The {metæffekt} CVSS Calculator is a npm library wrapped in a publicly available web application that allows calculating CVSS scores for multiple CVSS vectors of different versions simultaneously.
TypeScript Library | UI |
Supports CVSS versions 2.0, 3.0, 3.1 and 4.0.
Available on NPM as ae-cvss-calculator and installable via:
npm install ae-cvss-calculator |
The calculator is available on our webpage for you to try out and link from your applications. The source code can be found in the site directory. |
Available on NPM as ae-cvss-calculator and installable via:
npm install ae-cvss-calculator
See README.md in the ae-cvss-calculator
directory for instructions on how to build and
use the library.
See our CVSS 4.0 implementation documentation to learn more about the specifics of our implementation and CVSS 4.0 in general.
The calculator supports the following URL parameters. Make sure to properly URL encode the values.
The vector
parameter is a JSON array of JSON arrays. Each sub-array is of the following format:
[
"vector name",
true,
"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"CVSS:3.1",
"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L"
]
Where the first element is the name of the vector, the second element is a boolean indicating whether the vector is
visible, the third element is the CVSS vector string and the fourth element is the CVSS version string.
The CVSS version is one of CVSS:2.0
, CVSS:3.1
or CVSS:4.0
.
The optional fifth element (null
by default) represents the initial vector that will be used to generate the
diff-vector when using the 'copy diff vector' button.
Example with a larger amount of vectors:
vector=[["CVSS:4.0",true,"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H","CVSS:4.0","CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L"],["3.1+2020-5934+(nist.gov)",true,"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H/E:F/RL:U/RC:R","CVSS:3.1"],["2.0+2020-5934+(nist.gov)",true,"AV:L/AC:H/Au:S/C:C/I:P/A:N/E:U/RL:U/RC:C/CDP:LM/TD:M/CR:H/IR:H/AR:H","CVSS:2.0"]]
The open
parameter is a string indicating which accordion elements are expanded.
They are normalized to a lowercase representation, where spaces are replaced by dashes -
and individual elements are
separated by commas.
See the names of the individual categories for the possible values.
Example:
open=temporal,environmental-security-requirement
The selected
parameter is a string indicating which vector is selected for editing.
If set, it must be the name of one of the vectors in the vector
parameter.
Example:
selected=3.1+2020-5934+(nist.gov)
The cve
parameter is a string indicating a comma separated list of CVE IDs.
If set, the calculator will automatically fetch the CVSS vectors from the NVD API and add them to the list of vectors.
Example:
cve=CVE-2020-5934,CVE-2020-5935
Using the NVD input field at the top of the editor, you can enter a CVE ID and the calculator will automatically fetch the CVSS vector(s) from the NVD API and add it to the list of vectors.
When selecting a vector sourced from the NVD, the according description will be displayed below the Severity Radar chart. This description is either fetched as part of the initial NVD API call or, if the vector was added via the URL parameter, fetched when selecting the vector.