CVSS 4.0 and Exploit Maturity Support in the REST Issues API

We’re thrilled to announce the next step in our journey to improve security insights and prioritization—building on our previous update introducing CVSS 4.0. This enhancement adds support for CVSS 4.0 and Exploit Maturity (Threat Metrics) fields in the REST Issues API, delivering even more robust tools for vulnerability management.

The new default evaluation using CVSS v4.0 will improve the prioritization workflow and risk assessment, enabling you to focus on the most emerging threats.

In addition to CVSS 3.1 scores, you’ll now see CVSS 4.0 scores and exploit maturity fields when interacting with the REST Issues API.

Customers using data.effective_severity_level in their automations can now also use data.severities[].level for either CVSS 3.1 or CVSS 4.0 (based on data.severities[].version). Plus, gain access to all vector data and exploit details for each vulnerability for more granular automation and analysis.

For more information about CVSS v4.0's specifications, please refer to the blog post: What’s new in CVSS 4.0.

Stay secure,