What is CVE (Common Vulnerabilities and Exposures)?
A globally-unique identifier for a specific disclosed software vulnerability.
Full explanation
The CVE system is maintained by MITRE. Every CVE ID follows the format CVE-YYYY-NNNNN. CVEs are assigned to specific vulnerabilities in specific software versions. The National Vulnerability Database (NVD) augments CVEs with severity scores (CVSS), impact analysis, and fix references. Modern SCA tools query CVE + NVD data to match dependencies against known vulnerabilities.
Example
CVE-2025-29927 is the Next.js middleware authentication bypass with a CVSS score of 9.1.
Related
FAQ
What is CVSS?
Common Vulnerability Scoring System — a 0-10 numeric severity score. 9.0-10.0 is Critical, 7.0-8.9 High, 4.0-6.9 Medium.