CVE For Open Source Software - Simple Request Form for a Single PUBLIC Issue
This is the simple request form for a single CVE in an Open Source product or software for an issue that is public. For closed source and other CNA's please check with Mitre at or email them at If you need more than one CVE either fill this form out multiple times, or shove everything into the "Additional Information" field. If you need an embargoed CVE this is NOT the form to use.
Contact email (your email address)
Your answer
Product name
Product Name - please use the full name the vendor/project uses (so we can search for it if need be)
Your answer
Vendor name
Name of project vendor/owner (if it exists) - needed if the project name isn't unique/well known
Your answer
Affected version
Please put an affected version (e.g. 1.2.3) or range (e.g. 1.2.3 and older)
Your answer
Fixed version
If you know the fixed version please put it here, this is not mandatory as CVE's can be assigned to issues that have not been fixed yet
Your answer
[Vendor name] [product name] version [version info] is vulnerable to a [single flaw type] in the [component] resulting [some impact].
Your answer
Sources (public URLs)
Please include at least one public URL that contains source information (such as a a link to the affected software, the affected code in GitHub, etc.).
Your answer
Additional information
Please put any additional information you think is helpful here (e.g. timelines, workaround, etc.)
Your answer
Link to license information
If the project is not well known or the license is not easily located please include a link to the license so we can confirm it is an Open Source project
Your answer
Never submit passwords through Google Forms.
This form was created inside of Seifried. Report Abuse - Terms of Service - Additional Terms
Google Forms