What is the Dfinity CNA?
Dfinity is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 5 CVE records since 2023.
How many CVEs has Dfinity published?
Dfinity has published 5 CVE records, including 4 in the last two years.
What is Dfinity's CVE data quality grade?
RadicalNotion.AI grades Dfinity's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does Dfinity publish CVEs for?
Dfinity most frequently publishes CVEs for agent-js, Candid, canister developer kit for the internet computer, cdk-rs, @dfinity/auth-client.
Which vendors does Dfinity cover?
Dfinity publishes CVEs across 1 distinct vendors, most often dfinity, Internet Computer, crates.io, rust, internet_computer.
Is Dfinity actively publishing CVEs?
Dfinity is currently active, based on 4 CVEs in the last two years.
What is the average severity of Dfinity's CVEs?
The average CVSS base score across Dfinity's scored CVEs is 7.1.
How many critical CVEs has Dfinity published?
Dfinity has published 1 critical-severity CVEs and 2 high-severity CVEs.
Are any of Dfinity's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Dfinity's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Dfinity's CVEs?
Dfinity's CVEs most often map to these CWE weakness types: CWE-401 (Missing Release of Memory after Effective Lifetime), CWE-20 (Improper Input Validation), CWE-330 (Use of Insufficiently Random Values), CWE-908 (Use of Uninitialized Resource).
How does Dfinity rank among CNAs?
By total CVE volume, Dfinity ranks #357 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
