PHPackages                             security-database/cvss - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. security-database/cvss

ActiveLibrary[Security](/categories/security)

security-database/cvss
======================

Common Vulnerability Scoring System Version 3.1

v2.2(6y ago)1018.1k↑46.2%4[1 issues](https://github.com/security-database/cvssv3/issues)Apache-2.0PHPPHP &gt;=5.6CI failing

Since Jul 13Pushed 1y ago3 watchersCompare

[ Source](https://github.com/security-database/cvssv3)[ Packagist](https://packagist.org/packages/security-database/cvss)[ Docs](https://github.com/security-database/cvssv3)[ RSS](/packages/security-database-cvss/feed)WikiDiscussions master Synced yesterday

READMEChangelog (10)Dependencies (1)Versions (12)Used By (0)

PHP Class for CVSS v3.0 / v3.1 Calculator
-----------------------------------------

[](#php-class-for-cvss-v30--v31-calculator)

[![Build Status](https://camo.githubusercontent.com/900a33c8e29aeb45328e9704b91d84a8e38cea7ce9174cf8ef701d3d17c61c48/68747470733a2f2f7472617669732d63692e6f72672f73656375726974792d64617461626173652f6376737376332e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/security-database/cvssv3)

[![Latest Stable Version](https://camo.githubusercontent.com/11926beabac4a53f8ffddf5a9c99f63c5990ea5071a9c871a260bc9728f707f2/68747470733a2f2f706f7365722e707567782e6f72672f73656375726974792d64617461626173652f637673732f76657273696f6e)](https://packagist.org/packages/security-database/cvss)[![Total Downloads](https://camo.githubusercontent.com/b47be4e1dc3934e2e22ca3385daf480949ad082c35c243c8180b1df369f026cb/68747470733a2f2f706f7365722e707567782e6f72672f73656375726974792d64617461626173652f637673732f646f776e6c6f616473)](https://packagist.org/packages/security-database/cvss)[![Latest Unstable Version](https://camo.githubusercontent.com/b5adfa9515eb3352a6b3cfbf4f1eb8cd9019ec0aa96bc8dff06395d5cae3d33b/68747470733a2f2f706f7365722e707567782e6f72672f73656375726974792d64617461626173652f637673732f762f756e737461626c65)](//packagist.org/packages/security-database/cvss)[![License](https://camo.githubusercontent.com/9eaaaab35910378bf6900ac1ef58ba30abf8c088eef162415389365286e8f5ce/68747470733a2f2f706f7365722e707567782e6f72672f73656375726974792d64617461626173652f637673732f6c6963656e7365)](https://packagist.org/packages/security-database/cvss)

### Version

[](#version)

#### dev-master

[](#dev-master)

Identical to 2.2 actually

#### 2.2

[](#22)

- Correction on MPR / PR calculation (could bewrong in some case)
- Added a test 8 to check
- Added optional and modification to X if not set (for better calculation)
- Correction of checkModified()

#### 2.1.1

[](#211)

- Travis and Composer update : php 5.6 -&gt; 7.3 phpunit

#### 2.1.0

[](#210)

- CVSS 3.1 Upgrade
- Backward compatible with 3.0 -&gt; accept 3.0 as input, output 3.1 vector
- Documentation upgrade to 3.1
- Our Cvss3::roundUp(), major upgrade in 3.1 from 3.0 seem to work fine (actually used in 3.0)
- Upgrade tests case to 3.1 and 3.0 vector in input give 3.1 vector in output
- Removed @version in Cvssv3.php

#### 2.0.3

[](#203)

- EnvScore calcultation fix with MPR and Scope when MS is not set (again)
- Cleaner code push by @faynwol
- Add some UnitTest on vectors vs CVSSv3 website

#### 2.0.2

[](#202)

- EnvScore calcultation fix with MPR and Scope when MS is not set
- EnvScore Formula, with now 2 RoundUp instead of One
- Add some UnitTest on vectors vs CVSSv3 website

#### 2.0.1

[](#201)

- EnvScore calcultation fix when envModifiedImpactSubScore &lt;= 0
- EnvScore Formula set to 0 in that case
- Change some props to static
- Change Clean method to handle static properties

#### 2.0

[](#20)

- Change public vars to private vars
- Add getter to all private vars
- Add setter to locale vars
- Add locale validator in \_\_constructor and setter
- Change phpUnit test case to reflect getter and setter
- Update documentation
- Update some DocBlock
- Update to 2.0 since getters and setters are not backward compatible
- Todo more and more phpUnit test case ...

