CVSSv3 05/01/2022

CVSSv3 Base

≤10
≤20
≤30
≤41
≤56
≤66
≤78
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤41
≤56
≤66
≤78
≤84
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤22
≤32
≤40
≤57
≤68
≤73
≤84
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤64
≤76
≤811
≤91
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1987773.62.4
 
4.8
 
 
Shopizer Manage Files cross site scripting0.030.00885CVE-2022-23060
1987764.84.3
 
5.4
 
 
S-Cart URL cross site scripting0.060.00885CVE-2022-21149
1987755.55.5
 
 
 
 
CSV-Safe Gem csv injection0.030.00954CVE-2022-28481
1987744.84.3
 
5.3
 
 
Angular Regular Expression repeat algorithmic complexity0.030.01108CVE-2022-25844
1987735.44.3
 
6.5
 
 
pistache path traversal0.000.00885CVE-2022-26068
1987726.05.6
 
6.5
 
 
dset DSET Mode/Merge Mode code injection0.030.00954CVE-2022-25645
1987714.84.3
 
5.4
 
 
materialize-css cross site scripting0.030.00954CVE-2022-25349
1987706.35.0
 
7.7
 
 
jsgui-lang-essentials code injection0.000.00885CVE-2022-25301
1987695.64.7
 
6.5
 
 
Shopizer authorization0.020.00885CVE-2022-23061
1987686.45.3
 
7.5
 
 
convict code injection0.050.00954CVE-2022-22143
1987675.96.3
 
5.5
 
 
NanoHTTPD permission0.050.00950CVE-2022-21230
1987666.45.3
 
7.5
 
 
node-sqlite3 V8 Engine toString denial of service0.040.00954CVE-2022-21227
1987657.37.3
 
7.3
 
 
dexie setByKeyPath code injection0.040.01018CVE-2022-21189
1987646.45.3
 
7.5
 
 
libxmljs V8 parseXml buffer overflow0.020.00954CVE-2022-21144
1987636.66.3
 
6.9
 
 
com.alibaba.oneagent:one-java-agent-plugin ZIP File pathname traversal0.050.05634CVE-2022-25842
1987628.57.3
 
9.8
 
 
git-pull-or-clone spawn command injection0.030.02211CVE-2022-24437
1987617.97.3
 
8.6
 
 
org.webjars.bower:jailed alert sandbox0.020.00885CVE-2022-23923
1987607.57.5
 
7.5
 
 
ldqk Masuit.Tools Socket Client SocketClient.cs ReceiveVarData Privilege Escalation0.020.01440CVE-2022-21167
1987596.45.3
 
7.5
 
 
hoppscotch proxyscotch HTTP Request server-side request forgery0.030.00885CVE-2022-25850
1987588.06.3
 
9.8
 
 
UReport2 Console Privilege Escalation0.030.01978CVE-2022-25767
1987576.65.6
 
7.7
 
 
Google gson writeReplace deserialization0.030.01018CVE-2022-25647
1987566.75.5
 
8.0
 
 
luyadev yii-helpers csv injection0.050.01005CVE-2022-1544
1987554.11.6
 
6.6
 
 
Ping Identity PingID RSA cryptographic issues0.030.00885CVE-2021-41994
1987544.11.6
 
6.6
 
 
Ping Identity PingID RSA cryptographic issues0.030.00885CVE-2021-41993
1987536.04.1
 
8.0
 
 
Ping Identity PingID Desktop MFA Challenge cryptographic issues0.090.00885CVE-2021-42001
1987524.92.2
 
7.7
 
 
Ping Identity PingID RSA cryptographic issues0.020.00885CVE-2021-41992

Might our Artificial Intelligence support you?

Check our Alexa App!