CVSSv3 06/11/2022

CVSSv3 Base

≤10
≤20
≤31
≤44
≤56
≤63
≤718
≤83
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤45
≤55
≤68
≤714
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤46
≤56
≤68
≤712
≤82
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤40
≤52
≤63
≤70
≤88
≤93
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2016246.36.3
 
 
 
 
Google Chrome ANGLE use after free0.07CVE-2022-2011
2016236.36.3
 
 
 
 
Google Chrome Compositing out-of-bounds read0.13CVE-2022-2010
2016226.36.3
 
 
 
 
Google Chrome WebGL out-of-bounds read0.07CVE-2022-2008
2016216.36.3
 
 
 
 
Google Chrome WebGPU use after free0.22CVE-2022-2007
2016204.34.3
 
 
 
 
Daylight Studio Fuel CMS 4 cross-site request forgery0.06CVE-2021-44117
2016197.26.3
 
8.1
 
 
gatsby-plugin-mdx gray-matter deserialization0.04CVE-2022-25863
2016186.25.4
 
7.1
 
 
Dell SupportAssist Client Consumer path traversal0.03CVE-2022-29094
2016176.25.4
 
7.1
 
 
Dell SupportAssist Client Consumer path traversal0.07CVE-2022-29093
2016168.38.8
 
7.8
 
 
Dell SupportAssist Client Consumer uncontrolled search path0.03CVE-2022-29092
2016156.45.3
 
7.5
 
 
jpeg-js infinite loop0.03CVE-2022-25851
2016146.45.3
 
7.5
 
 
convert-svg-core SVG File code injection0.00CVE-2022-24429
2016135.94.7
 
7.2
 
 
git-promise command injection0.03CVE-2022-24376
2016126.45.3
 
7.5
 
 
convert-svg-core SVG Tag pathname traversal0.02CVE-2022-24278
2016114.83.7
 
5.9
 
 
posix toString resource consumption0.10CVE-2022-21211
2016106.86.3
 
7.4
 
 
vim use after free0.04CVE-2022-2042
2016094.34.3
 
 
 
 
Netwave IP Camera Network Configuration kcore information disclosure0.04CVE-2018-17240
2016087.47.4
 
 
 
 
Lepin EP-KP001 improper authentication0.03CVE-2022-29948
2016075.55.5
 
 
 
 
libjpeg Empty JPEG-LS Scan singlecomponentlsscan.cpp ParseMCU assertion0.06CVE-2022-32978
2016066.36.3
 
 
 
 
IdeaLMS sql injection0.09CVE-2022-31788
2016056.34.3
 
8.3
 
 
Dell SupportAssist Client Consumer cross site scripting0.00CVE-2022-29095
2016048.88.8
 
 
 
 
RealVNC VNC Server Installer Repair access control0.06CVE-2022-27502
2016036.85.6
 
8.1
 
 
Alibaba Fastjson deserialization0.48CVE-2022-25845
2016023.53.5
 
 
 
 
Axiomatic Bento4 Ap4RtpAtom.cpp allocation of resources0.04CVE-2022-31287
2016015.05.0
 
 
 
 
Couchbase Sync Gateway X.509 Certificate certificate validation0.03CVE-2022-32563
2016003.53.5
 
 
 
 
Axiomatic Bento4 Ap4Array.h allocation of resources0.00CVE-2022-31285
2015996.36.3
 
 
 
 
Axiomatic Bento4 MP4Dump Ap4DataBuffer.cpp memory corruption0.03CVE-2022-31282
2015986.36.3
 
 
 
 
SourceCodester Money Transfer Management System URL access control0.03CVE-2021-44582
2015972.72.5
 
2.9
 
 
IBM Spectrum Copy Data Management user session0.06CVE-2022-22426
2015966.36.3
 
 
 
 
dynamicMarkt index.php sql injection0.07CVE-2021-41756
2015956.36.3
 
 
 
 
dynamicMarkt index.php sql injection0.05CVE-2021-41755
2015946.36.3
 
 
 
 
dynamicMarkt index.php sql injection0.03CVE-2021-41754
2015933.53.5
 
 
 
 
ITOP export-v2.php cross site scripting0.03CVE-2022-31402
2015924.24.1
 
4.4
 
 
IBM Spectrum Copy Data Management improper restriction of rendered ui layers0.04CVE-2022-30610
2015914.43.5
 
5.4
 
 
IBM Spectrum Copy Data Management Portal UI cross site scripting0.03CVE-2022-30611
2015904.03.1
 
5.0
 
 
IBM Spectrum Copy Data Management cross-site request forgery0.00CVE-2022-22479
2015898.08.0
 
 
 
 
Linux Kernel Floating Point Register ptrace-fpu.c ptrace_get_fpr buffer overflow0.00CVE-2022-32981
2015885.35.3
 
5.3
 
 
IBM Spectrum Copy Data Management Configuration information disclosure0.00CVE-2022-31769

Do you want to use VulDB in your project?

Use the official API to access entries easily!