Accessibility
· 13 checks — Landmarks, headings, alt text, forms, and link quality rolled into one auditable list.DLink & Button QualityAction9 issue(s) across 91 links and 16 buttonsFIX
| Element | Text | Issue | Suggested Fix |
|---|---|---|---|
| /Legal/PrivacyPolicy | Privacy Policy | new tab | Add '(opens in new tab)' to text |
| https://forms.office.com/g/qmmTaYnr5y | Provide feedback | new tab | Add '(opens in new tab)' to text |
| /ResourcesSupport/FAQs#pc_cve_list_basic… | here | generic text | Replace with descriptive text |
Before: here Suggested: Faqs#Pc Cve List Basicssearch Cve | |||
| /ResourcesSupport/FAQs#pc_cve_list_basic… | here | generic text | Replace with descriptive text |
Before: here Suggested: Faqs#Pc Cve List Basicssearch Cve | |||
| /PartnerInformation/Partner | Learn More | generic text | Replace with descriptive text |
Before: Learn More Suggested: Partner | |||
| https://cveform.mitre.org/ | Report the use of a reserved C… | new tab | Add '(opens in new tab)' to text |
| https://github.com/CVEProject/cve-websit… | Website Security Policy | new tab | Add '(opens in new tab)' to text |
| https://github.com/CVEProject | github | new tab | Add '(opens in new tab)' to text |
| https://www.linkedin.com/company/cve-pro… | new tab | Add '(opens in new tab)' to text | |
| https://bsky.app/profile/cveprogram.bsky… | bluesky | new tab | Add '(opens in new tab)' to text |
| https://mastodon.social/@CVE_Program | mastodon | new tab | Add '(opens in new tab)' to text |
| https://www.youtube.com/channel/UCUHd2XF… | youtube | new tab | Add '(opens in new tab)' to text |
| https://medium.com/@CVE_Program | medium | new tab | Add '(opens in new tab)' to text |
| https://x.com/CVEnew | x-twitter icon for @CVEnew New… | new tab | Add '(opens in new tab)' to text |
| https://x.com/CVEannounce | x-twitter icon for @CVEannounc… | new tab | Add '(opens in new tab)' to text |
| https://cveform.mitre.org/ | CVE Program Support external s… | new tab | Add '(opens in new tab)' to text |
| https://forms.office.com/g/dFzysrHLpR | CVE Website Feedback Form exte… | new tab | Add '(opens in new tab)' to text |
| https://cveform.mitre.org/ | CVE Website Support external s… | new tab | Add '(opens in new tab)' to text |
| https://www.dhs.gov/ | U.S. Department of Homeland Se… | new tab | Add '(opens in new tab)' to text |
| https://www.cisa.gov/about/divisions-off… | Cybersecurity and Infrastructu… | new tab | Add '(opens in new tab)' to text |
| https://www.mitre.org/ | The MITRE Corporation external… | new tab | Add '(opens in new tab)' to text |
| <button> | (empty) | empty | Add button text or aria-label |
| <button> | (empty) | empty | Add button text or aria-label |
| <button> | (empty) | empty | Add button text or aria-label |
| <button> | (empty) | empty | Add button text or aria-label |
| <button> | (empty) | empty | Add button text or aria-label |
| <button> | (empty) | empty | Add button text or aria-label |
Generic link text like 'click here' doesn't describe the destination.
/ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve ("here"); /ResourcesSupport/FAQs#pc_cve_list_basicssearch_cve ("here"); /PartnerInformation/Partner ("Learn More")
Generic anchor text ('click here', 'read more', 'learn more') tells screen readers and search engines nothing about the destination.
Learn more ▾ ▴
Out-of-context lists of links read by AT (one navigation pattern) become useless when every link says 'click here'. Use the destination's title or topic as anchor text. Doubles as SEO win — Google passes anchor-text relevance to the destination.
Source: WCAG 2.4.4 / Google Search Central
Add '(opens in new tab)' to link text or aria-label.
/Legal/PrivacyPolicy; https://forms.office.com/g/qmmTaYnr5y; https://cveform.mitre.org/; https://github.com/CVEProject/cve-website/security/policy; https://github.com/CVEProject; https://www.linkedin.com/company/cve-program; https://bsky.app/profile/cveprogram.bsky.social; https://mastodon.social/@CVE_Program; https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/; https://medium.com/@CVE_Program (+8 more)
Links with target="_blank" without rel="noopener" leak the originating page's window context — security and UX issue.
Learn more ▾ ▴
Without rel="noopener", the new tab can navigate the original tab via window.opener (tab-nabbing attack). Modern browsers default to noopener for target=_blank but only since recent versions. Always set rel="noopener noreferrer" explicitly.
