{"id":8049,"library":"cvsslib","title":"CVSSlib","description":"CVSSlib is a Python 3 library designed for calculating Common Vulnerability Scoring System (CVSS) v2, v3, and v3.1 vectors. It provides utilities for scoring and manipulating CVSS vectors and is built to be extendable, allowing for custom scoring systems. The current version is 1.0.0, released in March 2020, and the project is in a maintenance state with no active feature development since then.","status":"maintenance","version":"1.0.0","language":"en","source_language":"en","source_url":"https://github.com/orf/cvsslib/","tags":["cvss","security","vulnerability","scoring"],"install":[{"cmd":"pip install cvsslib","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Required for integration with Django models if using the provided mixin functions.","package":"django-enumfields","optional":true}],"imports":[{"note":"Imports the modules for CVSS v2, v3, and v3.1 definitions, and the main calculation function.","symbol":"cvss2, cvss3, cvss31, calculate_vector","correct":"from cvsslib import cvss2, cvss3, cvss31, calculate_vector"},{"note":"Used to create base classes for CVSS members with utility functions like to_vector() and from_vector().","symbol":"class_mixin","correct":"from cvsslib import class_mixin"}],"quickstart":{"code":"from cvsslib import cvss2, cvss3, cvss31, calculate_vector\n\n# Calculate CVSS v2 score\nvector_v2 = \"AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H\"\nbase_score_v2, impact_v2, exploitability_v2 = calculate_vector(vector_v2, cvss2)\nprint(f\"CVSS v2 Vector: {vector_v2}\")\nprint(f\"Base Score: {base_score_v2}, Impact Score: {impact_v2}, Exploitability Score: {exploitability_v2}\\n\")\n\n# Calculate CVSS v3.0 score\nvector_v3 = \"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N\"\nbase_score_v3, impact_v3, exploitability_v3 = calculate_vector(vector_v3, cvss3)\nprint(f\"CVSS v3.0 Vector: {vector_v3}\")\nprint(f\"Base Score: {base_score_v3}, Impact Score: {impact_v3}, Exploitability Score: {exploitability_v3}\\n\")\n\n# Calculate CVSS v3.1 score\nvector_v31 = \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\"\nbase_score_v31, impact_v31, exploitability_v31 = calculate_vector(vector_v31, cvss31)\nprint(f\"CVSS v3.1 Vector: {vector_v31}\")\nprint(f\"Base Score: {base_score_v31}, Impact Score: {impact_v31}, Exploitability Score: {exploitability_v31}\")","lang":"python","description":"This quickstart demonstrates how to import the necessary modules from `cvsslib` and use the `calculate_vector` function to compute CVSS scores for different versions (v2, v3.0, and v3.1) from their respective vector strings. It prints the base, impact, and exploitability scores."},"warnings":[{"fix":"For CVSS v4.0 support, consider alternative libraries like 'RedHatProductSecurity/cvss' or monitor for future updates to cvsslib.","message":"The cvsslib library does not currently support CVSS v4.0. CVSS v4.0 was officially launched in November 2023 and introduces significant changes to metric definitions and scoring.","severity":"gotcha","affected_versions":"<=1.0.0"},{"fix":"Be aware of the project's maintenance status. For new CVSS standards or highly active development, evaluate other libraries.","message":"The last release (1.0.0) of cvsslib was in March 2020. While functional for supported CVSS versions, it is not under active feature development or frequent maintenance for new standards or major bug fixes.","severity":"gotcha","affected_versions":"1.0.0"},{"fix":"Ensure you are using the correct CVSS version module (cvss3 or cvss31) matching the vector string and specification you intend to follow. Review FIRST's CVSS v3.1 User Guide for detailed differences.","message":"Some combinations of CVSS v3.0 and v3.1 environmental scores may differ slightly due to redefinitions in the v3.1 specification (e.g., Roundup changes and ModifiedImpact sub-formula).","severity":"gotcha","affected_versions":"All versions supporting CVSS v3.0/v3.1"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Run `pip install cvsslib` to install the library.","cause":"The 'cvsslib' package has not been installed in your Python environment.","error":"ModuleNotFoundError: No module named 'cvsslib'"},{"fix":"Ensure you pass the correct CVSS version module. Example: `calculate_vector(my_vector_string, cvss3)`.","cause":"The `calculate_vector` function requires both the CVSS vector string and the corresponding CVSS version module (e.g., `cvss2`, `cvss3`, or `cvss31`) as arguments.","error":"TypeError: calculate_vector() missing 1 required positional argument: 'cvss_version_module'"},{"fix":"Access enums via the specific version module, e.g., `cvss3.AttackVector.NETWORK` or `from cvsslib.cvss3.enums import AttackVector`.","cause":"You are trying to access CVSS enums directly from the `cvsslib.cvss3` module without importing them or accessing them via the module's `enums` submodule.","error":"AttributeError: module 'cvsslib.cvss3' has no attribute 'AttackVector'"}]}