#### 1.3.2

[](#132)

- Modify DocBlock with \\Exception
- Add a Clean() function to be able to clean Object before register another one
- Add public vector\_part (Base, Temp and Env vector part)
- Modify private to public base, env and tmp
- Change private to public some vars ($this-&gt;base, $this-&gt;env, $this-&gt;tmp)
- Fix \\Exception()
- Add Code on some Exception (\_\_construct &amp;&amp; register &amp;&amp; explodeVector)
- Change constructVector() to construct only mandatory vector (optional and modified are not put on vector if value is 'X' == No set)
- Fix check constant on language
- Fix modified metrics defaulting
- Add a constructor that load language files
- Add a reverse vector checker

#### 1.3.1

[](#131)

- Fix envImpactSubScoreMultiplier
- Add Scores priority

#### 1.3.0

[](#130)

- Fix - Errors on calculation, specific on Modified Scope
- Fix - Modified scores -&gt; weight (float)
- Rework - Modified scores with normalized names - easy to read the code now
- Added - Multi language Label

### Common Vulnerability Scoring System Version 3.1

[](#common-vulnerability-scoring-system-version-31)

Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. It is under the custodianship of NIST. It attempts to establish a measure of how much concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The scores are based on a series of measurements (called metrics) based on expert assessment. The scores range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low. Class try to follow PSR2 standard except for some 120chars on formula.

### License

[](#license)

This piece of software is under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0)

### PHP Class

[](#php-class)

#### Initialization

[](#initialization)

Could be composer:

```
composer require security-database/cvss
```

or traditional include class into your project, and include it.

```
include_once('Cvss3.php');
```

After that, create a new vector.

```
use SecurityDatabase\Cvss\Cvss3;

try {
    $cvss = new Cvss3();
    $cvss->register("CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:W/CR:L/IR:L/MAV:A/MAC:H/MPR:L/MUI:N/MS:U/MC:L/MI:L/MA:L");

    print_r($cvss->getWeight());
    print_r($cvss->getScores());
    print_r($cvss->getScoresLabel());
    print_r($cvss->getSubScores());
    print_r($cvss->getSubScoresLabel());
    print_r($cvss->getRatings());
    print_r($cvss->getFormula());
    print_r($cvss->getVector());
    (...)

} catch (Exception $e) {
    print $e->getCode() . " : " . $e->getMessage();
}
```

#### Usage

[](#usage)

You can now get some informations :

Get weight of every piece of the vector (array());

```
print_r($cvss->getWeight());
/*
array (size=20)
  'AV' => float 0.85
  'AC' => float 0.44
  'PR' => float 0.27
  'UI' => float 0.62
  'C' => float 0.22
  'I' => float 0.22
  'A' => float 0
  'E' => float 0.94
  'RL' => float 0.97
  'CR' => float 0.5
  'IR' => float 0.5
  'MAV' => float 0.62
  'MAC' => float 0.44
  'MPR' => float 0.62
  'MUI' => float 0.85
  'MC' => float 0.22
  'MI' => float 0.22
  'MA' => float 0.22
  'RC' => float 1
  'AR' => float 1
*/
```

Get scores used in scores (array());

```
print_r($cvss->getScores());
/*
array (size=7)
  'baseScore' => float 6.7
  'impactSubScore' => float 5.7576309677951
  'exploitabalitySubScore' => float 0.3924228
  'temporalScore' => string 'NA' (length=2)
  'envScore' => string 'NA' (length=2)
  'envModifiedImpactSubScore' => string 'NA' (length=2)
  'overallScore' => float 6.7
*/
```

Get scores with label (en\_US) used in scoresLabel (array());

```
print_r($cvss->getScoresLabel());
/*
array (size=7)
  'Base Score' => float 6.7
  'impact SubScore' => float 5.7576309677951
  'Exploitabality Sub Score' => float 0.3924228
  'Temporal Score' => string 'NA' (length=2)
  'Environmental Score' => string 'NA' (length=2)
  'Environmental Modified Impact SubScore' => string 'NA' (length=2)
  'Overall CVSS Score' => float 6.7
*/
```

Get sub scores used in sub\_scores (array());

```
print_r($cvss->getScores());
/*
array (size=9)
  'impactSubScoreMultiplier' => float 0.8064
  'impactSubScore' => float 5.7576309677951
  'exploitabalitySubScore' => float 0.3924228
  'baseScore' => float 6.7
  'temporalScore' => float 6.7
  'envModifiedExploitabalitySubScore' => float 0.3924228
  'envImpactSubScoreMultiplier' => float 0.8064
  'envModifiedImpactSubScore' => float 5.7576309677951
  'envScore' => float 6.7
*/
```

