CVE is a publicly accessible list or dictionary that catalogs known security flaws (vulnerabilities) and security-related issues (exposures) in software and hardware. Each identified issue is assigned a unique CVE identifier (CVE ID) to standardize how these vulnerabilities are referenced and discussed.
CVE lists are available from:
- The Official CVE List, maintained by MITRE
- National Vulnerability Database (NVD), hosted by NIST and searchable here
- Other Security Databases: Many other cybersecurity organizations and vendors maintain their own vulnerability databases that often include CVE information, sometimes enriched with additional details. Examples include:
For most general purposes, the MITRE CVE list and the NIST NVD are excellent and authoritative sources. The NVD often provides more detailed information and scoring.