Vulnogram

Using with CVE Services

1. Access

Open Vulnogram.org for a quick start. The instance on Vulnogram.org enables CNAs to use the browser to draft, manage, and publish CVE records. To enable multiple CNA team members to collaborate on drafts in a cental place, download and set up Vulnogram in Team server mode.

Vulnogram CVE editor workspace shown in a browser window with the URL visible Access Vulnogram at https://www.vulnogram.org.

2. Login to CVE Services

Open the CVE Portal panel, select the target portal (production, test, adp-test, or local), and authenticate with your CNA short name, CVE user, and API key.

CVE Portal login dialog in Vulnogram CVE Services login form from the CVE Portal sidebar action.

3. Reserve CVE IDs

After login, use Reserve One CVE or the dropdown batch actions to reserve IDs for the current year, next year, or previous year. Use state/year filters to find reserved IDs.

CVE Portal reserve controls in Vulnogram CVE Portal reserve controls with state and year filters.

4. Enter CVE Record Details

Use the Editor tab to enter vulnerability details, affected products, references, and metrics. Switch between Editor, Source, and Preview tabs while drafting.

Vulnogram CVE editor detail form area Primary Editor form where record content is entered.

5. Publish to CVE Services

Use Publish CVE to submit the record to the currently selected portal. In test mode, publishing targets the CVE Services test environment.

Vulnogram header with Publish CVE action Top action bar with Publish CVE control.

Vulnogram drafts manager dialog showing multiple cached CVE entries Drafts Manager with sample cached CVE entries ready for bulk publish.

6. Manage Users and API Keys (Admin)

Organization administrators can open Users in the portal view to add users, update profile and role attributes, disable accounts, and reset API secrets.

CVE Portal user management popup in Vulnogram Admin-oriented Users management view in the CVE Portal.

7. How to Reject a CVE ID

Use Reject this CVE ID and Reject this ID controls to retire unused IDs or withdraw published records. The two workflows below show where each reject action lives.

a) Rejecting Unused or Unpublished CVEs

CVE list table in Vulnogram portal with reject icon highlighted for an unused CVE ID Unused/unpublished IDs can be rejected directly from Reject this CVE ID in the CVE list action column.

b) Rejecting Published CVEs

Bottom of a loaded CVE editor form with reject this CVE ID link highlighted Published records are rejected from the editor footer Reject this ID link after loading the CVE.