Re: How to request CVE numbers?

[Marcus Meissner <meissner () suse de>]

Hi,

I concur, if you use github, its easiest workflow wise to use the Github
Security Advisories and their CVE allocation ability.

Ciao, Marcus
On Wed, Jun 10, 2026 at 05:36:03PM +0800, swing sze wrote:
> HI,
>
> https://github.com/openwrt/odhcpd/security
>
> Are you using the GitHub Security Advisor feature to submit CVEs?
>
>
> Hauke Mehrtens <hauke () hauke-m de> 于2026年6月10日周三 16:59写道：
>
> > Hi,
> >
> > How to get a CVE number as a community driven open source project
> > (OpenWrt)? We do not have a security department or a big company backing
> > us.
> >
> > Multiple security problems were reported to OpenWrt in the last few
> > months. We want to assign CVE numbers to these problems, but have
> > problems requesting numbers.
> >
> > We contacted mitre in the past, but did not got a response within 2
> > weeks. Using github security advisories worked fine 2 months ago, we got
> > a CVE number in some days. Currently this does not work any more, we are
> > already waiting for 1 week.
> >
> > How to get a CVE number?
> >
> > We (OpenWrt) are a community driven open source project and got multiple
> > reports from individuals and organizations like OpenAI.
> >
> > We requested multiple CVE Numbers on github for this project:
> > https://github.com/openwrt/odhcpd
> >
> > Hauke

-- 
Marcus Meissner (he/him), Distinguished Engineer / Senior Project Manager Security
SUSE Software Solutions Germany GmbH, Frankenstrasse 146, 90461 Nuernberg, Germany
GF: Jochen Jaser, Andrew McDonald, Werner Knoblich, HRB 36809, AG Nuernberg