2018 CVE List at the explain xkcd wiki!

CVE (Common Vulnerabilities and Exposures) is a standardized format for assigning an identity to a cybersecurity vulnerability (similar to the way that astronomical bodies are assigned unique identifiers by committees). Giving vulnerabilities a unique identifier makes them easier to talk about and helps in keeping track of the progress made toward resolving them. The typical format of a CVE identifier is CVE-[YEAR]-[NUMBER]. For example, the CVE identifier for 2017's widespread Meltdown vulnerability is CVE-2017-5754. CVEs also contain a short description of the issue.

In this comic (released in February 2018), Randall presents a number of spurious predicted CVEs for later in 2018. Each CVE identifier is given as “CVE-2018-?????”, reflecting the fact that they have not yet happened so we don't know exactly what their CVE identifier will be.


  • Last modified: 2019/10/10 19:57