PHPackages marmelatze/cvss - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. marmelatze/cvss ActiveLibrary[Security](/categories/security) marmelatze/cvss =============== Common Vulnerability Scoring System Version 2.0(10mo ago)19.9kMITPHPPHP >=5.5.9 Since Jan 13Pushed 10mo agoCompare [ Source](https://github.com/Marmelatze/Cvss)[ Packagist](https://packagist.org/packages/marmelatze/cvss)[ RSS](/packages/marmelatze-cvss/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (2)Versions (6)Used By (0) CVSS ==== [](#cvss) [![Latest Stable Version](https://camo.githubusercontent.com/31532bacde78a72eb7808ef0e04e72b107f0002987f9c7d86d9a7e59445307a4/68747470733a2f2f706f7365722e707567782e6f72672f7977682f637673732f76657273696f6e)](https://packagist.org/packages/ywh/cvss)[![Total Downloads](https://camo.githubusercontent.com/541ea202f476e6e44cfdb089862448acf4190b3e4d595cfb6ba7eb11f0e8882e/68747470733a2f2f706f7365722e707567782e6f72672f7977682f637673732f646f776e6c6f616473)](https://packagist.org/packages/ywh/cvss)[![Latest Unstable Version](https://camo.githubusercontent.com/ad63bcf5ff205ef1e28a4c7758f4bfe254d1d943ea2ef28fd14c3f6e5a700baf/68747470733a2f2f706f7365722e707567782e6f72672f7977682f637673732f762f756e737461626c65)](//packagist.org/packages/ywh/cvss)[![License](https://camo.githubusercontent.com/52d464987802789845275105b9dc8804f416bf5cf351344990ab2c747a49d562/68747470733a2f2f706f7365722e707567782e6f72672f7977682f637673732f6c6963656e7365)](https://packagist.org/packages/ywh/cvss) Common Vulnerability Scoring System (CVSS) provides a robust and useful scoring system for IT vulnerabilities. See for more informations. Documentation ============= [](#documentation) 1 - Installation ---------------- [](#1---installation) Dowload the CVSS library using composer: ``` composer require ywh/cvss ``` 2 - Usage --------- [](#2---usage) ### 2.1 Vector parser [](#21-vector-parser) First, you need to give the CVSSv3 calculator a valid CVSS vector: ``` use YWH\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'); ``` Base metrics (AV,AC,PR,UI,S,C,I and A) must be defined. An undefined metric will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\UndefinedOptionsException ``` A missing metric will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\MissingOptionsException ``` A wrong metric value will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\InvalidOptionsException ``` Once the vector is valid, you will able to get several informations about the vector. ### 2.1 Scores [](#21-scores) Score is float number from 0 to 10. CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N vector has a 2.7 base score. #### 2.1.1 Base score [](#211-base-score) ``` use YWH\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 0 ``` ### 2.1.2 Temporal score [](#212-temporal-score) ``` use YWH\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:T/RC:C'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 2.7 echo 'Temporal score: ' $cvss->getTemporalScore(); // Temporal score: 2.4 ``` ### 2.1.2 Environmental score [](#212-environmental-score) ``` use YWH\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:U/CR:H/IR:M/AR:H/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:N/MA:L'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 9.1 echo 'Temporal score: ' $cvss->getTemporalScore(); // Temporal score: 7.4 echo 'Environmental score: ' $cvss->getEnvironmentalScore(); // Environmental score: 7.4 ``` ### 2.2 Qualitative Severity Rating Scale [](#22-qualitative-severity-rating-scale) All score can be mapped to a qualitative rating, defined in the table bellow: ValueTextual representationCVSS ScoreNNone0.0LLow0.1 - 3.9MMedium4.0 - 6.9HHigh7.0 - 8.9CCritical9.0 - 10.0 ### Health Score 41 — FairBetter than 88% of packages Maintenance58 Moderate activity, may be stable Popularity22 Limited adoption so far Community8 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 55.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1364 days Total 3 Last Release 310d ago Major Versions 1.1 → 2.02025-07-03 ### Community Maintainers ![](https://www.gravatar.com/avatar/d839ef2aac67675e4d03e930ddcec1e5767b225d92c7e9a190a88983cd4fb88d?d=identicon)[Marmelatze](/maintainers/Marmelatze) --- Top Contributors [![picoss](https://avatars.githubusercontent.com/u/4903613?v=4)](https://github.com/picoss "picoss (5 commits)")[![Marmelatze](https://avatars.githubusercontent.com/u/199681?v=4)](https://github.com/Marmelatze "Marmelatze (4 commits)") --- Tags securitycvsscvss3 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/marmelatze-cvss/health.svg) ``` [![Health](https://phpackages.com/badges/marmelatze-cvss/health.svg)](https://phpackages.com/packages/marmelatze-cvss) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k434.8M1.3k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M212](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M112](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M117](/packages/robrichards-xmlseclibs)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp)[security-database/cvss Common Vulnerability Scoring System Version 3.1 1017.9k](/packages/security-database-cvss) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)