diff --git a/static/js/publisher/components/SectionNav/SectionNav.tsx b/static/js/publisher/components/SectionNav/SectionNav.tsx
index 9e1d7f0165..3e5f2eff5e 100644
--- a/static/js/publisher/components/SectionNav/SectionNav.tsx
+++ b/static/js/publisher/components/SectionNav/SectionNav.tsx
@@ -1,55 +1,66 @@
 import { Link } from "react-router-dom";
 import { Tabs } from "@canonical/react-components";
 
+import { usePublisher } from "../../hooks";
+
 type Props = {
   activeTab: string;
   snapName: string | undefined;
 };
 
 function SectionNav({ activeTab, snapName }: Props): React.JSX.Element {
-  return (
-    <Tabs
-      listClassName="u-no-margin--bottom"
-      links={[
-        {
-          label: "Listing",
-          active: activeTab === "listing" || !activeTab,
-          to: `/${snapName}/listing`,
-          component: Link,
-        },
-        {
-          label: "Builds",
-          active: activeTab === "builds",
-          to: `/${snapName}/builds`,
-          component: Link,
-        },
-        {
-          label: "Releases",
-          active: activeTab === "releases",
-          to: `/${snapName}/releases`,
-          component: Link,
-        },
-        {
-          label: "Metrics",
-          active: activeTab === "metrics",
-          to: `/${snapName}/metrics`,
-          component: Link,
-        },
-        {
-          label: "Publicise",
-          active: activeTab === "publicise",
-          to: `/${snapName}/publicise`,
-          component: Link,
-        },
-        {
-          label: "Settings",
-          active: activeTab === "settings",
-          to: `/${snapName}/settings`,
-          component: Link,
-        },
-      ]}
-    />
-  );
+  const { data: publisherData } = usePublisher();
+
+  const links = [
+    {
+      label: "Listing",
+      active: activeTab === "listing" || !activeTab,
+      to: `/${snapName}/listing`,
+      component: Link,
+    },
+    {
+      label: "Builds",
+      active: activeTab === "builds",
+      to: `/${snapName}/builds`,
+      component: Link,
+    },
+    {
+      label: "Releases",
+      active: activeTab === "releases",
+      to: `/${snapName}/releases`,
+      component: Link,
+    },
+    {
+      label: "Metrics",
+      active: activeTab === "metrics",
+      to: `/${snapName}/metrics`,
+      component: Link,
+    },
+    {
+      label: "Publicise",
+      active: activeTab === "publicise",
+      to: `/${snapName}/publicise`,
+      component: Link,
+    },
+    {
+      label: "Settings",
+      active: activeTab === "settings",
+      to: `/${snapName}/settings`,
+      component: Link,
+    },
+  ];
+
+  // TODO: verify if the snap has CVE data before adding the link
+  if (publisherData?.publisher?.is_canonical) {
+    links.splice(3, 0, {
+      label: "Vulnerabilities",
+      active: activeTab === "vulnerabilities",
+      to: `/${snapName}/cves`,
+      component: Link,
+    });
+  }
+
+  return <Tabs listClassName="u-no-margin--bottom" links={links} />;
 }
 
 export default SectionNav;
diff --git a/static/js/publisher/hooks/useCves.ts b/static/js/publisher/hooks/useCves.ts
new file mode 100644
index 0000000000..1b3eea905c
--- /dev/null
+++ b/static/js/publisher/hooks/useCves.ts
@@ -0,0 +1,20 @@
+import { useQuery } from "react-query";
+
+function useCves() {
+  return useQuery({
+    queryKey: ["cves"],
+    queryFn: async () => {
+      const response = await fetch(`/api/docker/3213/cves`);
+
+      if (!response.ok) {
