🧮 CVSS Vulnerability Scoring

Getting started

• Calculates CVSS v2.0, v3.0, and v3.1 scores
• Automatically detect the CVSS version from the vector prefix

Supported Metrics

Usage

Parsing any CVSS vector

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvss = CVSS.fromString('CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H');
print(cvss.calculateBaseScore());      // 9.8
print(cvss.baseSeverityRating().name); // critical
print(cvss);                           // CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Constructing a CVSS v3.1 object directly

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvss = CVSSv31(
  attackVector: AttackVector.network,
  attackComplexity: AttackComplexity.low,
  privilegesRequired: PrivilegesRequired.none,
  userInteraction: UserInteraction.none,
  scope: Scope.unchanged,
  confidentialityImpact: ConfidentialityImpact.high,
  integrityImpact: IntegrityImpact.high,
  availabilityImpact: AvailabilityImpact.high,
);

print(cvss.calculateBaseScore());      // 9.8
print(cvss.baseSeverityRating().name); // critical

Constructing a CVSS v2.0 object

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvss = CVSSv20(
  accessVector: AccessVector.network,
  accessComplexity: AccessComplexity.low,
  authentication: Authentication.none,
  confidentialityImpact: ConfidentialityImpactV2.partial,
  integrityImpact: IntegrityImpactV2.partial,
  availabilityImpact: AvailabilityImpactV2.partial,
);

print(cvss.calculateBaseScore());      // 7.5
print(cvss.baseSeverityRating().name); // high

See example/main.dart for a runnable sample.

Contributing

See the Contributing guide for more information.

License

All of CVSS Vulnerability Scoring library is licensed under the Apache-2.0 license unless otherwise stated.

See the license file for more information.