Vaadin is now a CVE Numbering Authority

Vaadin is happy to announce that it was recently accepted as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). Membership in this program will help streamline vulnerability disclosure processes and improve the communication with security stakeholders.

The CVE program authorizes companies with CNA status to use a CVE identification for vulnerabilities within the scope of their products. These CVE IDs are then provided to researchers, vulnerability disclosure authorities and information technology vendors, facilitating effective and transparent discourse on security vulnerabilities. 

Security researchers can now work on CVEs directly with Vaadin. The status will also grant access to several CVE-compatible databases, enabling Vaadin to work in unison with other companies against attackers and improve cybersecurity in the industry.

You can find the CVE announcement here.

About the program

The CVE program was launched in 1999 by the not-for-profit MITRE Corporation. Today, there are 159 technology organizations from 26 countries participating as CNAs, and numerous global stakeholders that maintain an open data registry of vulnerabilities. Participation is voluntary, and Vaadin is the second Finnish company to join the program.

You can find the full list of CNAs and request their CVE IDs on the CVE webpage.

About us

Vaadin is an open source platform for building web applications for Java backends. Its free products and commercial services have been used to build enterprise grade Java web applications for over 20 years. 

You can learn more about Vaadin at