Select CVSS metrics, get the base score and vector string instantly, then drop them straight into your vulnerability report.
The Common Vulnerability Scoring System (CVSS) is an open standard maintained by FIRST for rating the severity of security vulnerabilities. Security teams, bug bounty programs, and compliance frameworks — including guidance from OWASP — rely on CVSS base scores to prioritize remediation and communicate risk consistently. CVSS 3.1 remains widely used in pentest and bug bounty reports; CVSS 4.0 introduces refined metrics for modern attack scenarios.
Use the interactive calculator below to set base metrics and generate a CVSS 3.1 score and vector string. Copy the output directly into your pentest report, bug bounty submission, or any vulnerability write-up.
Full CVSS 4.0 calculation — including Threat, Environmental, and Supplemental metric groups — is available in the PoCcraft report generator. Generate a finding with auto-scored CVSS 4.0 and export a complete vulnerability report in minutes.
Score and report in one step
PoCcraft calculates CVSS severity, drafts findings, and exports PDF or Markdown — no copy-paste between tools.
Generate your report freeAlways include both the numeric base score and the full vector string (e.g. CVSS:3.1/AV:N/AC:L/...) so reviewers can validate your severity rationale. Pair scores with clear impact descriptions for faster triage and client acceptance.