CVSSv3 08/24/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1813984.34.3
 
 
 
go-ethereum Consensus denial of service2.46CVE-2021-39137
1813973.53.5
 
 
 
SQLite SQL Query idxGetTableInfo denial of service0.27CVE-2021-36690
1813965.55.5
 
 
 
Plib ssgLoadTGA.cxx ssgLoadTGA integer overflow0.19CVE-2021-38714
1813954.64.6
 
 
 
Joomla File Deletion Command permission0.25CVE-2021-26040
1813947.37.3
 
 
 
OpenSSL SM2 Data EVP_PKEY_decrypt buffer overflow2.11CVE-2021-3711
1813933.73.7
 
 
 
OpenSSL ASN.1 X509_get1_ocsp out-of-bounds read1.70CVE-2021-3712
1813926.36.3
 
 
 
Philips Healthcare Tasy Electronic Medical Record executaConsultaEspecifico sql injection0.14CVE-2021-39376
1813916.36.3
 
 
 
Philips Healthcare EMR getDimensionItemsByCode sql injection0.11CVE-2021-39375
1813908.08.0
 
 
 
RaspAP raspap-webgui enablelog.sh permission0.08CVE-2021-38557
1813897.37.3
 
 
 
Cerner Mobile Care default.aspx xp_cmdshell sql injection0.06CVE-2021-36385
1813885.55.5
 
 
 
Apache NiFi MiNiFi C++ c2 Protocol os command injection0.08CVE-2021-33191
1813873.53.5
 
 
 
NASCENT RemKon Device Manager Log readLog.php pathname traversal0.08CVE-2021-38612
1813865.55.5
 
 
 
RaspAP configure_client.php command injection0.11CVE-2021-38556
1813858.08.0
 
 
 
NASCENT RemKon Device Manager Image Upload index.php os command injection0.22CVE-2021-38611
1813846.36.3
 
 
 
LG N1T1 Network Attached Storage checkInstall.php os command injection0.11CVE-2021-38306
1813837.37.3
 
 
 
SmartDataSoft SmartBlog archive.php sql injection0.22CVE-2021-37538
1813826.36.3
 
 
 
NASCENT RemKon Device Manager Image Upload index.php unrestricted upload0.11CVE-2021-38613
1813814.34.3
 
 
 
joplin cross-site request forgery0.19CVE-2021-23431
1813806.36.3
 
 
 
mootools Object.merge Remote Code Execution0.22CVE-2021-23432
1813795.35.3
 
 
 
startserver pathname traversal0.14CVE-2021-23430
1813785.35.3
 
 
 
transpile to denial of service0.13CVE-2021-23429
1813775.65.6
 
 
 
pac-resolver PAC File Remote Code Execution0.08CVE-2021-23406
1813763.53.5
 
 
 
flatCore-CMS Image Upload cross site scripting0.14CVE-2021-39609
1813756.36.3
 
 
 
D-Link DVG-3104MS passwd hard-coded credentials0.24CVE-2021-39613
1813746.36.3
 
 
 
D-Link DVX-2000MS passwd hard-coded credentials0.08CVE-2021-39614
1813733.53.5
 
 
 
Huawei S12700/S5700/S6700/S7700 Message denial of service0.11CVE-2021-22357
1813723.53.5
 
 
 
Huawei CloudEngine 7800 Packet denial of service0.06CVE-2021-22328
1813715.05.0
 
 
 
GitLab Enterprise Edition Deployment improper authorization0.08CVE-2021-22253
1813703.53.5
 
 
 
GitLab Community Edition/Enterprise Edition CI Variable information disclosure0.08CVE-2021-22252
1813697.57.5
 
 
 
SteelSeries Device Driver Installer access control0.06
1813684.34.3
 
 
 
GitLab Enterprise Edition Group Setting access control0.08CVE-2021-22251
1813675.35.3
 
 
 
GitLab Community Edition/Enterprise Edition Pipeline Information improper authorization0.17CVE-2021-22248
1813663.53.5
 
 
 
libav vc1_block.c vc1_decode_p_mb_intfi denial of service0.11CVE-2020-18778
1813653.53.5
 
 
 
libav vc1_block.c vc1_decode_b_mb_intfr denial of service0.03CVE-2020-18776
1813643.53.5
 
 
 
libav vc1_block.c vc1_decode_b_mb_intfi denial of service0.08CVE-2020-18775
1813633.53.5
 
 
 
Exiv2 Exception tags_int.cpp denial of service0.29CVE-2020-18774
1813623.53.5
 
 
 
Exiv2 tif File iptc.cpp denial of service0.11CVE-2020-18773
1813613.53.5
 
 
 
Exiv2 Global Buffer nikonmn_int.cpp print0x0088 information disclosure0.03CVE-2020-18771
1813603.53.5
 
 
 
Eclipse Cyclone DDS Subscriber dds_stream.c heap-based overflow0.11CVE-2020-18735
1813593.53.5
 
 
 
Eclipse Cyclone DDS Subscriber q_bitset.h stack-based overflow0.06CVE-2020-18734
1813583.53.5
 
 
 
airpig2011 IEC104 Iec104_Deal_FirmUpdate denial of service0.03CVE-2020-18731
1813573.53.5
 
 
 
airpig2011 IEC104 Iec104_Deal_I denial of service0.11CVE-2020-18730
1813562.62.6
 
 
 
Angular Application cross site scripting0.03
1813554.34.3
 
 
 
Miniftpd ftpproto.c do_mkd buffer overflow0.08CVE-2021-39602
1813546.36.3
 
 
 
Huawei Elf-G10HN improper authorization0.17CVE-2021-22449
1813534.34.3
 
 
 
GitLab Enterprise Edition information exposure0.11CVE-2021-22249
1813526.36.3
 
 
 
D-Link DSR-500N SSH/Telnet passwd hard-coded credentials0.08CVE-2021-39615
1813515.05.0
 
 
 
XStream Security Framework deserialization0.03CVE-2021-39154
1813505.05.0
 
 
 
XStream Security Framework deserialization0.11CVE-2021-39153
1813495.05.0
 
 
 
XStream Security Framework deserialization0.06CVE-2021-39151

Do you want to use VulDB in your project?

Use the official API to access entries easily!