+        throw new Error("Unable to fetch CVEs");
+      }
+
+      const responseData = await response.json();
+
+      return responseData;
+    },
+  });
+}
+
+export default useCves;
diff --git a/static/js/publisher/pages/SnapCves/SnapCves.tsx b/static/js/publisher/pages/SnapCves/SnapCves.tsx
new file mode 100644
index 0000000000..4b8de2f870
--- /dev/null
+++ b/static/js/publisher/pages/SnapCves/SnapCves.tsx
@@ -0,0 +1,295 @@
+import { useParams } from "react-router-dom";
+
+// import { setPageTitle } from "../../utils";
+import { useQuery } from "react-query";
+import { MainTable, Strip, Select, Form } from "@canonical/react-components";
+import { Dispatch, SetStateAction, useEffect, useState } from "react";
+import SectionNav from "../../components/SectionNav";
+
+interface ICve {
+  id: string;
+  status: string;
+  description: string;
+  cvss_score: number | null;
+  cvss_severity: string | null;
+  ubuntu_priority: string | null;
+  // affected binary
+  name: string;
+  version: string;
+  fixed_version: string | null;
+}
+
+const SnapCveIdCell = ({
+  id,
+  isExpanded,
+  setExpandedRow,
+  index,
+  hasDescription = false,
+}: {
+  id: string;
+  isExpanded: boolean;
+  setExpandedRow: Dispatch<SetStateAction<number | null>>;
+  index: number;
+  hasDescription?: boolean;
+}): JSX.Element => {
+  let link: string = "";
+
+  if (id.startsWith("http")) {
+    link = id;
+  } else if (id.startsWith("CVE")) {
+    link = `https://ubuntu.com/security/${id}`;
+  }
+
+  return (
+    <>
+      <button
+        className="p-button--base is-dense has-icon"
+        style={{ marginRight: "0.5rem", marginLeft: "-0.5rem" }}
+        onClick={() => {
+          if (isExpanded) {
+            setExpandedRow(null);
+          } else {
+            setExpandedRow(index);
+          }
+        }}
+        aria-expanded={isExpanded}
+        disabled={!hasDescription}
+      >
+        <i
+          className={
+            isExpanded ? "p-icon--chevron-down" : "p-icon--chevron-right"
+          }
+        ></i>
+      </button>
+      {link ? (
+        <a target="_blank" rel="noreferrer" href={link}>
+          {id}
+        </a>
+      ) : (
+        <span>{id}</span>
+      )}
+    </>
+  );
+};
+
+const SnapCveSeverityCell = ({ severity }: { severity: string | null }) => {
+  if (!severity) {
+    return (
+      <>
+        <i className="p-icon--help"></i> unknown
+      </>
+    );
+  }
+
+  const severityIcon = `p-icon--${severity}-priority`;
+
+  return (
+    <>
+      <i className={severityIcon}></i> {severity}
+    </>
+  );
+};
+
+const SnapCveStatusCell = ({
+  status,
+  fixedVersion,
+}: {
+  status: string;
+  fixedVersion: string | null;
+}) => {
+  const statusIcon = status === "fixed" ? `p-icon--success` : `p-icon--error`;
+  const statusLabel = status === "fixed" ? "fixed" : "vulnerable";
+  return (
+    <>
+      <i className={statusIcon}></i> {statusLabel}
+      {fixedVersion && (
+        <>
+          {" "}
+          <span className="u-text--muted" style={{ whiteSpace: "nowrap" }}>
+            {fixedVersion}
+          </span>
+        </>
+      )}
+    </>
+  );
+};
+
+function SnapCves(): JSX.Element {
+  const { snapId } = useParams();
+  const [currentRevision, setCurrentRevision] = useState<number | null>(null);
+  const { data: revisionsData, isLoading: isRevisionsLoading } = useQuery({
+    queryKey: ["snapRevisions", snapId],
+    queryFn: async () => {
+      const response = await fetch(`/api/${snapId}/cves`);
+      if (!response.ok) {
