant to fully automate the CVE Record publication process that is used today that often involves significant manual intervention and maintenance. CVE Services 2.1 — In 2022, the CVE Program will adopt CVE Services 2.1, which is a major upgrade that includes the CVE Record Submission and Upload Service (RSUS) and the new CVE JSON 5.0 data format. With the deployment of CVE Services 2.1, CNAs will be able to perform the most common CVE Program functions in a more efficient manner, obtaining results in the matter of minutes. Architecture The CVE Services architecture includes the following components: CVE ID Reservation (IDR) service – enables CNAs to directly reserve any number of candidate CVE IDs, or blocks of CVE IDs, in sequential or non-sequential order, for CVE ID assignments by the CNA. CVE Record Submission and Upload (RSUS) service – enables CNAs to directly populate the details of their CVE Records and upload them for publication to the CVE List. CNA User Registry – authenticates and manages the users of the services for CNA organizations. Resources on GitHub CVE Services Project cvelib (free CVE Services API) CVE Services License Contributing to CVE Services CNA sign-up CVE Services Organizational Administrator (OA) Account registration form (request from your Root) JSON Overview JSON is the format used by CNAs for publishing CVE Records. In 2022, the CVE Program will adopt CVE JSON 5.0, which is a major upgrade to JSON 4.0 that further normalizes and enriches how CVE information is presented. It adds several new data fields to CVE Records. In addition to the required data of CVE ID number, affected product(s), affected version(s), and public references, JSON 5.0 CVE Records will now include optional data such as severity scores, credit for researchers, additional languages, affected product lists, additional references, ability for community contributions, etc. This optional data will enhance CVE Records for both downstream users and the overall vulnerability management community. Learn more about How the New CVE Record Format Is a Game Changer. Resources on GitHub CVE Record Structure Mind Map CVE Record Format JSON 5.0 Schema CVE Record in JSON 5.0 Format – Basic Example CVE Record in JSON 5.0 Format – Advanced Example Schema Documentation Additional Resources Other helpful resources are hosted on the main CVE website: CVE List Downloads CVE List Search List of CNA Partners How to Partner with the CVE Program CVE Program Blog & News Updates