CVSSv3 07/05/2022

CVSSv3 Base

≤10
≤20
≤30
≤48
≤56
≤69
≤711
≤81
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤48
≤57
≤611
≤78
≤82
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤410
≤56
≤67
≤712
≤80
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤51
≤63
≤74
≤83
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2032463.53.5
 
 
 
 
SourceCodester Zoo Management System Add Classification cross site scripting0.00CVE-2022-33075
2032455.05.0
 
 
 
 
Taocms Edit Category sql injection0.00CVE-2021-44915
2032445.63.7
 
7.5
 
 
Nakama excessive authentication0.00CVE-2022-2321
2032435.96.3
 
5.4
 
 
Nextcloud Server SMTP crlf injection0.06CVE-2022-31014
2032424.34.3
 
 
 
 
UltraJSON Internal Decoder double free0.00CVE-2022-31117
2032416.96.3
 
7.5
 
 
UltraJSON JSON String control flow0.03CVE-2022-31116
2032405.03.5
 
6.5
 
 
VICIdial AST Agent Time Sheet Interface AST_agent_time_sheet.php cross site scripting0.06CVE-2022-34879
2032394.94.9
 
4.9
 
 
IBM App Connect Enterprise Certified Container Administration Console denial of service0.03CVE-2022-31770
2032384.74.7
 
 
 
 
VICIdial User Stats Interface user_stats.php sql injection0.03CVE-2022-34878
2032376.36.3
 
6.4
 
 
VICIdial AST Agent Time Sheet Interface AST_agent_time_sheet.php sql injection0.03CVE-2022-34877
2032365.14.7
 
5.5
 
 
VICIdial admin.php sql injection0.06CVE-2022-34876
2032355.55.5
 
 
 
 
Alibaba Nacos Access Prompt Page access control0.00CVE-2021-43116
2032345.55.5
 
 
 
 
Beego Wildcard leafInfo.match Privilege Escalation0.06CVE-2022-31836
2032336.36.3
 
 
 
 
Google Chrome WebRTC heap-based overflow7.49CVE-2022-2294
2032323.53.5
 
 
 
 
Xen Linux Block Device information disclosure0.06CVE-2022-26365
2032313.53.5
 
 
 
 
OpenCTI Data Import cross site scripting0.06CVE-2022-30289
2032304.34.3
 
 
 
 
Asus RT-A88U Admin Panel cross site scripting0.03CVE-2021-43702
2032295.75.7
 
 
 
 
Xen Dom0 denial of service0.15CVE-2022-33744
2032285.55.5
 
 
 
 
OpenCTI access control0.06CVE-2022-30290
2032277.06.3
 
7.8
 
 
vim stack-based overflow0.03CVE-2022-2304
2032265.75.7
 
 
 
 
Xen Linux Netfront denial of service0.18CVE-2022-33743
2032253.53.5
 
 
 
 
Xen Linux Block Device information disclosure0.03CVE-2022-33742
2032243.53.5
 
 
 
 
Xen Linux Block Device information disclosure0.00CVE-2022-33741
2032233.53.5
 
 
 
 
Xen Linux Block Device information disclosure0.09CVE-2022-33740
2032225.35.3
 
5.3
 
 
libxml2 lxml null pointer dereference0.09CVE-2022-2309
2032213.73.7
 
 
 
 
OpenSSL AES OCB Mode missing encryption2.94CVE-2022-2097
2032206.95.6
 
8.2
 
 
Nakama session expiration0.00CVE-2022-2306
2032193.53.5
 
 
 
 
Zoho ManageEngine ADSelfService Mobile App Deployment API denial of service0.09CVE-2022-34829
2032186.36.3
 
 
 
 
TypeORM FindOneOptions findOne sql injection0.18CVE-2022-33171
2032176.36.3
 
 
 
 
KDE Django Extract sql injection1.25CVE-2022-34265
2032166.66.6
 
 
 
 
Nvidia DGX A100 SBIOS SmbiosPei out-of-bounds write0.00CVE-2022-31601
2032157.46.6
 
8.2
 
 
Nvidia DGX A100 SBIOS Ofbd uninitialized pointer0.00CVE-2022-31599
2032146.56.6
 
6.4
 
 
Nvidia DGX A100 SBIOS IpSecDxe array index0.04CVE-2022-31603
2032136.56.6
 
6.4
 
 
Nvidia DGX A100 SBIOS IpSecDxe out-of-bounds write0.12CVE-2022-31602
2032126.66.6
 
 
 
 
Nvidia DGX A100 SBIOS SmmCore integer overflow0.06CVE-2022-31600
2032118.88.8
 
 
 
 
Ransom Lockbit RstrtMgr.dll uncontrolled search path0.12
2032108.88.8
 
 
 
 
Linux Kernel User Namespace nf_tables_api.c nft_set_elem_init type confusion0.40CVE-2022-34918

Do you want to use VulDB in your project?

Use the official API to access entries easily!