To help enable effective coordinated vulnerability disclosure, the OpenJS Foundation operates a CVE Numbering Authority (CNA) for its hosted Incubating, At Large, Impact, and Emeritus projects. Our CNA’s root is the Red Hat Open Source Root CNA