← All tools
Free Tool
CVSS Calculator
Calculate CVSS 3.1 base scores for vulnerability severity assessment. Includes guidance on whether the score triggers Article 14 notification obligations under the EU Cyber Resilience Act.
0.0
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Article 14 threshold
Below critical threshold
Art. 14 is triggered by active exploitation — not CVSS alone.
0.0None
0.1 – 3.9Low
4.0 – 6.9Medium
7.0 – 8.9High
9.0 – 10.0Critical
Frequently asked
What is CVSS?
CVSS (Common Vulnerability Scoring System) is the industry-standard framework for assessing the severity of security vulnerabilities. Version 3.1 is the most widely used. Scores range from 0 to 10: None (0), Low (0.1–3.9), Medium (4.0–6.9), High (7.0–8.9), Critical (9.0–10.0).
Does CVSS score determine Article 14 obligations?
Not directly. Article 14 is triggered by active exploitation or a severe security incident — not by CVSS score alone. However, a Critical CVSS score combined with evidence of exploitation is strong grounds for Article 14 notification. A High or Critical score without exploitation evidence still requires standard CVD handling but not mandatory ENISA notification.
Should I use CVSS 3.1 or 4.0?
CVSS 4.0 was released in 2023 and offers more granular scoring. Most current tools and databases still use CVSS 3.1. CVD Portal records both — this calculator uses CVSS 3.1 as it remains the most widely supported.
Is the CVSS score included in CSAF advisories?
Yes — CVSS scores are a required field in CSAF 2.0 advisories. CVD Portal pre-populates your CSAF advisory with the CVSS score recorded during triage.
Ready to automate your CVD programme?
CVD Portal integrates all these tools and handles your Article 13 and 14 obligations automatically.
Start your free portal →