CVSSv3 10/05/2022

CVSSv3 Base

≤10
≤20
≤31
≤42
≤52
≤61
≤77
≤82
≤91
≤107

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤41
≤52
≤67
≤73
≤81
≤90
≤107

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤42
≤52
≤61
≤77
≤82
≤91
≤107

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2101703.53.5
 
 
 
 
Discourse DiscoTOC table-of-contents Theme cross site scripting2.30-0.00000CVE-2022-39270
2101695.55.5
 
 
 
 
PJSIP Parser buffer overflow2.49-0.00000CVE-2022-39244
2101683.13.1
 
 
 
 
dexidp dex OAuth Authorization Code authentication replay2.10-0.00000CVE-2022-39222
2101672.42.4
 
 
 
 
Aruba InstantOS/ArubaOS Web Management Interface cross site scripting4.59-0.00000CVE-2022-37896
2101664.94.9
 
 
 
 
Aruba InstantOS/ArubaOS Web Management Interface denial of service3.97-0.00000CVE-2022-37895
2101656.56.5
 
 
 
 
Aruba InstantOS/ArubaOS SSID denial of service3.43-0.00000CVE-2022-37894
2101647.27.2
 
 
 
 
Aruba InstantOS/ArubaOS Command Line Interface command injection3.89-0.00000CVE-2022-37893
2101634.34.3
 
 
 
 
Aruba InstantOS/ArubaOS Web Management Interface cross site scripting3.34-0.00000CVE-2022-37892
2101629.89.8
 
 
 
 
Aruba InstantOS/ArubaOS Web Management Interface buffer overflow6.07-0.00000CVE-2022-37891
2101619.89.8
 
 
 
 
Aruba InstantOS/ArubaOS Web Management Interface buffer overflow4.04-0.00000CVE-2022-37890
2101609.89.8
 
 
 
 
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow4.32-0.00000CVE-2022-37889
2101599.89.8
 
 
 
 
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow3.71-0.00000CVE-2022-37888
2101589.89.8
 
 
 
 
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow3.93-0.00000CVE-2022-37887
2101579.89.8
 
 
 
 
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow3.39-0.00000CVE-2022-37886
2101569.89.8
 
 
 
 
Aruba InstantOS/ArubaOS PAPI Protocol buffer overflow3.84-0.00000CVE-2022-37885
2101558.18.1
 
 
 
 
BD Totalys MultiProcessor hard-coded credentials1.600.00000CVE-2022-40263
2101546.36.3
 
 
 
 
Omron CX-Programmer out-of-bounds write1.090.00000CVE-2022-3397
2101536.36.3
 
 
 
 
Omron CX-Programmer out-of-bounds write1.720.00000CVE-2022-3396
2101526.36.3
 
 
 
 
Omron CX-Programmer CX-P.exe out-of-bounds write1.010.00000CVE-2022-3398
2101516.36.3
 
 
 
 
Horner Automation Cscape FNT File uninitialized pointer1.010.00000CVE-2022-3377
2101506.36.3
 
 
 
 
Horner Automation Cscape FNT File uninitialized pointer0.970.00000CVE-2022-3378
2101496.36.3
 
 
 
 
Horner Automation Cscape FNT File out-of-bounds write1.050.00000CVE-2022-3379
2101487.37.3
 
 
 
 
Johnson Controls Metasys ADX User Identity Claim improper authentication1.400.00000CVE-2022-21936

Do you want to use VulDB in your project?

Use the official API to access entries easily!