CVSSv3 03/15/2022

CVSSv3 Base

≤10
≤20
≤30
≤48
≤513
≤618
≤724
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤47
≤514
≤626
≤715
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤415
≤521
≤612
≤714
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤57
≤62
≤79
≤86
≤910
≤104

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1954506.36.3
 
 
 
 
Apple Safari WebKit unknown vulnerability0.04CVE-2022-22637
1954496.36.3
 
 
 
 
Apple Safari WebKit buffer overflow0.03CVE-2022-22629
1954486.36.3
 
 
 
 
Apple Safari WebKit use after free0.03CVE-2022-22628
1954476.36.3
 
 
 
 
Apple Safari WebKit use after free0.03CVE-2022-22624
1954466.36.3
 
 
 
 
Apple Safari WebKit memory corruption0.00CVE-2022-22610
1954456.36.3
 
 
 
 
Apple Safari Address Bar improper restriction of rendered ui layers0.09CVE-2022-22654
1951243.73.7
 
 
 
 
Apache CloudStack Project Invitation entropy0.05CVE-2022-26779
1951235.35.3
 
 
 
 
OpenSSL Non-prime Moduli BN_mod_sqrt denial of service0.74CVE-2022-0778
1951224.34.3
 
4.3
 
 
IBM Engineering Workflow Management Build Definition information disclosure0.06CVE-2020-4989
1951216.45.3
 
7.5
 
 
Bareos PAM Authentication memory leak0.07CVE-2022-24756
1951208.57.3
 
9.8
 
 
SyliusGridBundle Sorter.php sql injection0.03CVE-2022-24752
1951198.16.3
 
9.9
 
 
TIBCO JasperReports Library/JasperReports Server pathname traversal0.06CVE-2022-22771
1951184.62.4
 
6.8
 
 
microweber cross site scripting0.03CVE-2022-0954
1951175.94.3
 
7.6
 
 
star7th showdoc File Upload cross site scripting0.07CVE-2022-0957
1951165.74.3
 
7.1
 
 
star7th showdoc File Upload cross site scripting0.07CVE-2022-0956
1951156.36.3
 
 
 
 
Tiny File Manager File Upload tinyfilemanager.php path traversal0.07CVE-2021-45010
1951145.83.5
 
8.2
 
 
pimcore cross site scripting0.06CVE-2022-0894
1951135.13.5
 
6.8
 
 
pimcore cross site scripting0.09CVE-2022-0893
1951126.24.3
 
8.2
 
 
star7th showdoc File Upload cross site scripting0.04CVE-2022-0951
1951116.26.3
 
6.1
 
 
CVRF-CSAF-Converter xml external entity reference0.03CVE-2022-27193
1951106.46.3
 
6.5
 
 
star7th showdoc unrestricted upload0.12CVE-2022-0950
1949483.82.7
 
4.9
 
 
IBM Data Virtualization on Cloud Pak for Data Data Masking Rule information disclosure0.04CVE-2021-38971
1949473.53.5
 
 
 
 
Tribal Systems Zenario CMS SVG File cross site scripting0.03CVE-2021-41952
1949466.54.3
 
8.8
 
 
SmarterTools SmarterTrack cross site scripting0.03CVE-2022-24384
1949456.23.5
 
9.0
 
 
star7th ShowDoc File Upload cross site scripting0.04CVE-2022-0945
1949446.23.5
 
9.0
 
 
star7th ShowDoc File Upload cross site scripting0.25CVE-2022-0962
1949436.23.5
 
9.0
 
 
star7th ShowDoc File Upload cross site scripting0.03CVE-2022-0960
1949426.23.5
 
9.0
 
 
star7th ShowDoc File Upload cross site scripting0.09CVE-2022-0946
1949416.54.3
 
8.8
 
 
SmarterTools SmarterTrack cross site scripting0.00CVE-2022-24386
1949405.84.3
 
7.3
 
 
star7th ShowDoc File Upload cross site scripting0.09CVE-2022-0941
1949395.24.3
 
6.1
 
 
Sylius SVG File cross site scripting0.06CVE-2022-24749
1949387.36.3
 
8.4
 
 
vim heap-based overflow0.06CVE-2022-0943
1949373.13.1
 
 
 
 
Canon imagePROGRAF/imageRUNNER TLS Certificate risky encryption0.03CVE-2022-26351
1949363.13.1
 
 
 
 
Fujifilm Apeos Rambus SafeZone Basic Crypto Module risky encryption0.19CVE-2022-26320
1949355.55.5
 
 
 
 
GPAC script_dec.c SFS_AddString heap-based overflow0.07CVE-2022-24578
1949346.85.5
 
8.1
 
 
libvcs URL Parameter update_repo argument injection0.03CVE-2022-21187
1949333.53.5
 
 
 
 
GPAC gf_utf8_wcslen null pointer dereference0.03CVE-2022-24577
1949325.55.5
 
 
 
 
GPAC MP4Box use after free0.15CVE-2022-24576
1949315.55.5
 
 
 
 
GPAC MP4Box stack-based overflow0.03CVE-2022-24575
1949303.53.5
 
 
 
 
GPAC gf_dump_vrml_field.isra null pointer dereference0.00CVE-2022-24574
1949297.37.3
 
 
 
 
Lua Garbage Collector lgc.c use after free0.12CVE-2021-44964
1949286.36.3
 
 
 
 
Tribal Systems Zenario CMS unrestricted upload0.08CVE-2021-42171
1949276.94.7
 
9.1
 
 
SmarterTrack Config unrestricted upload0.13CVE-2022-24387
1949266.26.3
 
6.1
 
 
Sylius X-Frame-Options Header improper restriction of rendered ui layers0.07CVE-2022-24733
1949256.94.7
 
9.1
 
 
sqlpad Test Endpoint injection0.04CVE-2022-0944
1949246.35.6
 
7.1
 
 
Sylius Password Change session expiration0.05CVE-2022-24743
1949233.92.8
 
5.0
 
 
Sylius Logout information disclosure0.10CVE-2022-24742
1949225.35.6
 
5.0
 
 
Volto Cookie improper authentication0.06CVE-2022-24740
1949214.34.3
 
 
 
 
Clickhouse Gorilla Compression Codec divide by zero0.03CVE-2021-42391
1949204.34.3
 
 
 
 
Clickhouse DeltaDouble Compression Codec divide by zero0.06CVE-2021-42390

17 more entries are not shown

Do you want to use VulDB in your project?

Use the official API to access entries easily!