What is the HashiCorp CNA?
HashiCorp is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 81 CVE records since 2022.
How many CVEs has HashiCorp published?
HashiCorp has published 81 CVE records, including 46 in the last two years.
What is HashiCorp's CVE data quality grade?
RadicalNotion.AI grades HashiCorp's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does HashiCorp publish CVEs for?
HashiCorp most frequently publishes CVEs for Vault Enterprise, Vault, github.com/hashicorp/vault, Nomad, Nomad Enterprise.
Which vendors does HashiCorp cover?
HashiCorp publishes CVEs across 1 distinct vendors, most often HashiCorp, Bitnami, openbao, hashicorp-forge, npm.
Is HashiCorp actively publishing CVEs?
HashiCorp is currently active, based on 46 CVEs in the last two years.
What is the average severity of HashiCorp's CVEs?
The average CVSS base score across HashiCorp's scored CVEs is 6.2.
How many critical CVEs has HashiCorp published?
HashiCorp has published 3 critical-severity CVEs and 35 high-severity CVEs.
Are any of HashiCorp's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of HashiCorp's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in HashiCorp's CVEs?
HashiCorp's CVEs most often map to these CWE weakness types: CWE-266 (Incorrect Privilege Assignment), CWE-59 (Improper Link Resolution Before File Access ('Link Following')), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-863 (Incorrect Authorization).
How does HashiCorp rank among CNAs?
By total CVE volume, HashiCorp ranks #134 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
