SecAlerts Blog

What is a CVE ID?

A CVE ID is a 'CVE identifier', the number given to a vulnerability that includes the CVE prefix + year + sequence number (CVE-YYYY-NNNNN) e.g. CVE-2019-10766.

The sequence number at the end of the CVE ID can vary from four to seven digits. When CVE IDs were first published in 1999, the numbering sequence only allowed for a maximum of 9,999 'unique identifiers' each year. As the number of reported vulnerabilities exceeded 9,999 per year, the sequence number needed to increase accordingly and five-digit numbers were first used in January 2015 (the now-defunct Distributed Weakness Filing [DWF] CNA started assigning seven-digit CVE IDs in May, 2016).

The year that appears in the CVE ID indicates the year the vulnerability was made public and/or assigned, and not just the year it was discovered (unless it is the same year as the CVE ID is assigned).

SecAlerts doesn't assign CVE IDs but we do alert you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs) so you can keep your software updated. Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack:

Other terms concisely explained:

What is a CVE?

What is a vulnerability?

What is a CVSS?

What is a CNA?

What is a zero-day?

What is a bug bounty program?

What is CVE?

What is a Candidate Naming Authority?

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts