U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD



NVD API Key Logo
NVD API Key
Collaborative Vulnerability Metadata Acceptance Process
NVD Release of CVMAP
New NVD CVE/CPE API and Legacy SOAP Service Retirement!
New NVD CVE/CPE API and Legacy SOAP Service Retirement!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2020-36187 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
    Published: January 06, 2021; 6:15:13 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36186 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
    Published: January 06, 2021; 6:15:13 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36185 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
    Published: January 06, 2021; 6:15:13 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36180 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
    Published: January 06, 2021; 7:15:14 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36179 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
    Published: January 06, 2021; 7:15:14 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36188 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
    Published: January 06, 2021; 6:15:13 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36183 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
    Published: January 06, 2021; 7:15:15 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36182 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
    Published: January 06, 2021; 7:15:14 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-12901 - Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
    Published: November 15, 2021; 3:15:19 PM -0500

    V3.1: 5.5 MEDIUM
     V2.0: 2.1 LOW

  • CVE-2020-12898 - Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
    Published: November 15, 2021; 2:15:07 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2020-12893 - Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
    Published: November 15, 2021; 3:15:19 PM -0500

    V3.1: 7.8 HIGH
     V2.0: 4.6 MEDIUM

  • CVE-2021-41271 - Discourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is pat... read CVE-2021-41271
    Published: November 15, 2021; 5:15:06 PM -0500

    V3.1: 5.3 MEDIUM
     V2.0: 5.0 MEDIUM

  • CVE-2021-40745 - Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server.
    Published: November 17, 2021; 11:15:08 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

  • CVE-2020-14062 - FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
    Published: June 14, 2020; 4:15:10 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-14060 - FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
    Published: June 14, 2020; 5:15:09 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-14195 - FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
    Published: June 16, 2020; 12:15:11 PM -0400

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-35728 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet... read CVE-2020-35728
    Published: December 27, 2020; 12:15:11 AM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2020-36181 - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
    Published: January 06, 2021; 6:15:12 PM -0500

    V3.1: 8.1 HIGH
     V2.0: 6.8 MEDIUM

  • CVE-2021-37580 - A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
    Published: November 16, 2021; 5:15:07 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH

  • CVE-2021-3958 - Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.
    Published: November 16, 2021; 11:15:06 AM -0500

    V3.1: 9.8 CRITICAL
     V2.0: 7.5 HIGH