June 18, 2024

Improved security prioritization with CVSS version 4.0

New

We’re happy to announce the introduction of the latest version of CVSS - version 4.0.

Starting today, and in accordance with the latest official CVSS version published by FIRST.org, new vulnerabilities will be assigned with hand curated CVSS v4.0 vectors by Snyk’s team of Security Analysts.

All new advisories identified by Snyk Open Source will be provided with both CVSS v4.0 and CVSS v3.1 severity assessments. These new advisories, which will have a provided CVSS v4.0 vector and score, will determine the default severity of the issue, based on CVSS v4.0. The current severity of existing issues in your projects will not change.

In addition to basing the severity of new issues on CVSS v4.0, Snyk will gradually expose the new vector metrics in the various product workflows.

The new default evaluation using CVSS v4.0 will improve the prioritization workflow and risk assessment, enabling you to focus on the most emerging threats.

For more information about CVSS v4.0's specifications, please refer to the blog post: What’s new in CVSS 4.0.

A list of CVSS advisories, with a toggle to choose between CVSS 4.0 and CVSS 3.1