DWF Open Source Request Form v2
This is the simple request form for a single CVE in an Open Source product or software for an issue that is public. For closed source and other CNA's please check with Mitre at
or email them at
. If you need more than one CVE either fill this form out multiple times, or shove everything into the "Additional Information" field. If you need an embargoed CVE this is NOT the form to use.
Requestor email address:
Your contact email address:
Product Name - please use the full name the vendor/project uses (so we can search for it if need be)
Vendor or project name:
Name of project vendor/owner (if it exists) - needed if the project name isn't unique/well known
Please put an affected version (e.g. 1.2.3) or range (e.g. 1.2.3 and older)
Version fixed (if known):
If you know the fixed version please put it here, this is not mandatory as CVE's can be assigned to issues that have not been fixed yet
Affected component (if known):
Affected function name, line of code, functionality (e.g. image upload)
Has the project confirmed or acknowledged the vulnerability?
Has the upstream project been contacted and replied yet
Vulnerability type (if unknown use "other" and explain):
Cross Site Request Forgery (CSRF)
Cross Site Scripting (XSS)
Incorrect Access Control
Missing SSL certification verification
Other or Unknown
XML External Entity (XXE)
Vulnerability type if other:
Impact of issue (select more than one if needed):
Denial of Service
Escalation of Privileges
Impact of issue if other:
Attack vector / exploitation:
If known please provide information on how this issue is exploited or what the attack vector is
Suggested Description of issue for CVE database:
Example format: [Vendor name] [product name] version [version info] is vulnerable to a [single flaw type] in the [component] resulting [some impact].
Short title of issue:
If the description is very long please provide a short title such as "Buffer overflow in Foo version 1.2"
Additional notes / original advisory:
Please add any additional notes, the original advisory or other additional information if available:
Reference URLs (must be public, e.g. no login required):
Person/People/Organization that helped discover or process this vulnerability:
Never submit passwords through Google Forms.
This form was created inside of Seifried.
Terms of Service