Transparency & Authority
CVEDirectory is built on the principles of open data and global security collaboration.
The CVE® Program
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
CVEDirectory utilizes the official CVE Project repository (CVE JSON 5.0) as its primary data source. This ensures that the information we provide is aligned with global standards used by security professionals worldwide.
CC0 1.0 Universal
"No Rights Reserved. The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law..."
The data published by the CVE Project is distributed under the CC0 1.0 Universal (CC0 1.0) Public Domain Dedication. This means that the information is free to be used, modified, and distributed by anyone for any purpose.
CVEDirectory exercises these rights to exercise public communication and reproduction of this data to make it more accessible, searchable, and actionable for the security community. We believe that democratization of vulnerability data is essential for a safer internet.
Data Integrity
We process data "as-is" from the official source. While we provide analytics and visualization, we maintain the integrity of the original CVE information, allowing users to verify findings directly via official links.
Independent Status
CVEDirectory is an independent provider. We are not endorsed by or affiliated with The MITRE Corporation. Our goal is to provide a superior interface for the security research community.