CNA Intelligence Hub

Analyze CVE Numbering Authorities: activity metrics, quality insights, and attribution data

-
Total CNAs
-
Active CNAs
-
Name Match Rate
-
Total CVEs

CNA Intelligence

Analytics
-
Active CVE Assigners

Comprehensive analysis of all CVE Numbering Authorities including activity metrics, KEV/EPSS correlations, volume trends, and links to CNAScorecard.

💡 "Which CNAs are most active? Which have the most exploited CVEs?"

Name Matching

Quality
-
Unmatched CNAs

CNAScorecard-style name matching analysis showing how CVE assigner names align with the official CNA registry. Identifies naming inconsistencies.

💡 "Are CVE attributions accurate? Which names don't match the registry?"

What is a CNA?

CVE Numbering Authorities (CNAs) are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities in their scope. CNAs include:

Vendors

Software companies assigning CVEs for their own products (Microsoft, Google, Apple, etc.)

Researchers

Security research organizations and bug bounty programs (HackerOne, Bugcrowd, etc.)

Coordinators

National CERTs and coordination centers (MITRE, CISA, CERT/CC, etc.)

View the official CNA list on CVE.org →