CVSSv3 04/14/2022

CVSSv3 Base

≤10
≤20
≤30
≤48
≤59
≤69
≤715
≤814
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤48
≤510
≤69
≤716
≤813
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤413
≤510
≤69
≤79
≤814
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤55
≤62
≤73
≤84
≤98
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1973478.38.8
 
7.8
 
 
McAfee Agent Repair privileges management0.03CVE-2022-1256
1973465.55.5
 
 
 
 
Nginx njs Array Array.prototype.concat buffer overflow0.00CVE-2022-27008
1973455.55.5
 
 
 
 
Nginx njs njs_function_frame_alloc use after free0.00CVE-2022-27007
1973443.53.5
 
 
 
 
COINS Construction Cloud IFRAME cross site scripting0.00CVE-2021-45227
1973435.24.3
 
6.1
 
 
McAfee Agent Database File insecure storage of sensitive information0.00CVE-2022-1257
1973423.53.5
 
 
 
 
COINS Construction Cloud cross site scripting0.00CVE-2021-45228
1973416.24.1
 
8.4
 
 
McAfee ePolicy Orchestrator sql injection0.00CVE-2022-1258
1973405.55.5
 
 
 
 
GoCD unrestricted upload0.00CVE-2021-43290
1973395.55.5
 
 
 
 
GoCD unrestricted upload0.00CVE-2021-43289
1973383.53.5
 
 
 
 
GoCD Job Report cross site scripting0.00CVE-2021-43288
1973374.34.3
 
 
 
 
GoCD information disclosure0.00CVE-2021-43287
1973365.55.5
 
 
 
 
GoCD Test Connection command injection0.00CVE-2021-43286
1973357.37.3
 
 
 
 
AT&T Xmill XML Decompression DecodeTreeBlock heap-based overflow0.00CVE-2022-26507
1973345.35.3
 
 
 
 
MariaDB row0mysql.cc rel_pos assertion0.07CVE-2022-27448
1973333.53.5
 
 
 
 
Sourcecodester Messaging Web Application Chat cross site scripting0.05CVE-2021-43633
1973327.37.3
 
 
 
 
MariaDB sql_string.h free_buffer use after free0.04CVE-2022-27458
1973317.37.3
 
 
 
 
MariaDB ctype-latin1.c my_mb_wc_latin1 use after free0.03CVE-2022-27457
1973307.37.3
 
 
 
 
MariaDB sql_type.cc VDec use after free0.05CVE-2022-27456
1973297.37.3
 
 
 
 
MariaDB item_cmpfunc.cc memory corruption0.03CVE-2022-27452
1973287.37.3
 
 
 
 
MariaDB field_conv.cc memory corruption0.03CVE-2022-27451
1973277.37.3
 
 
 
 
MariaDB item_func.cc memory corruption0.08CVE-2022-27449
1973267.37.3
 
 
 
 
MariaDB sql_string.h free_buffer use after free0.06CVE-2022-27447
1973256.36.3
 
 
 
 
MariaDB item_cmpfunc.h memory corruption0.00CVE-2022-27446
1973247.37.3
 
 
 
 
MariaDB sql_window.cc memory corruption0.03CVE-2022-27445
1973236.36.3
 
 
 
 
MariaDB item_subselect.cc memory corruption0.03CVE-2022-27444
1973227.37.3
 
 
 
 
MariaDB ctype-simple.c my_wildcmp_8bit_impl use after free0.00CVE-2022-27455
1973214.62.4
 
6.8
 
 
pimcore cross site scripting0.03CVE-2022-1351
1973205.13.7
 
6.5
 
 
ebics-java-client EBICS Mesage risky encryption0.00CVE-2022-1279
1973193.53.5
 
 
 
 
Citrix StoreFront SAML Authentication cross site scripting0.00CVE-2022-27503
1973186.94.3
 
9.6
 
 
causefx organizr cross site scripting0.04CVE-2022-1347
1973176.23.5
 
9.0
 
 
causefx organizr cross site scripting0.00CVE-2022-1346
1973166.23.5
 
9.0
 
 
causefx organizr SVG File Upload cross site scripting0.04CVE-2022-1345
1973156.23.5
 
9.0
 
 
causefx organizr cross site scripting0.03CVE-2022-1344
1973146.45.3
 
7.5
 
 
Gin-vue-admin Parameter Validation path traversal0.06CVE-2022-24843
1973133.53.5
 
 
 
 
Citrix SD-WAN Standard Edition Appliance cross site scripting0.00CVE-2022-27505
1973126.86.8
 
 
 
 
Citrix SD-WAN Center Management Console CLI hard-coded credentials0.04CVE-2022-27506
1973114.34.3
 
4.3
 
 
Mattermost Image Proxy resource consumption0.04CVE-2022-1337
1973104.34.3
 
4.3
 
 
Mattermost API information disclosure0.03CVE-2022-1332
1973095.35.3
 
5.3
 
 
wire-server Time Parsing resource consumption0.03CVE-2021-41119
1973083.53.5
 
3.5
 
 
Playbooks Plugin Webhook allocation of resources0.04CVE-2022-1333
1973076.36.3
 
 
 
 
Autodesk AutoCAD 2022 DWG File buffer overflow0.05CVE-2022-25795
1973064.34.3
 
 
 
 
Autodesk TrueView 2022 DWG File out-of-bounds read0.04CVE-2022-27524
1973056.36.3
 
 
 
 
Autodesk TrueView 2022 DWG File buffer overflow0.08CVE-2022-27523
1973046.36.3
 
 
 
 
Autodesk TrueView 2021/TrueView 2022 DWG File memory corruption0.04CVE-2022-25797
1973037.27.2
 
7.2
 
 
GeoServer JNDI Lookup deserialization0.06CVE-2022-24847
1973027.77.2
 
8.2
 
 
GeoTools JNDI Lookup deserialization0.05CVE-2022-24818
1973018.67.3
 
10.0
 
 
JAI-EXT Janino code injection0.08CVE-2022-24816
1973006.36.3
 
 
 
 
Apache Superset Chart Data Request sql injection0.03CVE-2022-27479
1972994.34.3
 
4.3
 
 
Yooslider Yoo Slider Template Import cross-site request forgery0.00CVE-2022-27847
1972984.34.3
 
4.3
 
 
Yooslider Yoo Slider cross-site request forgery0.00CVE-2022-27846

8 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!