CVEs from 2021

4,807 normalized CVEs published or assigned in this year.

Total

4,807

critical

critical 280

high

high 1,018

medium

medium 1,175

low

low 138

% Critical

5.8%

% with KEV

4.4%

% with exploit

5.3%

Top vendors

Top products

simatic_wincc_runtime_advanced 28
office 13
primavera_gateway 10
weblogic_server 9
primavera_unifier 8
modicon_m340_bmxp342020 8
log4j 8
communications_unified_inventory_management 7

Top packages

PyPI/tensorflow-cpu 885
PyPI/tensorflow 885
PyPI/tensorflow-gpu 885
Packagist/moodle/moodle 126
Packagist/magento/community-edition 124
Maven/com.liferay.portal:release.dxp.bom 82
PyPI/salt 74
Maven/org.jenkins-ci.main:jenkins-core 60

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2021-44228	critical	—	10.0				5y ago	Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
CVE-2021-42013	critical	—	10.0				5y ago	It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Al…
CVE-2021-22205	critical	—	10.0				5y ago	GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through Exi…
CVE-2021-21300	low	—	3.5				—	Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as…