nagvis CVE Vulnerabilities & Metrics

Focus on nagvis vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About nagvis Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with nagvis. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total nagvis CVEs: 7
Earliest CVE date: 02 Mar 2017, 06:59 UTC
Latest CVE date: 27 May 2025, 07:15 UTC

Latest CVE reference: CVE-2024-47090

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical nagvis CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.56

Max CVSS: 8.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 4
4.0-6.9 2
7.0-8.9 1
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS nagvis CVEs

These are the five CVEs with the highest CVSS scores for nagvis, sorted by severity first and recency.

All CVEs for nagvis

CVE-2024-47090 nagvis vulnerability CVSS: 0 27 May 2025, 07:15 UTC

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS

CVE-2024-47093 nagvis vulnerability CVSS: 0 19 Dec 2024, 15:15 UTC

Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS

CVE-2023-46287 nagvis vulnerability CVSS: 0 20 Oct 2023, 14:15 UTC

XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

CVE-2022-46945 nagvis vulnerability CVSS: 0 26 May 2023, 15:15 UTC

Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.

CVE-2022-3979 nagvis vulnerability CVSS: 5.1 13 Nov 2022, 23:15 UTC

A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.

CVE-2021-33178 nagvis vulnerability CVSS: 8.5 14 Oct 2021, 15:15 UTC

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.

CVE-2017-6393 nagvis vulnerability CVSS: 4.3 02 Mar 2017, 06:59 UTC

An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/std_table.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.