CVSSv3 02/01/2022

CVSSv3 Base

≤10
≤20
≤36
≤417
≤513
≤615
≤710
≤87
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤36
≤417
≤514
≤616
≤711
≤84
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤21
≤35
≤419
≤516
≤611
≤710
≤87
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤40
≤50
≤62
≤72
≤84
≤93
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1920983.53.5
 
 
 
 
Anchor CMS Create Post cross site scripting0.83CVE-2021-46253
1920973.53.5
 
 
 
 
Ivanti Service Manager ConfigDB Call RelocateAttachments.aspx cross site scripting0.77CVE-2021-38560
1920967.36.3
 
8.4
 
 
vim heap-based overflow0.89CVE-2022-0417
1920958.37.3
 
9.4
 
 
w-zip path traversal0.71CVE-2022-0401
1920943.53.5
 
 
 
 
NEC Data Maintenance Tool for DT900 Configuration information disclosure0.77CVE-2021-44746
1920937.88.1
 
7.4
 
 
h2o QUIC Frame uninitialized resource1.13CVE-2021-43848
1920923.53.5
 
 
 
 
Apache Superset Database Connection insufficiently protected credentials1.07CVE-2021-44451
1920915.55.5
 
 
 
 
Apache Pulsar Admin API improper authorization1.13CVE-2021-41571
1920904.34.3
 
 
 
 
GDPR Plugin Content-Type check_privacy_settings cross site scripting1.01CVE-2022-0220
1920894.34.3
 
 
 
 
Perfect Survey Plugin AJAX Action save_global_setting cross-site request forgery0.89CVE-2021-24763
1920884.34.3
 
 
 
 
LabTools Plugin cross-site request forgery1.01CVE-2021-25097
1920874.34.3
 
 
 
 
Link Library Plugin cross-site request forgery0.86CVE-2021-25092
1920863.53.5
 
 
 
 
Link Library Plugin Admin Page cross site scripting0.68CVE-2021-25091
1920853.53.5
 
 
 
 
UpdraftPlus Backup Plugin Restore Page cross site scripting0.71CVE-2021-25089
1920843.53.5
 
 
 
 
WOOF Plugin Admin Page woof_redraw_elements cross site scripting0.81CVE-2021-25085
1920834.34.3
 
 
 
 
NextScripts Social Networks Auto-Poster Plugin cross-site request forgery0.83CVE-2021-25072
1920823.53.5
 
 
 
 
Contact Form 7 Skins Plugin Admin Page cross site scripting0.89CVE-2021-25063
1920812.42.4
 
 
 
 
Asset CleanUp Page Speed Booster Plugin AJAX Action wpassetcleanup_fetch_active_plugins_icons cross site scripting0.95CVE-2021-24983
1920804.34.3
 
 
 
 
NextScripts Social Networks Auto-Poster Plugin Admin Dashboard cross site scripting0.90CVE-2021-24975
1920792.42.4
 
 
 
 
Custom Dashboard & Login Page Plugin Setting cross site scripting0.78CVE-2021-24944
1920783.53.5
 
 
 
 
Asset CleanUp Page Speed Booster Plugin Admin Page cross site scripting0.82CVE-2021-24937
1920773.53.5
 
 
 
 
Visual CSS Style Editor Plugin Admin Page cross site scripting0.77CVE-2021-24934
1920763.53.5
 
 
 
 
Domain Check Plugin cross site scripting0.57CVE-2021-24926
1920752.42.4
 
 
 
 
Ninja Tables Plugin Table Field cross site scripting0.65CVE-2021-24900
1920743.53.5
 
 
 
 
Perfect Survey Plugin Header cross site scripting0.59CVE-2021-24765
1920733.53.5
 
 
 
 
Perfect Survey Plugin Admin Dashboard cross site scripting0.65CVE-2021-24764
1920722.42.4
 
 
 
 
Learning Courses Plugin Email PDT Identity Token Setting cross site scripting1.07CVE-2021-24707
1920712.42.4
 
 
 
 
SVG Support Plugin CSS Class to Target Setting cross site scripting0.83CVE-2021-24686
1920703.53.5
 
 
 
 
RegistrationMagic Plugin cross site scripting0.90CVE-2021-24648
1920695.45.4
 
 
 
 
Link Library Plugin Link Delete authorization0.95CVE-2021-25093
1920686.36.3
 
 
 
 
Wicked Folders Plugin SQL Statement wicked_folders_save_sort_order sql injection0.88CVE-2021-24919
1920673.53.5
 
 
 
 
Document Embedder Plugin AJAX Action information disclosure0.84CVE-2021-24868
1920664.34.3
 
 
 
 
GDPR Plugin cross site scripting0.71CVE-2021-24814
1920654.34.3
 
 
 
 
Document Embedder Plugin REST Endpoint information disclosure0.62CVE-2021-24775
1920647.37.3
 
 
 
 
Perfect Survey Plugin GET Parameter get_question sql injection0.59CVE-2021-24762
1920634.34.3
 
 
 
 
Error Log Viewer Plugin cross-site request forgery0.84CVE-2021-24761
1920627.37.3
 
 
 
 
Essential Addons for Elementor Plugin Template Data path traversal1.73CVE-2022-0320
1920613.53.5
 
 
 
 
RosarioSIS Courses.php cross site scripting0.76CVE-2021-45416
1920606.24.3
 
8.1
 
 
Symfony cross-site request forgery0.89CVE-2022-23601
1920596.36.3
 
 
 
 
Sourcecodester Simple Client Management System login.php sql injection0.83CVE-2021-43510
1920586.36.3
 
 
 
 
Sourcecodester Simple Client Management System view-service.php sql injection0.95CVE-2021-43509
1920575.44.3
 
6.5
 
 
treq Cookie unknown vulnerability0.65CVE-2022-23607
1920565.54.3
 
6.8
 
 
gh-ost injection0.71CVE-2022-21687
1920554.63.3
 
5.9
 
 
radare2 null pointer dereference0.76CVE-2022-0419
1920545.55.5
 
 
 
 
Eclipse Wakaama CoAP Parser Privilege Escalation0.73CVE-2021-41040
1920532.12.0
 
2.2
 
 
Kubernetes DNS Resolution toctou0.88CVE-2020-8562
1920525.94.3
 
7.5
 
 
Junrar RAR Archive infinite loop0.71CVE-2022-23596
1920516.04.3
 
7.7
 
 
Nimforum post information disclosure0.78CVE-2022-23602
1920507.57.5
 
7.5
 
 
XStream resource consumption1.04CVE-2021-43859
1920497.97.5
 
8.3
 
 
Element Desktop Link injection0.53CVE-2022-23597

21 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!