HackerOne

HackerOne supports scoring severities for reports using a CVSS 4.0 calculator. CVSS, or the Common Vulnerability Scoring System, is an industry-standard calculator used to determine the severity of a vulnerability. The standard enables a common language around the severity of vulnerabilities.<a href="https://www.first.org/cvss/v4-0/" rel="nofollow noopener noreferrer" target="_blank"> Learn more about CVSS 4.0</a>.

HackerOne’s implementation of CVSS 3.0 and CVSS 3.1 supports <a href="https://docs.hackerone.com/en/articles/8495699-environmental-score">environmental metric modifiers</a>. <b>This is no longer supported in CVSS 4.0</b> since this version has base metrics for Vulnerable System Impact and Subsequent System Impact Metrics. 

The affected asset in the report may have a maximum severity. In this case, the calculator will automatically cap the score and severity rating. The presence of a maximum severity will be indicated in the severity calculator.

Learn more about CVSS and Severity in our <b><a href="https://docs.hackerone.com/en/articles/8495674-severity">Severity</a></b><a href="https://docs.hackerone.com/en/articles/8495674-severity"> document</a>.

All audiences: Learn how CVSS 4.0 impacts severity

CVSS 4.0

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Severity Caps