Home/ Glossary/ Common Vulnerabilities and Exposures

Common Vulnerabilities and Exposures (CVE)

Security Glossary - Web Security

Definition: CVE is a standardized system for identifying and naming publicly known cybersecurity vulnerabilities. Each CVE entry has a unique identifier (like CVE-2024-12345), a description of the vulnerability, and references to related advisories and patches. The CVE system is maintained by MITRE Corporation and used globally by security tools, databases, and advisories.

The Importance of CVE

CVE identifiers provide a common language for discussing vulnerabilities. When a security advisory says "this update fixes CVE-2024-12345," you can look up the exact vulnerability, its severity (via CVSS scores), affected versions, and available patches. This standardization is essential for vulnerability management.

For website operators, CVE tracking is important for the software you run: web servers (Apache, Nginx), programming languages (Node.js, Python), frameworks (React, Django, Express), and dependencies. When a CVE is published for software you use, you need to assess whether you are affected and apply patches promptly.

Dependency scanning tools (Snyk, npm audit, Dependabot) automatically check your project's dependencies against CVE databases and alert you to known vulnerabilities. Running these scans regularly and acting on findings is a core security practice.

How to Test for CVE

Run dependency audit tools (npm audit for Node.js, pip audit for Python) to check your software for known CVEs. A security audit checks your visible server software for known vulnerabilities. Subscribe to security advisories for the frameworks and libraries you use.

Run a Security Audit

CVE FAQ

How do I check if my dependencies have CVEs?
Run npm audit (Node.js), pip audit (Python), or use automated tools like Snyk, Dependabot, or GitHub's security alerts. These compare your dependency versions against the CVE database and report known vulnerabilities.
How quickly should I patch a CVE?
Critical and high-severity CVEs that affect your software should be patched within days. Medium-severity CVEs within weeks. The urgency depends on whether the vulnerability is being actively exploited and whether your configuration is affected.

Related Concepts

Zero-Day Vulnerability OWASP Top 10 Security Headers Overview Web Application Firewall Penetration Testing
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.