+        throw new Error("There was a problem fetching listing data");
+      }
+      const data = await response.json();
+      if (!data.success) {
+        throw new Error(data.message);
+      }
+
+      return data.data;
+    },
+    staleTime: 1000 * 60 * 60 * 12, // 12 hours
+    cacheTime: 1000 * 60 * 60 * 12, // 12 hours
+    refetchOnWindowFocus: false,
+  });
+
+  useEffect(() => {
+    if (!currentRevision && revisionsData?.revisions?.length) {
+      setCurrentRevision(revisionsData.revisions[0]);
+    }
+  }, [currentRevision, revisionsData]);
+
+  const { data, isLoading: isCvesLoading } = useQuery({
+    queryKey: ["cves", snapId, currentRevision],
+    queryFn: async () => {
+      const response = await fetch(`/api/${snapId}/${currentRevision}/cves`);
+
+      if (!response.ok) {
+        throw new Error("There was a problem fetching listing data");
+      }
+      const data = await response.json();
+
+      if (!data.success) {
+        throw new Error(data.message);
+      }
+
+      return data.data;
+    },
+    enabled: !!currentRevision,
+    staleTime: 1000 * 60 * 60 * 12, // 12 hours
+    cacheTime: 1000 * 60 * 60 * 12, // 12 hours
+    refetchOnWindowFocus: false,
+  });
+
+  const [expandedRow, setExpandedRow] = useState<number | null>(null);
+
+  const headers = [
+    {
+      content: "CVE ID",
+      width: "20%",
+      style: { flexBasis: "20%" },
+    },
+    {
+      content: "Severity",
+      width: "10%",
+      style: { flexBasis: "10%" },
+    },
+    { content: "Status", width: "25%", style: { flexBasis: "25%" } },
+    {
+      content: "Revision",
+      width: "10%",
+      style: { flexBasis: "10%" },
+    },
+    {
+      content: "Affected source",
+      width: "15%",
+      style: { flexBasis: "15%" },
+    },
+    {
+      content: "Source version",
+      width: "20%",
+      style: { flexBasis: "20%" },
+    },
+  ];
+
+  const getData = () => {
+    return data.map((cve: ICve, index: number) => {
+      const columns = [
+        {
+          content: (
+            <SnapCveIdCell
+              id={cve.id}
+              index={index}
+              setExpandedRow={setExpandedRow}
+              isExpanded={expandedRow === index}
+              hasDescription={!!cve.description}
+            />
+          ),
+          className: "u-truncate",
+        },
+        { content: <SnapCveSeverityCell severity={cve.cvss_severity} /> },
+        {
+          content: (
+            <SnapCveStatusCell
+              status={cve.status}
+              fixedVersion={cve.fixed_version}
+            />
+          ),
+        },
+        { content: currentRevision },
+        { content: cve.name },
+        { content: cve.version },
+      ] as { content: React.ReactNode; style?: React.CSSProperties }[];
+      columns.forEach((column, i) => {
+        column.style = headers[i].style;
+      });
+
+      return {
+        columns,
+        expanded: expandedRow === index,
+        expandedContent: <p>{cve.description}</p>,
+      };
+    });
+  };
+
+  console.table(data);
+  //   setPageTitle(`Listing data for ${snapId}`);
+
+  const isLoading = isCvesLoading || isRevisionsLoading;
+
+  const revisionSelectOptions = revisionsData?.revisions.map(
+    (revision: string) => ({
+      label: revision,
+      value: revision,
+    })
+  );
+
+  return (
+    <>
+      <h1 className="p-heading--4" aria-live="polite">
+        <a href="/snaps">My snaps</a> / <a href={`/${snapId}`}>{snapId}</a> /
+        CVEs
