CVSSv3 06/19/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1570746.37.35.3
 
 
Apache Archiva LDAP LDAP injection0.04CVE-2020-9495
1570735.44.36.5
 
 
Ruby on Rails rails-ujs Module cross-site request forgery0.06CVE-2020-8167
1570728.57.39.8
 
 
Ruby on Rails MemCacheStore/RedisCacheStore deserialization0.05CVE-2020-8165
1570713.33.33.3
 
 
VMware Tools HGFS input validation0.07CVE-2020-3972
1570688.06.39.8
 
 
DMitry Whois nic_format_buff out-of-bounds write0.06CVE-2020-14931
1570675.93.78.1
 
 
BT CTROMS Terminal OS Port Portal CT-464 Password Reset getverificationcode.jsp improper authentication0.00CVE-2020-14930
1570665.63.77.5
 
 
Alpine Mail Client information disclosure0.00CVE-2020-14929
1570654.93.56.3
 
 
GitLab Community Edition/Enterprise Edition Mirror information disclosure0.05CVE-2020-13277
1570647.47.47.4
 
 
GitLab Community Edition/Enterprise Edition Notification privileges management0.00CVE-2020-13276
1570636.75.58.0
 
 
GitLab Enterprise Edition Group privileges management0.07CVE-2020-13275
1570626.45.37.5
 
 
GitLab Community Edition/Enterprise Edition memory allocation0.04CVE-2020-13274
1570616.45.37.5
 
 
GitLab Community Edition/Enterprise Edition denial of service0.02CVE-2020-13273
1570606.25.07.5
 
 
GitHub Community Edition/Enterprise Edition OAuth privileges management0.09CVE-2020-13272
1570595.36.34.3
 
 
GitLab Community Edition/Enterprise Edition Email Verification privileges management0.04CVE-2020-13265
1570585.35.35.3
 
 
GitLab Community Edition/Enterprise Edition Kubernetes Cluster Token information disclosure0.05CVE-2020-13264
1570576.25.07.5
 
 
GitLab Enterprise Edition Project Maintainer Impersonation privileges management0.00CVE-2020-13263
1570566.67.16.1
 
 
GitLab Community Edition/Enterprise Edition Mermaid Payload privileges management0.05CVE-2020-13262
1570555.35.35.3
 
 
GitLab Community Edition/Enterprise Edition HTML Source Code Credentials information disclosure0.04CVE-2020-13261
1570547.17.17.1
 
 
jaegertracing jaeger Kafka Data Store Credentials log file0.06CVE-2020-10750
1570536.54.38.8
 
 
Woocommerce CSV Import class-wc-product-csv-importer-controller.php cross-site request forgery0.00CVE-2019-20891
1570527.56.38.8
 
 
Mattermost Server input validation0.04CVE-2018-21264
1570515.36.34.3
 
 
Mattermost Server Access Restriction permission assignment0.05CVE-2018-21256
1570505.87.34.3
 
 
Mattermost Server Signup permission assignment0.04CVE-2018-21252
1570497.47.37.5
 
 
Rack Module Cookie Remote Code Execution0.06CVE-2020-8184
1570486.45.37.5
 
 
Ruby on Rails deserialization0.05CVE-2020-8164
1570477.47.37.5
 
 
Ruby on Rails ActiveStorage S3 Adapter Remote Code Execution0.05CVE-2020-8162
1570467.37.37.3
 
 
casperjs mergeObjects Prototype privileges management0.06CVE-2020-7679
1570456.75.48.1
 
 
SAP EC-CUBE path traversal0.00CVE-2020-5590
1570444.74.15.4
 
 
IBM DOORS Next Generation Web UI cross site scriting0.07CVE-2020-4297
1570434.74.15.4
 
 
IBM DOORS Next Generation Web UI cross site scriting0.00CVE-2020-4295
1570424.74.15.4
 
 
IBM DOORS Next Generation Web UI cross site scriting0.05CVE-2020-4281
1570413.62.44.8
 
 
Navigate CMS Alias cross site scripting0.04CVE-2020-14927
1570404.43.55.4
 
 
CMS Made Simple cross site scripting0.00CVE-2020-14926
1570395.75.36.1
 
 
Dolibarr ERP CRM notice.php Reflected cross site scripting0.00CVE-2020-14475
1570385.44.36.5
 
 
Octopus Deploy Deployment Password insufficiently protected credentials0.06CVE-2020-14470
1570374.74.15.4
 
 
Caldera Operation Name Box cross site scripting0.05CVE-2020-14462
1570366.46.36.5
 
 
Mattermost Server OAuth Application privileges management0.06CVE-2020-14460
1570357.47.37.5
 
 
Mattermost Server Channel input validation0.04CVE-2020-14459
1570346.45.37.5
 
 
Mattermost Server API information disclosure0.04CVE-2020-14458
1570335.35.35.3
 
 
Mattermost Server Websocket authorization0.06CVE-2020-14457

Do you want to use VulDB in your project?

Use the official API to access entries easily!