= China National Vulnerability Database =

China National Vulnerability Database
- Jurisdiction: Mainland China
- Headquarters: Building 1, No. 8 Courtyard, Shangdi West Road, Haidian District, 100085 Beijing, China
- Employees: Classified
- Budget: Classified
- Parent Department: Ministry of State Security
- Agency Type: Cybersecurity Agency
- Logo: Chinese National Vulnerability Database logo.png

The China National Vulnerability Database (CNNVD) is one of two national vulnerability databases of the People's Republic of China. It is operated by the China Information Technology Security Evaluation Center (CNITSEC), the 13th Bureau of China's foreign intelligence service, the Ministry of State Security (MSS). As of September 28, 2020, the database has 117,454 vulnerabilities cataloged with the first entry dated January 1, 2010.

== Organization ==
The organization is operated by the China Technology Evaluation Center (, known in English as CNITSEC), which is a subsidiary office of the MSS, making the organization closely linked to the Chinese intelligence apparatus. According to its official website, CNNVD performs "analysis and information communication of security vulnerabilities of information technology products and systems; security risk assessment of information networks and important information systems of party and government organs; safety testing and evaluation of information technology products, systems and engineering construction; competency assessments and qualification reviews for information security services and professionals; theoretical research, technology research and development and the development of standards". According to ARPSyndicate, a cyber intelligence firm based in New Delhi, their vulnerability mining project VEDAS is currently tracking over 282,794 unique vulnerabilities listed in CNNVD.

The agency has been criticized as a trojan horse manipulated by Chinese intelligence in order to take advantage of vulnerabilities in order to wage cyberwarfare against foreign targets.

According to Boston-based cybersecurity firm Recorded Future, the MSS evaluates all submitted vulnerabilities before releasing them in order to determine if they can be used for the purposes of cyber-espionage; according to researchers this was demonstrated through extensive backdating of vulnerabilities.
