CVE Numbering Authority (CNA)
The Python Software Foundation was authorized as a CVE Numbering Authority (CNA) in August 2023. CVE Numbering Authorities assign and manage CVE IDs and records on software vulnerabilities for projects within their scope. To learn more about the CVE program, visit the CVE website.
What projects are in scope for the PSF CNA?
Below is the complete list of projects under the PSF CNA scope. Please submit vulnerability reports to projects according to their respective security policies. Third-party redistributions of these projects are not covered, please contact those distributors for details about CVEs.
How to contact CNA operators?
If you have questions specifically for the PSF CNA you can send an email to cna@python.org and we'll reply to your request. This email address should not be used to report vulnerabilities, instead send an email to the project according to its security policy.
How to modify or dispute a CVE?
The PSF CNA responds to CVE disputes according to CNA rules. If there is an issue with an existing CVE record that the PSF has assigned, please contact the CNA operators as detailed above. Please verify that the CVE record was assigned by the PSF CNA before proceeding.