CVSSv3 01/31/2022

CVSSv3 Base

≤10
≤20
≤30
≤46
≤54
≤62
≤76
≤83
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤46
≤54
≤64
≤74
≤83
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤47
≤52
≤62
≤76
≤83
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤92
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤62
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1920277.77.38.1
 
 
 
PrinterLogic Web Stack hard-coded key0.020.06729CVE-2021-42635
1920267.77.38.1
 
 
 
PrinterLogic Web Stack deserialization0.050.06729CVE-2021-42631
1920253.53.5
 
 
 
 
SourceCodester Stock Management System in PHP OOP Create User cross site scripting0.030.01689CVE-2021-44114
1920243.53.5
 
 
 
 
Huawei CloudEngine 7800 memory corruption0.030.00885CVE-2021-40042
1920233.53.5
 
 
 
 
Huawei CloudEngine 7800 information disclosure0.030.00885CVE-2021-40033
1920226.36.3
 
 
 
 
Stormshield Network Security ASQ memory corruption0.040.01978CVE-2021-31617
1920213.53.5
 
 
 
 
Linux Kernel bond_ipsec_add_sa null pointer dereference0.060.00890CVE-2022-0286
1920206.36.3
 
 
 
 
Victor CMS POST Request sql injection0.030.00885CVE-2021-46458
1920196.36.3
 
 
 
 
Git Pull git.cmd access control0.030.00885CVE-2021-46101
1920184.34.3
 
 
 
 
Stormshield Network Security CLI Command access control0.000.00890CVE-2021-28962
1920173.53.5
 
 
 
 
Beetel 777VR1-DI Ping Diagnostic cross site scripting0.040.00885CVE-2020-36056
1920167.37.3
 
 
 
 
SourceCodester Online Course Registration Control Panel hard-coded credentials0.040.01018CVE-2020-36064
1920153.42.7
 
4.1
 
 
Dolibarr unknown vulnerability0.030.00885CVE-2022-0414
1920144.43.3
 
5.5
 
 
juce juce_ZipFile.cpp uncompressEntry symlink0.000.01005CVE-2021-23521
1920134.73.9
 
5.5
 
 
juce Archive Extraction juce_ZipFile.cpp uncompressEntry unknown vulnerability0.040.00954CVE-2021-23520
1920126.36.3
 
 
 
 
MotionEye/MotioneEyeOS Configuration Backup unrestricted upload0.030.01978CVE-2021-44255
1920116.36.3
 
 
 
 
strongSwan Mutual Authentication improper authentication0.030.00885CVE-2021-45079
1920105.55.5
 
 
 
 
Land FAUST iServer URL Request path traversal0.050.00954CVE-2021-34805
1920096.36.3
 
 
 
 
ALPS Alpine TouchPad Driver injection0.040.00885CVE-2021-27971
1920084.34.3
 
 
 
 
Logs Plugin Controller.php actionStream information disclosure0.050.01061CVE-2022-23409
1920075.55.5
 
 
 
 
xterm Sixel Support graphics_sixel.c set_sixel buffer overflow0.040.01108CVE-2022-24130

Do you want to use VulDB in your project?

Use the official API to access entries easily!