PHPackages picoss/cvss - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. picoss/cvss Abandoned → [https://github.com/yeswehack/Cvss](/?search=https%3A%2F%2Fgithub.com%2Fyeswehack%2FCvss)Library[Security](/categories/security) picoss/cvss =========== Common Vulnerability Scoring System Version 1.3.4(9y ago)04911Apache-2.0PHPPHP >=5.5.9 Since Jan 23Pushed 9y ago1 watchersCompare [ Source](https://github.com/picoss/cvss)[ Packagist](https://packagist.org/packages/picoss/cvss)[ RSS](/packages/picoss-cvss/feed)WikiDiscussions develop Synced today READMEChangelogDependencies (2)Versions (10)Used By (1) CVSS ==== [](#cvss) [![Build Status](https://camo.githubusercontent.com/659b44f2c242d3e39a6609f7eaa6f41f3ddd6720adef790c0859c9ba938e37b5/68747470733a2f2f7472617669732d63692e6f72672f7069636f73732f637673732e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/picoss/cvss) [![Latest Stable Version](https://camo.githubusercontent.com/6b70db8bd64844699308980768b6a3addfeb3ba7e86633aa89c09c639b0a18ff/68747470733a2f2f706f7365722e707567782e6f72672f7069636f73732f637673732f76657273696f6e)](https://packagist.org/packages/picoss/cvss)[![Total Downloads](https://camo.githubusercontent.com/ff8ae2f6395b52e158ac0c1e1cc7dd98529cb6441eb0df4bd0aee97ad7642b58/68747470733a2f2f706f7365722e707567782e6f72672f7069636f73732f637673732f646f776e6c6f616473)](https://packagist.org/packages/picoss/cvss)[![Latest Unstable Version](https://camo.githubusercontent.com/0d8614df96855ae32de6a97a9bbe3419b56f7bcc176ecf0999eb87b728dd3bef/68747470733a2f2f706f7365722e707567782e6f72672f7069636f73732f637673732f762f756e737461626c65)](//packagist.org/packages/picoss/cvss)[![License](https://camo.githubusercontent.com/96626402eb4ead54bda058f9f2b9528e58e1204e744fb31812690e092265d885/68747470733a2f2f706f7365722e707567782e6f72672f7069636f73732f637673732f6c6963656e7365)](https://packagist.org/packages/picoss/cvss) Common Vulnerability Scoring System (CVSS) provides a robust and useful scoring system for IT vulnerabilities. See for more informations. Documentation ============= [](#documentation) 1 - Installation ---------------- [](#1---installation) Dowload the CVSS library using composer: ``` composer require picoss/cvss ``` 2 - Usage --------- [](#2---usage) ### 2.1 Vector parser [](#21-vector-parser) First, you need to give the CVSSv3 calculator a valid CVSS vector: ``` use Picoss\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'); ``` Base metrics (AV,AC,PR,UI,S,C,I and A) must be defined. An undefined metric will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\UndefinedOptionsException ``` A missing metric will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\MissingOptionsException ``` A wrong metric value will throw the following error: ``` Symfony\Component\OptionsResolver\Exception\InvalidOptionsException ``` Once the vector is valid, you will able to get several informations about the vector. ### 2.1 Scores [](#21-scores) Score is float number from 0 to 10. CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N vector has a 2.7 base score. #### 2.1.1 Base score [](#211-base-score) ``` use Picoss\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 0 ``` ### 2.1.2 Temporal score [](#212-temporal-score) ``` use Picoss\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:T/RC:C'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 2.7 echo 'Temporal score: ' $cvss->getTemporalScore(); // Temporal score: 2.4 ``` ### 2.1.2 Environmental score [](#212-environmental-score) ``` use Picoss\Cvss; $cvss = new Cvss3(); $cvss->setVector('CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:T/RC:U/CR:H/IR:M/AR:H/MAV:A/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:N/MA:L'); echo 'Base score: ' $cvss->getBaseScore(); // Base score: 9.1 echo 'Temporal score: ' $cvss->getTemporalScore(); // Temporal score: 7.4 echo 'Environmental score: ' $cvss->getEnvironmentalScore(); // Environmental score: 7.4 ``` ### 2.2 Qualitative Severity Rating Scale [](#22-qualitative-severity-rating-scale) All score can be mapped to a qualitative rating, defined in the table bellow: ValueTextual representationCVSS ScoreNNone0.0LLow0.1 - 3.9MMedium4.0 - 6.9HHigh7.0 - 8.9CCritical9.0 - 10.0 ### Health Score 29 — LowBetter than 57% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community9 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Recently: every ~18 days Total 8 Last Release 3371d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0423e64e9273a97b112c974ffd48602ac19454cab7ab6632aa9ed1c7e7290c47?d=identicon)[picoss](/maintainers/picoss) --- Top Contributors [![picoss](https://avatars.githubusercontent.com/u/4903613?v=4)](https://github.com/picoss "picoss (28 commits)") --- Tags securitycvsscvss3 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/picoss-cvss/health.svg) ``` [![Health](https://phpackages.com/badges/picoss-cvss/health.svg)](https://phpackages.com/packages/picoss-cvss) ``` ### Alternatives [phpseclib/phpseclib PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc. 5.6k455.2M1.5k](/packages/phpseclib-phpseclib)[defuse/php-encryption Secure PHP Encryption Library 3.9k170.7M239](/packages/defuse-php-encryption)[robrichards/xmlseclibs A PHP library for XML Security 41182.2M138](/packages/robrichards-xmlseclibs)[spatie/laravel-csp Add CSP headers to the responses of a Laravel app 86110.6M23](/packages/spatie-laravel-csp)[security-database/cvss Common Vulnerability Scoring System Version 3.1 1018.1k](/packages/security-database-cvss)[2lenet/crudit-bundle The easy like Crud'it Bundle. 1615.6k12](/packages/2lenet-crudit-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)