🧮 CVSS Vulnerability Scoring

Caution

This library is under heavy development.

Getting started

  • Calculates CVSS v2.0, v3.0, v3.1 score based on provided metrics.
  • Easy way to change CVSS vulnerability score

Supported Metrics

CVSS Version Base Metric Extended Metric (Temporal, Environmental...)
CVSS v4.0 🚧 Not implemented 🚧 Not implemented
CVSS v3.1 ✅ 🚧 Not implemented
CVSS v3.0 ✅ 🚧 Not implemented
CVSS v2.0 ✅ 🚧 Not implemented

Usage

Creating a CVSS v3.1 Object

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvss = CVSSv31(
  attackVector: AttackVector.network,
  attackComplexity: AttackComplexity.low,
  privilegesRequired: PrivilegesRequired.none,
  userInteraction: UserInteraction.none,
  scope: Scope.unchanged,
  confidentialityImpact: ConfidentialityImpact.high,
  integrityImpact: IntegrityImpact.high,
  availabilityImpact: AvailabilityImpact.high,
);

final baseScore = cvss.calculateBaseScore();
final severity = cvss.baseSeverityRating;

print('CVSS Base Score: $baseScore');  // Output: CVSS Base Score: 9.8
print('Severity Rating: $severity');   // Output: Severity Rating: Critical
print('CVSS Vector String: $cvss');    // Output: CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Creating a CVSS v3.0 Object

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvss = CVSSv30(
  attackVector: AttackVector.network,
  attackComplexity: AttackComplexity.low,
  privilegesRequired: PrivilegesRequired.none,
  userInteraction: UserInteraction.none,
  scope: Scope.unchanged,
  confidentialityImpact: ConfidentialityImpact.high,
  integrityImpact: IntegrityImpact.high,
  availabilityImpact: AvailabilityImpact.high,
);

final baseScore = cvss.calculateBaseScore();
final severity = cvss.baseSeverityRating;

print('CVSS Base Score: $baseScore');
print('Severity Rating: $severity');
print('CVSS Vector String: $cvss');

Creating a CVSS v2.0 Object

import 'package:cvss_vulnerability_scoring/cvss_vulnerability_scoring.dart';

final cvssString = 'CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P';
final cvss = CVSSv20.fromString(cvssString);

final baseScore = cvss.calculateBaseScore();

print('CVSS Base Score: $baseScore');
print('CVSS Vector String: $cvss');

Contributing

See the Contributing guide for more information.

License

All of CVSS Vulnerability Scoring library is licensed under the Apache-2.0 license unless otherwise stated.

See the license file for more information.

Libraries

cvss_vulnerability_scoring