What is a CVE ID?

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

A CVE ID is a 'CVE identifier', the number given to a vulnerability that includes the CVE prefix + year + sequence number (CVE-YYYY-NNNNN) e.g. CVE-2019-10766.

The sequence number at the end of the CVE ID can vary from four to seven digits. When CVE IDs were first published in 1999, the numbering sequence only allowed for a maximum of 9,999 'unique identifiers' each year. As the number of reported vulnerabilities exceeded 9,999 per year, the sequence number needed to increase accordingly and five-digit numbers were first used in January 2015 (the now-defunct Distributed Weakness Filing [DWF] CNA started assigning seven-digit CVE IDs in May, 2016).

The year that appears in the CVE ID indicates the year the vulnerability was made public and/or assigned, and not just the year it was discovered (unless it is the same year as the CVE ID is assigned).

SecAlerts doesn't assign CVE IDs but we do alert you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs) so you can keep your software updated. Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack:

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203