CVSS v3.1 Score Calculator
Calculate a CVSS v3.1 Base Score by selecting the 8 metric values. Instantly see the numeric score, severity rating, vector string, and a plain-English impact summary.
Exploitability Metrics
Scope & Impact Metrics
Score Breakdown
Load a preset
Disclaimer: Free tool provided “as is” by MonitorGiant. No warranty or liability for any data loss, security issues, or infrastructure problems arising from use of this tool. Results are for informational purposes only. · A Free Tool by MonitorGiant
What is CVSS v3.1 Score Calculator?
The Common Vulnerability Scoring System (CVSS) v3.1 is the industry-standard framework for rating the severity of security vulnerabilities. A CVSS Base Score reflects the intrinsic characteristics of a vulnerability: how it can be exploited, what privileges or interaction it requires, and what the impact would be on confidentiality, integrity, and availability. Scores range from 0.0 (None) to 10.0 (Critical). The NVD (National Vulnerability Database) publishes official CVSS scores for all CVEs.
How to use this tool
- 1 Select all 8 metric values — work through the Exploitability panel (Attack Vector, Complexity, Privileges Required, User Interaction) and the Scope & Impact panel (Scope, Confidentiality, Integrity, Availability).
- 2 Read the score and severity in the banner at the top, which updates in real time showing the numeric score (0.0–10.0) and the severity rating: None, Low, Medium, High, or Critical.
- 3 Copy the CVSS vector string shown below the score and include it in your vulnerability report or bug bounty submission.
- 4 Use the preset buttons (Log4Shell, Reflected XSS, Local Priv-Esc, Info Leak) to see real-world examples and understand how the formula responds to different metric combinations.
When would you use this?
- Security teams prioritising remediation — Critical and High scores get patched immediately while Medium and Low go in the regular sprint.
- Penetration testers including CVSS scores in vulnerability reports to give clients context on risk level.
- Bug bounty hunters calculating expected CVSS scores before submitting a report.
- Compliance teams whose frameworks (PCI-DSS, FedRAMP) mandate remediation timelines based on CVSS severity bands.
Need to track when new CVEs affect your infrastructure? MonitorGiant monitors your endpoints and alerts you to configuration changes that could affect your attack surface.
Related tools
How works
- 1
Select all 8 metric values
Work through the two panels — Exploitability (AV, AC, PR, UI) and Scope & Impact (S, C, I, A). Each button shows a tooltip explaining the difference between values.
- 2
Read the score and severity
The banner at the top updates in real time showing the numeric score (0.0–10.0) and the severity rating: None, Low, Medium, High, or Critical.
- 3
Copy the vector string
The CVSS vector string (e.g. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) is shown below the score. Hit "Copy Vector" to copy it for inclusion in a vulnerability report.
- 4
Use presets for common vulnerabilities
The preset buttons load real-world examples — Log4Shell, Reflected XSS, Local Privilege Escalation, and a low-severity info leak — so you can see how the formula works.
All calculations run in your browser using the published CVSS v3.1 specification formula. No data is sent to any server.
Comments & Feedback
Found a bug? Have a suggestion? We'd love to hear from you.
Related Tools
From the makers of this tool
Need deeper observability?
MonitorGiant tracks real-time AI performance, infrastructure health, and system reliability — far beyond what free utilities can show.