Source: MDN target / OWASP
Icon-only buttons need an aria-label so screen readers can announce them.
button.is-hidden-desktop (#74 on page); button.is-hidden-desktop (#92 on page); button.is-hidden-desktop (#104 on page); button.is-hidden-desktop (#127 on page); button.is-hidden-desktop (#145 on page); button.button (#261 on page)
Buttons with no accessible text (icon-only, no aria-label) can't be activated by voice control or understood by screen readers.
Source: WCAG 2.1 SC 4.1.2
F404 Error PageActionSoft 404 detectedFIX
The server returned HTTP 200 for a non-existent path. Search engines will index this page as real content. Configure your server to return HTTP 404 for missing pages.
FFavicon & BrandingAction2 icon(s) detectedFIX
FWeb ManifestActionInvalid JSONFIX
Manifest contains invalid JSON.
DDark Mode SupportActionNo dark mode signalsFIX
Detection limited to meta tags and inline styles.
DPrint StylesheetActionNo print stylesFIX
A+Landmark Structure6 landmarksPASS
AHeading Hierarchy14 headingsPASS
- H1 Common vulnerabilities and Exposures (CVE)
- H1 CVE duplicate H1
- H2 CVE™ Program Mission
- H3 CVE partnership
- H3 Access
- H3 Learn
- H3 Report/Request
- H3 Access Resources Based on Role
- H3 News
- H3 Events
- H4 Policies & Cookies
- H4 Media
- H5 Social Media
- H4 Contact
A page should have only one H1. Multiple H1s dilute the document outline.
Multiple H1s blur the page's primary topic — screen-reader users and Google both prefer one H1.
Learn more ▾ ▴
HTML5's outline algorithm technically allows multiple H1s within sectioning content, but no browser implements it. In practice: one H1 per page. Use H2-H6 for subsections.
Source: WCAG 2.4.6 / Google Search Central
A+Alt Text QualityAll 2 images OKPASS
AForm Accessibility1 of 1 controls have issuesPASS
| Control | Type | Label | Method |
|---|---|---|---|
| input | text | (Enter keywords (e.g.: CVE ID, sql injection, etc.)) | placeholder only |
Placeholder text disappears on focus and is not a reliable label.
<input type="text">
Placeholder-only labels disappear when the user starts typing — they must remember what the field was for.
Learn more ▾ ▴
Placeholders are NOT labels. They vanish on input, fail color contrast checks (most are gray), and don't satisfy WCAG SC 3.3.2. Always use a real <label> alongside (or aria-labelledby).
Source: WCAG 2.1 SC 3.3.2 / Nielsen Norman
A+Color Contrast (Screenshot)20 text elements analyzed, 0 fail WCAG AAPASS
Analyzes text contrast against the actual rendered page, including background images, gradients, and overlays that CSS-based tools cannot detect.
Show all checked elements (20)
| Element | Ratio | Required | FG | BG | Result |
|---|---|---|---|---|---|
| h1 Common vulnerabiliti… | 21.00:1 | 3.0:1 | #000000 | #FFFFFF | Pass |
| h1 CVE | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h2 CVE | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h2 Program Mission | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h3 CVE partnership | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h3 Access | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h3 Learn | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h3 Report/Request | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| h3 Access Resources Bas… | 20.47:1 | 3.0:1 | #000000 | #FCFCFC | Pass |
| title CVE: Common Vulnerab… | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| span Opens in a new windo… | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| span Opens an external we… | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| span Opens an external we… | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| span This website utilize… | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| a Privacy Policy | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| button Accept | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| button Deny Non-Essential | 18.81:1 | 4.5:1 | #000000 | #FAF3D1 | Pass |
| button Manage Preferences | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a Skip to main content | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
| a About | 21.00:1 | 4.5:1 | #000000 | #FFFFFF | Pass |
Methodology: The top 20 text elements by font size were checked. Background color was sampled from the desktop screenshot using a 5-point pattern. WCAG 2.1 AA requires 4.5:1 for normal text and 3:1 for large text.
A+Lighthouse Accessibility AuditsScore 97/100 — 1 failing, 28 passedPASS
Accessibility
These checks highlight opportunities to improve the accessibility of your web app. Automatic detection can only detect a subset of issues and does not guarantee the accessibility of your web app, so manual testing is also encouraged.
Best practices
Touch targets with sufficient size and spacing help users who may have difficulty targeting small controls to activate the targets. Learn more about touch targets.
Performance issues directly impact user engagement and conversion rates.
| Failing Elements |
|---|
CVE Record User Guide article.box > ul.tile-body > li.cve-task-tile-list-item > a |
CNA Partners div.column > ul > li > a |
These items highlight common accessibility best practices.