U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-28867 - Cross-Site Request Forgery (CSRF) vulnerability in stesvis Frontpage category filter allows Cross Site Request Forgery. This issue affects Frontpage category filter: from n/a through 1.0.2.
    Published: March 11, 2025; 5:15:44 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-28870 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in amocrm amoCRM WebForm allows DOM-Based XSS. This issue affects amoCRM WebForm: from n/a through 1.1.
    Published: March 11, 2025; 5:15:44 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2021-44923 - A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.
    Published: December 21, 2021; 4:15:07 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2022-4645 - LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.
    Published: March 03, 2023; 11:15:09 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2020-17538 - A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:14 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2020-16296 - A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
    Published: August 12, 2020; 11:15:13 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-14015 - The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin... read CVE-2018-14015
    Published: July 12, 2018; 4:29:00 PM -0400

    V3.1: 5.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2017-17506 - In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.
    Published: December 10, 2017; 10:29:00 PM -0500

    V3.1: 6.5 MEDIUM
     V2.0: 4.3 MEDIUM

  • CVE-2018-13873 - An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.
    Published: July 10, 2018; 5:29:00 PM -0400

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2022-49190 - In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot vi... read CVE-2022-49190
    Published: February 26, 2025; 2:00:56 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49201 - In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnic_xmit() accessing an scrq after it has been freed in the re... read CVE-2022-49201
    Published: February 26, 2025; 2:00:57 AM -0500

    V3.1: 4.7 MEDIUM

  • CVE-2022-49203 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix double free during GPU reset on DC streams [Why] The issue only occurs during the GPU reset code path. We first backup the current state prior to commiting... read CVE-2022-49203
    Published: February 26, 2025; 2:00:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49206 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in error flow for subscribe event routine In case the second xa_insert() fails, the obj_event is not released. Fix the error unwind flow to free that... read CVE-2022-49206
    Published: February 26, 2025; 2:00:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49207 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in sk_psock_queue_msg If tcp_bpf_sendmsg is running during a tear down operation we may enqueue data on the ingress msg queue while tear down is trying... read CVE-2022-49207
    Published: February 26, 2025; 2:00:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49208 - In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Prevent some integer underflows My static checker complains that: drivers/infiniband/hw/irdma/ctrl.c:3605 irdma_sc_ceq_init() warn: can subtract underflow '... read CVE-2022-49208
    Published: February 26, 2025; 2:00:57 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49209 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_msg_alloc() returns -ENOMEM error, tcp_bpf_sendms... read CVE-2022-49209
    Published: February 26, 2025; 2:00:58 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49210 - In the Linux kernel, the following vulnerability has been resolved: MIPS: pgalloc: fix memory leak caused by pgd_free() pgd page is freed by generic implementation pgd_free() since commit f9cb654cb550 ("asm-generic: pgalloc: provide generic pgd_... read CVE-2022-49210
    Published: February 26, 2025; 2:00:58 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2022-49211 - In the Linux kernel, the following vulnerability has been resolved: mips: cdmm: Fix refcount leak in mips_cdmm_phys_base The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it w... read CVE-2022-49211
    Published: February 26, 2025; 2:00:58 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-47631 - In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the... read CVE-2021-47631
    Published: February 26, 2025; 1:37:04 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2021-47632 - In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines") included a spin_lock() to change_page_attr... read CVE-2021-47632
    Published: February 26, 2025; 1:37:04 AM -0500

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024