oss-sec mailing list archives

Re: How to request CVE numbers?

From: Michael Freeman <mfreeman () carverauto dev>
Date: Wed, 10 Jun 2026 09:17:41 -0500

You can try VulnCheck — https://www.vulncheck.com/advisories/report

On Jun 9, 2026, at 3:32 PM, Hauke Mehrtens <hauke () hauke-m de> wrote:

Hi,

How to get a CVE number as a community driven open source project (OpenWrt)? We do not have a security department or 
a big company backing us.

Multiple security problems were reported to OpenWrt in the last few months. We want to assign CVE numbers to these 
problems, but have problems requesting numbers.

We contacted mitre in the past, but did not got a response within 2 weeks. Using github security advisories worked 
fine 2 months ago, we got a CVE number in some days. Currently this does not work any more, we are already waiting 
for 1 week.

How to get a CVE number?

We (OpenWrt) are a community driven open source project and got multiple reports from individuals and organizations 
like OpenAI.

We requested multiple CVE Numbers on github for this project: https://github.com/openwrt/odhcpd

Hauke

Current thread:

How to request CVE numbers? Hauke Mehrtens (Jun 10)
- Re: How to request CVE numbers? swing sze (Jun 10)
  - Re: How to request CVE numbers? Marcus Meissner (Jun 10)
    - Re: How to request CVE numbers? Christian Brabandt (Jun 10)
    - Re: How to request CVE numbers? Lucas Holt (Jun 10)
    - Re: How to request CVE numbers? Sam Bull (Jun 10)
- Re: How to request CVE numbers? Michael Freeman (Jun 10)