Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • update-template-cpe
  • truegreg-master-patch-e092
  • CVE-2020-13294-credit
4 results

cves

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    .gitlab
    2020
    2021
    2022
    2023
    2024
    2025
    ci
    .gitignore
    .gitlab-ci.yml
    LICENSE
    README.md
    README.md

    GitLab CVE assignments

    This project stores a copy of all Common Vulnerability Enumeration (CVE) identifiers assigned and published by GitLab in its role as a CVE Numbering Authority (CNA).



    Request a CVE Identifier
    If you are a maintainer of a public project hosted on GitLab.com

    What is a CVE?

    Common Vulnerability Enumeration identifiers, or CVEs for short, are unique names given to specific vulnerabilities found in software, or systems. They take the form of CVE-YYYY-NNNNN, where YYYY is the year when the CVE is assigned, or when it's first shared publicly, and NNNNN is a unique number for that year. This method helps keep track of vulnerabilities in an orderly way, which makes it easier to study them, and fix the problems.

    Read more on the CVE program About page.

    What is a CNA?

    CVE Numbering Authorities, or CNAs for short, are responsible for assigning CVE identifiers to vulnerabilities in software or systems they oversee. GitLab is participating in MITRE's CNA program and can assign CVE identifiers for any public projects hosted on GitLab.com.

    Read more about GitLabs role as a CNA.

    Requesting a CVE for Your Project

    If you're maintaining a public project on GitLab.com and discover a security issue, you can request a unique CVE identifier for it. Create a confidential issue in this project and remember to use the CVE Request issue template. This ensures we get all the necessary details for the assignment.

    After the issue is created, an automated system handles the submission through different stages, from validation to CVE assignment, all the way to final publishing with MITRE.

    A successful CVE request goes through the following stages:

    advisoryqueued advisoryreviewing advisoryassign-cve advisoryassigned advisorypublishing advisorypublished
    Advisory is new and awaiting validation Advisory is valid and awaiting review Advisory is reviewed and awaiting CVE number assignment Advisory is assigned a CVE ID and awaiting final approval Advisory is submitted to MITRE and awaiting status change Advisory is published and available on MITRE

    The system lets you know via issue comments about events on your CVE request throughout the process.