CVSS vs. EPSS Comparator

Compare real-world exploitability with CVSS severity scores.

What is CVSS?

The Common Vulnerability Scoring System (CVSS) rates severity on a scale of 0-10. It answers: "How bad would this be if it were exploited?" It considers impact and exploitability factors.

What is EPSS?

The Exploit Prediction Scoring System (EPSS) estimates the probability (0-100%) that a vulnerability will be exploited in the wild in the next 30 days. It answers: "How likely is this to be exploited?"