Get sub scores with label (en\_US) used in sub\_scoresLabel (array());

```
print_r($cvss->getScoresLabel());
/*
array (size=9)
  'Impact SubScore Multiplier' => float 0.8064
  'impact SubScore' => float 5.7576309677951
  'Exploitabality Sub Score' => float 0.3924228
  'Base Score' => float 6.7
  'Temporal Score' => float 6.7
  'Environmental Modified Exploitabality SubScore' => float 0.3924228
  'Environmental Impact SubScore Multiplier' => float 0.8064
  'Environmental Modified Impact SubScore' => float 5.7576309677951
  'Environmental Score' => float 6.7
*/
```

Get Severity Ratings used in severityRatings (array());

```
print_r($cvss->getRatings());
/*
array (size=3)
    'baseRating' => string 'Low' (length=3)
    'tempRating' => string 'Low' (length=3)
    'envRating' => string 'Low' (length=3)
*/
```

Get Formula with detail

```
print_r($cvss->getFormula());

/*
    array (size=9)
      'impactSubScoreMultiplier' => string '1 - ( ( 1 - 0.22 ) * ( 1 - 0.22 ) * ( 1 - 0 ) )' (length=47)
      'impactSubScore' => string '6.42 * 0.3916' (length=13)
      'exploitabalitySubScore' => string '8.22 * 0.85 * 0.44 * 0.27 * 0.62' (length=32)
      'baseScore' => string 'roundUp( min( 10 , 2.514072 + 0.514634472 ) )' (length=45)
      'temporalScore' => string 'roundUp( 3.1 * 0.94 * 0.97 * 1)' (length=31)
      'envModifiedExploitabalitySubScore' => string '8.22 * 0.62 * 0.44 * 0.62 * 0.85' (length=32)
      'envImpactSubScoreMultiplier' => string 'min( 0.915, 1 - ( ( 1 - 0.22 * 0.5 ) * ( 1 - 0.22 * 0.5 ) * ( 1 - 0.22 * 1 ) ) )' (length=80)
      'envModifiedImpactSubScore' => string '6.42 * 0.382162' (length=15)
      'envScore' => string 'roundUp(min(10 , (2.45348004 + 1.181753232 ) * 0.94 * 0.97 * 1),1)' (length=66)
*/
```

Get the vector

```
print $cvss->getVector();

/* return a string :
   CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:W/CR:L/IR:L/MAV:A/MAC:H/MPR:L/MUI:N/MS:U/MC:L/MI:L/MA:L
*/
```

#### Contribute

[](#contribute)

If you found any error on the class, please, fork it, push a PR or contact us at "info at security-database.com"

###  Health Score

39

—

LowBetter than 84% of packages

Maintenance32

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 93.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~143 days

Recently: every ~304 days

Total

11

Last Release

2212d ago

Major Versions

v1.3.2 → v2.02016-10-07

PHP version history (2 changes)v1.2.0PHP &gt;=5.3.0

v2.1.0PHP &gt;=5.6

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/7392958?v=4)[Security-Database Admin](/maintainers/security-database)[@security-database](https://github.com/security-database)

---

Top Contributors

[![security-database](https://avatars.githubusercontent.com/u/7392958?v=4)](https://github.com/security-database "security-database (73 commits)")[![waniks](https://avatars.githubusercontent.com/u/2764772?v=4)](https://github.com/waniks "waniks (2 commits)")[![WobwobRt](https://avatars.githubusercontent.com/u/140562858?v=4)](https://github.com/WobwobRt "WobwobRt (2 commits)")[![rhaeyx](https://avatars.githubusercontent.com/u/43877303?v=4)](https://github.com/rhaeyx "rhaeyx (1 commits)")

---

Tags

securitycvsscvssv3

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/security-database-cvss/health.svg)

```
[![Health](https://phpackages.com/badges/security-database-cvss/health.svg)](https://phpackages.com/packages/security-database-cvss)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k465.6M1.5k](/packages/phpseclib-phpseclib)[defuse/php-encryption

Secure PHP Encryption Library

3.9k175.2M254](/packages/defuse-php-encryption)[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M142](/packages/mews-purifier)[robrichards/xmlseclibs

A PHP library for XML Security

41484.3M150](/packages/robrichards-xmlseclibs)[voku/anti-xss

anti xss-library

72817.9M94](/packages/voku-anti-xss)[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

86611.1M25](/packages/spatie-laravel-csp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
