Secur0
Menu
Contact
Hacker area
ES
Secur0 is a CNA

CVE Numbering Authority

Secur0 is authorized by MITRE to assign official CVE identifiers to vulnerabilities discovered by our network of ethical hackers.

View published vulnerabilities
How it works

What is a CNA?

A CNA (CVE Numbering Authority) is an organization authorized by the CVE Program to assign unique identifiers to vulnerabilities within a defined scope, without going through a third party. These identifiers (format CVE-YYYY-NNNN) are the worldwide standard for referencing security flaws.

Joining the CVE Program as a CNA means following strict processes for validation, coordinated disclosure, and communication with researchers and affected vendors.

What does Secur0 do as a CNA?

As a CNA, Secur0 validates, assigns, and publishes CVE identifiers for vulnerabilities reported by our network of researchers. We also coordinate responsible disclosure with affected vendors.

Specifically:

We validate reports

  • Reproducibility
  • Impact and severity
  • CNA scope

We assign CVE IDs

  • Official identifier
  • Published in MITRE
  • Public traceability

We coordinate disclosure

  • Vendor contact
  • Responsible timelines

We publish advisories

  • Technical description
  • Mitigations

Published vulnerabilities

Browse the full list of CVEs assigned and published by Secur0 as a CNA.

View published vulnerabilities

How the process works

From receiving the report to publishing the advisory, we follow a clear and coordinated flow.

1. Report

A researcher submits the vulnerability through the responsible disclosure process.

2. Validation

We verify reproducibility, scope, and technical impact.

3. Assignment

We assign an official CVE ID and coordinate with the affected vendor.

4. Publication

We publish the technical advisory in the public listing once resolved.

FAQ about CNA

Who can request a CVE from Secur0?

Researchers who report a vulnerability within our CNA scope via the responsible disclosure process.

How long does CVE assignment take?

It depends on validation and coordination with the affected vendor. We aim for a fast process without sacrificing rigor.

What is Secur0's CNA scope?

Vulnerabilities discovered through Secur0 programs and services, except those already covered by another CNA.

Where do I report a vulnerability?

Through our platform: https://app.secur0.com/programs

Still have questions?

Email us at cna@secur0.com