API Reference: Vulnerability Prioritization with CVSS Scoring
CVSS v3.1 Base Metrics
| Metric |
Values |
Description |
| AV (Attack Vector) |
N, A, L, P |
Network, Adjacent, Local, Physical |
| AC (Attack Complexity) |
L, H |
Low, High |
| PR (Privileges Required) |
N, L, H |
None, Low, High |
| UI (User Interaction) |
N, R |
None, Required |
| S (Scope) |
U, C |
Unchanged, Changed |
| C (Confidentiality) |
N, L, H |
None, Low, High |
| I (Integrity) |
N, L, H |
None, Low, High |
| A (Availability) |
N, L, H |
None, Low, High |
Severity Ratings
| Score Range |
Rating |
| 0.0 |
None |
| 0.1-3.9 |
Low |
| 4.0-6.9 |
Medium |
| 7.0-8.9 |
High |
| 9.0-10.0 |
Critical |
EPSS API (FIRST.org)
| Endpoint |
Description |
GET https://api.first.org/data/v1/epss?cve=CVE-XXXX |
Get EPSS score |
Response: data[].epss |
Exploit probability (0-1) |
Response: data[].percentile |
Percentile ranking |
CISA KEV Catalog
| Field |
Description |
| URL |
https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json |
vulnerabilities[].cveID |
CVE identifier |
vulnerabilities[].dateAdded |
Date added to KEV |
vulnerabilities[].dueDate |
Remediation deadline |
Priority Scoring Formula
Python Libraries
| Library |
Version |
Purpose |
requests |
>=2.28 |
Fetch EPSS and KEV data |
math |
stdlib |
CVSS score rounding |
json |
stdlib |
Report generation |
References