CVSSv3 01/21/2022

CVSSv3 Base

≤10
≤20
≤30
≤426
≤510
≤620
≤737
≤85
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤427
≤510
≤640
≤719
≤82
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤430
≤57
≤620
≤736
≤85
≤93
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤65
≤73
≤81
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1913945.05.0
 
 
 
 
EU Technical Specifications for Digital COVID Certificates Certificate certificate validation0.00CVE-2021-40855
1913935.55.5
 
 
 
 
ldns Zone File Parser ldns_nsec3_salt_data heap-based overflow0.00CVE-2020-19861
1913926.36.3
 
 
 
 
Sourcecodester Online Resort Management System sql injection0.00CVE-2021-46201
1913918.48.1
 
8.8
 
 
TP-Link TL-WA1201 DNS Response stack-based overflow0.00CVE-2021-35004
1913908.98.1
 
9.8
 
 
TP-Link Archer C90 DNS Response stack-based overflow0.03CVE-2021-35003
1913898.88.8
 
 
 
 
USBView Polkit Setting improper authentication0.06CVE-2022-23220
1913886.36.3
 
 
 
 
Project Worlds Online Examination System account.php sql injection0.05CVE-2021-46307
1913876.36.3
 
 
 
 
Sourceodester Courier Management System ajax.php sql injection0.06CVE-2021-46198
1913866.36.3
 
 
 
 
Sourcecodester Simple Music Clour Community System ajax.php sql injection0.04CVE-2021-46200
1913854.94.3
 
5.5
 
 
vim out-of-bounds read0.05CVE-2022-0319
1913843.53.5
 
 
 
 
ldns ldns_rr_new_frm_str_internal out-of-bounds read0.00CVE-2020-19860
1913834.34.3
 
 
 
 
Platinum UPnP SDK path traversal0.03CVE-2020-19858
1913823.83.8
 
3.8
 
 
loguru code injection0.00CVE-2022-0329
1913816.46.3
 
6.6
 
 
vim heap-based overflow0.03CVE-2022-0318
1913806.36.3
 
 
 
 
Google Chrome Task Manager heap-based overflow0.07CVE-2022-0311
1913796.36.3
 
 
 
 
Google Chrome Task Manager heap-based overflow0.08CVE-2022-0310
1913786.36.3
 
 
 
 
Google Chrome Autofill Remote Code Execution0.00CVE-2022-0309
1913776.36.3
 
 
 
 
Google Chrome Data Transfer use after free0.05CVE-2022-0308
1913766.36.3
 
 
 
 
Google Chrome Optimization Guide use after free0.00CVE-2022-0307
1913756.36.3
 
 
 
 
Google Chrome PDFium heap-based overflow0.00CVE-2022-0306
1913746.36.3
 
 
 
 
Google Chrome Service Worker API Remote Code Execution0.04CVE-2022-0305
1913736.36.3
 
 
 
 
Google Chrome Bookmarks use after free0.00CVE-2022-0304
1913725.05.0
 
 
 
 
Google Chrome GPU Watchdog race condition0.00CVE-2022-0303
1913716.36.3
 
 
 
 
Google Chrome Omnibox use after free0.04CVE-2022-0302
1913706.36.3
 
 
 
 
Google Chrome DevTools heap-based overflow0.00CVE-2022-0301
1913696.36.3
 
 
 
 
Google Chrome Text Input Method Editor use after free0.04CVE-2022-0300
1913686.36.3
 
 
 
 
Google Chrome Scheduling use after free0.00CVE-2022-0298
1913676.36.3
 
 
 
 
Google Chrome Vulkan use after free0.05CVE-2022-0297
1913666.36.3
 
 
 
 
Google Chrome Printing use after free0.04CVE-2022-0296
1913656.36.3
 
 
 
 
Google Chrome Omnibox use after free0.00CVE-2022-0295
1913646.36.3
 
 
 
 
Google Chrome Push Message Remote Code Execution0.05CVE-2022-0294
1913636.36.3
 
 
 
 
Google Chrome Web Packaging use after free0.06CVE-2022-0293
1913626.36.3
 
 
 
 
Google Chrome Fenced Frames Remote Code Execution0.00CVE-2022-0292
1913616.36.3
 
 
 
 
Google Chrome Storage Remote Code Execution0.05CVE-2022-0291
1913606.36.3
 
 
 
 
Google Chrome Site Isolation use after free0.03CVE-2022-0290
1913596.36.3
 
 
 
 
Google Chrome Safe Browsing use after free0.03CVE-2022-0289
1913586.76.7
 
6.7
 
 
Asus VivoMini/Mini PC SMI input validation0.04CVE-2022-21933
1913574.43.3
 
5.5
 
 
mruby null pointer dereference0.05CVE-2022-0326
1913567.37.3
 
 
 
 
Backdoor.Win32.Wollf.16 Service Port 1015 improper authentication0.04
1913557.37.3
 
 
 
 
Backdoor.Win32.Wollf.16 Service Port 1015 hard-coded credentials0.05
1913543.53.5
 
 
 
 
AFI WebACMS index.html cross site scripting0.05CVE-2021-44829
1913535.03.5
 
6.6
 
 
pimcore cross site scripting0.03CVE-2022-0285
1913523.53.5
 
 
 
 
JerryScript ecma-builtin-date-prototype.c ecma_builtin_date_prototype_dispatch_set assertion0.00CVE-2021-46351
1913513.53.5
 
 
 
 
JerryScript ecma-builtin-date-prototype.c ecma_builtin_date_prototype_dispatch_set assertion0.05CVE-2021-46346
1913503.53.5
 
 
 
 
Jerryscript ecma-helpers-value.c assertion0.04CVE-2022-22892
1913493.53.5
 
 
 
 
Jerryscript js-scanner-util.c assertion0.00CVE-2022-22890
1913483.53.5
 
 
 
 
JerryScript ecma-helpers-value.c ecma_is_value_object assertion0.00CVE-2021-46350
1913473.53.5
 
 
 
 
JerryScript ecma-literal-storage.c assertion0.00CVE-2021-46348
1913463.53.5
 
 
 
 
JerryScript lit-strings.c assertion0.00CVE-2021-46345
1913453.53.5
 
 
 
 
JerryScript js-parser-expr.c assertion0.08CVE-2021-46344

51 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!