NotCVE Mission

The mission of the NotCVE Program is to provide a common space for cybersecurity !vulnerabilities that are not acknowledged by vendors but still are serious security issues. In other words, these !vulnerabilities (read, not vulnerabilities) are security issues that would reduce the expected amount of work to be done by an attacker to successfully attack a target, but can also be fully fledged attacks on their own. We do believe !vulnerabilities should be identified, categorized and made known to the security community even when vendors refuse to acknowledge them or assign them a CVE.

If you're encountering difficulties in getting assigned a CVE, we're here to assist—either by facilitating a CVE assignment or, if that proves unsuccessful by assigning a NotCVE.

Please read theFAQ section to better understand the scope of the project: How NotCVEs are Assigned, How NotCVEs Complement's CVE efforsts, What Qualifies as a NotCVE, What does Not Qualify as a NotCVE, Can a Vendor Request a NotCVE, etc.

Powerful Vulnerability Searcher

NotCVE is now a powerful search engine for both CVEs and NotCVEs. You can use advanced search queries to find relevant vulnerabilitites affecting your products. Each vulnerability entry contains detailed information compiled from multiple sources, including CPE, CVSS, SSVC, KEV, EPSS, patches, exploits, Linux commits, and more.

For example, to easily search for Remote Code Execution vulnerabilities affecting Microsoft, and filter them by a CVSS score higher than 8, as well as by results containing the word 'Outlook' in any field (description, title, references, etc.), you just need to type in the search engine: vendor:"Microsoft" cvss:>8 RCE Outlook. More examples here.

Professional API

In response to high demand from business sector, we have also developed a Professional API, tailored to provide a comprehensive data access and real-time alerts, ensuring enhanced operational efficiency and strategic security planning.

Last updated: 6 Sep 2024