+      </h1>
+
+      {isLoading && (
+        <Strip shallow>
+          <p>
+            <i className="p-icon--spinner u-animation--spin"></i>&nbsp;Loading{" "}
+            {snapId} CVE data
+          </p>
+        </Strip>
+      )}
+
+      {data && (
+        <>
+          <SectionNav activeTab="vulnerabilities" snapName={snapId} />
+          <Strip shallow>
+            <Form inline>
+              <Select
+                id="revision-selector"
+                label="Revision"
+                value={currentRevision || ""}
+                onChange={(event) => {
+                  const selectedRevision = event.target.value;
+                  setCurrentRevision(parseInt(selectedRevision));
+                }}
+                options={revisionSelectOptions}
+              />
+            </Form>
+          </Strip>
+          <MainTable
+            expanding
+            paginate={20}
+            headers={headers}
+            rows={getData()}
+          />
+        </>
+      )}
+    </>
+  );
+}
+
+export default SnapCves;
diff --git a/static/js/publisher/pages/SnapCves/index.ts b/static/js/publisher/pages/SnapCves/index.ts
new file mode 100644
index 0000000000..99ac26239d
--- /dev/null
+++ b/static/js/publisher/pages/SnapCves/index.ts
@@ -0,0 +1 @@
+export { default } from "./SnapCves";
diff --git a/static/js/publisher/publisher.tsx b/static/js/publisher/publisher.tsx
index e79843787d..cf1e680e5a 100644
--- a/static/js/publisher/publisher.tsx
+++ b/static/js/publisher/publisher.tsx
@@ -2,6 +2,7 @@ import { createRoot } from "react-dom/client";
 import { createBrowserRouter, RouterProvider } from "react-router-dom";
 import { RecoilRoot } from "recoil";
 import { QueryClient, QueryClientProvider } from "react-query";
+import { ReactQueryDevtools } from "react-query/devtools";
 
 import PublisherRoot from "./routes/publisher-root";
 import Publicise from "./pages/Publicise";
@@ -17,6 +18,7 @@ import AccountSnaps from "./pages/AccountSnaps";
 import RegisterNameDispute from "./pages/RegisterNameDispute";
 import RequestReservedName from "./pages/RequestReservedName";
 import RegisterSnap from "./pages/RegisterSnap";
+import SnapCves from "./pages/SnapCves";
 
 const router = createBrowserRouter([
   {
@@ -67,6 +69,10 @@ const router = createBrowserRouter([
         path: "/:snapId/releases",
         element: <Releases />,
       },
+      {
+        path: "/:snapId/cves",
+        element: <SnapCves />,
+      },
       {
         path: "/snaps",
         element: <AccountSnaps />,
@@ -104,6 +110,7 @@ root.render(
   <RecoilRoot>
     <QueryClientProvider client={queryClient}>
       <RouterProvider router={router} />
+      <ReactQueryDevtools initialIsOpen={false} />
     </QueryClientProvider>
   </RecoilRoot>,
 );
diff --git a/static/sass/_snapcraft_cves.scss b/static/sass/_snapcraft_cves.scss
new file mode 100644
index 0000000000..37657a0967
--- /dev/null
+++ b/static/sass/_snapcraft_cves.scss
@@ -0,0 +1,36 @@
+@mixin snapcraft-cves {
+  // Icons introduced in CVE work
+  .p-icon--unknown-priority,
+  .p-icon--negligible-priority,
+  .p-icon--low-priority,
+  .p-icon--medium-priority,
+  .p-icon--high-priority,
+  .p-icon--critical-priority,
+  .p-icon--dark-tick {
+    @extend %icon;
+  }
+
+  .p-icon--unknown-priority {
+    background-image: url("#{$assets-path}2dff197f-CVE-Priority-icon-Unknown.svg");
+  }
+
+  .p-icon--negligible-priority {
+    background-image: url("#{$assets-path}ef6c75b8-CVE-Priority-icon-Negligible.svg");
