When are new QIDs created?

The Qualys Vulnerability and Threat Research Team investigates CVEs and will publish a detection (QID) when feasible. You can review the Vulnerability Detection Pipeline for upcoming and new QIDs. You can search the pipeline by CVE and filter by detection status.

For Linux related CVEs, such as for SUSE, RedHat and CentOS, we use an automated approach to add QID detections for CVEs only after the vendor publishes an advisory for the CVE. If the vendor does not release an advisory for the CVE, then we will not create the QID until the vendor advisory is available. These QIDs require package based detections and we need vendor confirmation for package names and patched versions.