CVEs and USNs explained#

What is a CVE#

Common Vulnerabilities and Exposures (CVEs) are a way to catalogue and track public security vulnerabilities for a given software. Every CVE is identified through a unique identifier, for example CVE-2023-0465.

CVEs are maintained by the MITRE Corporation and the goal of the project is to provide naming conventions for the public known security issues while also maintaining a centralised repository for all of the security issues. This makes it easier for an organisation to submit a new security flaw though the CVE convention while also analysing any other existing CVEs in the database.

You can search for any existing CVE related to Ubuntu using the Ubuntu CVE page.

What is a USN?#

An Ubuntu Security Notice (USN) is the way that Canonical publicly catalogues and displays security vulnerabilities for Ubuntu packages. Usually, a USN is composed of one or more [CVEs](#what-is-a-cve) and it also contains update instructions to fix the issue, if a fix is already available.

USNs follow a naming convention of the format USN-5963-1.

You can search for any existing USN using the Ubuntu Security Notices page.