CVSS 3.1 Calculator
0xdad025 downloadsCompute CVSS 3.1 scores with an interactive popup selector.
- Overview
- Scorecard
- Updates6
An Obsidian plugin that opens a single popup to compute CVSS 3.1 scores interactively. Select all metric options, see the score update in real time, then copy the vector string or insert the result directly into your note.
Features
- Single wide modal — all 8 Base Score metrics visible without scrolling
- Live score computation as you click options
- Color-coded severity badge (Info / Low / Medium / High / Critical)
- Displays the full CVSS vector string (e.g.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) - Copy Vector — copies the vector string to the clipboard
- Insert into note — inserts the score and vector at the cursor in the active markdown note
- Change CVSS of open finding — fuzzy-search all open findings and update their CVSS frontmatter properties in one step
- Change CVSS of current note — update the CVSS of whatever note is currently open, regardless of its status
- Accessible via ribbon icon (shield) or Command Palette
Metrics covered
| Group | Metric | Values |
|---|---|---|
| Exploitability | Attack Vector (AV) | Network, Adjacent, Local, Physical |
| Exploitability | Attack Complexity (AC) | Low, High |
| Exploitability | Privileges Required (PR) | None, Low, High |
| Exploitability | User Interaction (UI) | None, Required |
| Scope | Scope (S) | Unchanged, Changed |
| Impact | Confidentiality (C) | None, Low, High |
| Impact | Integrity (I) | None, Low, High |
| Impact | Availability (A) | None, Low, High |
Privileges Required weights are automatically adjusted when Scope = Changed, as per the CVSS 3.1 specification.
Severity ratings
| Score range | Rating |
|---|---|
| 0.0 | Info |
| 0.1 – 3.9 | Low |
| 4.0 – 6.9 | Medium |
| 7.0 – 8.9 | High |
| 9.0 – 10.0 | Critical |
Installation (manual)
- Build the plugin (see below) or download a release.
- Copy these three files into your vault's plugin folder:
<vault>/.obsidian/plugins/cvss-calculator/main.js <vault>/.obsidian/plugins/cvss-calculator/manifest.json <vault>/.obsidian/plugins/cvss-calculator/styles.css - In Obsidian, go to Settings → Community plugins, disable Safe Mode if prompted, and enable CVSS 3.1 Calculator.
Development & build
Prerequisites
- Node.js 16 or later
- npm
Setup
git clone <repo-url>
cd obsidian-cvss
npm install
Build for production
npm run build
Outputs main.js (minified, no source map) alongside manifest.json and styles.css. Copy all three to your plugin folder.
Watch mode (development)
npm run dev
Watches main.ts for changes and rebuilds with inline source maps. Useful when the plugin folder is symlinked to the repo root:
# Example: symlink the repo directly into the vault
ln -s /path/to/obsidian-cvss /path/to/vault/.obsidian/plugins/cvss-calculator
Then enable the plugin in Obsidian and use Ctrl+R (or the "Reload app without saving" command) to pick up changes.
Project structure
obsidian-cvss/
├── main.ts # Plugin source (TypeScript)
├── main.js # Compiled output (generated — do not edit)
├── styles.css # Modal styles
├── manifest.json # Obsidian plugin metadata
├── package.json # npm scripts and dev dependencies
├── tsconfig.json # TypeScript compiler config
└── esbuild.config.mjs # Bundler config
Toolchain
| Tool | Purpose |
|---|---|
| TypeScript 4.7 | Type-safe source |
| esbuild 0.17 | Fast bundler / minifier |
| obsidian (npm) | Obsidian API type definitions |
Scoring algorithm
Implements the CVSS 3.1 Base Score formula exactly as defined by FIRST:
ISS = 1 − [(1 − C) × (1 − I) × (1 − A)]
Impact = 6.42 × ISS (Scope Unchanged)
= 7.52 × [ISS − 0.029] − 3.25 × [ISS − 0.02]^15 (Scope Changed)
Exploitability = 8.22 × AV × AC × PR × UI
Base Score = Roundup(Min[Impact + Exploitability, 10]) (Scope Unchanged)
= Roundup(Min[1.08 × (Impact + Exploitability), 10]) (Scope Changed)
Roundup returns the smallest value with one decimal place greater than or equal to the input.
Usage
Standalone calculator
- Click the shield icon in the left ribbon, or open the Command Palette and run CVSS Calculator.
- Click one button per metric — the score updates instantly after all 8 are selected.
- Use Copy Vector to copy the vector string, or Insert into note to write the result at the cursor:
**CVSS 3.1 Score:** 9.8 (Critical)
`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
Update CVSS of an open finding
- Open the Command Palette and run Change CVSS of open finding.
- Type to filter — the list shows all notes whose frontmatter has
statoorstatusset toapertooropen(case-insensitive). - Select a note. The CVSS calculator opens; if the note already has a
cvss_vector, the metrics are pre-selected. - Adjust the metrics and click Update CVSS. The following frontmatter properties are written (or overwritten):
| Property | Example value |
|---|---|
cvss_vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
cvss_score |
9.8 |
cvss_severity |
CRITICAL |
cvss_link |
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/… |
cvss_severityis always written in uppercase (INFO,LOW,MEDIUM,HIGH,CRITICAL).
Update CVSS of the current note
- Open the Command Palette and run Change CVSS of current note.
- The CVSS calculator opens targeting the active note — no status filter applied.
- Metrics are pre-selected if
cvss_vectoralready exists. Click Update CVSS to write the same four frontmatter properties listed above.
License
MIT
86%
HealthExcellent
ReviewSatisfactory
About
Compute CVSS 3.1 scores in a single wide modal showing all eight base metrics and update the score live as you select options. Copy the full CVSS vector or insert the score into your note, update the current note or open findings' CVSS frontmatter, and view a color-coded severity badge. Automatically adjust Privileges Required weights when Scope changes per CVSS 3.1.Details
Current version
1.0.5
Last updated
4 days ago
Created
2 months ago
Updates
6 releases
Downloads
25
Compatible with
Obsidian 1.4.4+
Platforms
Desktop, Mobile
License
MIT