+  }
+
+  .p-icon--low-priority {
+    background-image: url("#{$assets-path}03ac6f86-CVE-Priority-icon-Low.svg");
+  }
+
+  .p-icon--medium-priority {
+    background-image: url("#{$assets-path}8010f9e0-CVE-Priority-icon-Medium.svg");
+  }
+
+  .p-icon--high-priority {
+    background-image: url("#{$assets-path}3887354e-CVE-Priority-icon-High.svg");
+  }
+
+  .p-icon--critical-priority {
+    background-image: url("#{$assets-path}c96f27b9-CVE-Priority-icon-Critical.svg");
+  }
+}
diff --git a/static/sass/styles.scss b/static/sass/styles.scss
index ff6e8a9bd2..959100bf78 100644
--- a/static/sass/styles.scss
+++ b/static/sass/styles.scss
@@ -175,6 +175,9 @@ $color-social-icon-foreground: $color-light;
 @include vf-p-icon-models;
 @include vf-p-icon-edit;
 @include vf-p-icon-units;
+@import "snapcraft_cves";
+@include snapcraft-cves;
+
 
 dl {
   margin-bottom: $spv--x-large;
diff --git a/webapp/publisher/cve/cve_views.py b/webapp/publisher/cve/cve_views.py
index ab9ba4bce4..8c219e4d12 100644
--- a/webapp/publisher/cve/cve_views.py
+++ b/webapp/publisher/cve/cve_views.py
@@ -147,3 +147,48 @@ def get_cves(snap_name, revision):
     )
 
     return flask.jsonify({"success": True, **cves})
+
+@login_required
+def get_binaries(snap_name, revision):
+    # Access check
+    has_access, error_message, status_code = can_user_access_cve_data(snap_name)
+    if not has_access:
+        return (
+            flask.jsonify({"success": False, "error": error_message}),
+            status_code,
+        )
+
+    # Pagination
+    page = flask.request.args.get("page", default=1, type=int)
+    page_size = flask.request.args.get("page_size", default=10, type=int)
+
+    # Load and flatten data
+    cves = CveHelper.get_cve_with_revision(snap_name, revision)
+
+    binaries = [
+        {
+            "id": cve["id"],
+            "cvss_score": cve["cvss_score"],
+            "cvss_severity": cve["cvss_severity"],
+            "description": cve["description"],
+            "ubuntu_priority": cve["ubuntu_priority"],
+            "channels_with_fix": cve["channels_with_fix"],
+            "usns": cve["usns"],
+            "name": binary["name"],
+            "status": binary["status"],
+            "version": binary["version"],
+            "fixed_version": binary.get("fixed_version"),
+        }
+        for cve in cves
+        for binary in cve.get("affected_binaries", [])
+    ]
+
+    # TODO: decide if we want to paginate on client (current) or server
+    # Currently we return all the binaries and paginate in the table on client side
+    return flask.jsonify({
+        "success": True,
+        "total": len(binaries),
+        "page": 1,
+        "page_size": len(binaries),
+        "data": binaries,
+    })
\ No newline at end of file
diff --git a/webapp/publisher/snaps/views.py b/webapp/publisher/snaps/views.py
index 4284a9f4ac..0cc05dd194 100644
--- a/webapp/publisher/snaps/views.py
+++ b/webapp/publisher/snaps/views.py
@@ -58,6 +58,11 @@
     view_func=listing_views.get_listing_snap,
     methods=["GET"],
 )
+publisher_snaps.add_url_rule(
+    "/<snap_name>/cves",
+    view_func=listing_views.get_listing_snap,
+    methods=["GET"],
+)
 publisher_snaps.add_url_rule(
     "/api/<snap_name>/listing",
     view_func=listing_views.get_listing_data,
@@ -282,7 +287,7 @@
 # CVE API
 publisher_snaps.add_url_rule(
     "/api/<snap_name>/<revision>/cves",
-    view_func=cve_views.get_cves,
+    view_func=cve_views.get_binaries,
 )
 
 publisher_snaps.add_url_rule(