CVE (Common Vulnerabilities and Exposures)

CVE (Common Vulnerabilities and Exposures) is a publicly available list of disclosed cybersecurity vulnerabilities, each assigned a unique identifier (CVE ID) to provide a standard reference for discussing specific security issues.

CVE ID Format

CVE-YYYY-NNNNN

CVE-2021-44228  → Log4Shell
CVE-2017-5638   → Apache Struts RCE
CVE-2014-0160   → Heartbleed

YYYY: Year of assignment
NNNNN: Sequential number (variable digits)

CVE Lifecycle

1. Vulnerability discovered
2. CVE ID requested from CNA (CVE Numbering Authority)
3. Reserved ID assigned (may be embargoed)
4. Vulnerability publicly disclosed
5. CVE record published with details

CVE Record Contents

• Unique identifier
• Brief description
• Affected products/versions
• References (advisories, patches)
• CWE classification

Using CVE Information

# Search for CVE details
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2021-44228

# Check if software is affected
grep -r "log4j" pom.xml
npm audit
pip-audit

Related Resources

• NVD: National Vulnerability Database (adds CVSS scores)
• MITRE: CVE program maintainer
• Exploit-DB: Links CVEs to public exploits

See Also

• CWE
• CVSS
• OWASP Top 10