Skip to content

vulnsig/vulnsig-ts

BranchesTags

Repository files navigation

vulnsig

Render CVSS vulnerability vectors as expressive SVG glyphs. Each glyph encodes all base metrics visually with shape, color, rings, and texture, so vulnerabilities are recognizable at a glance.

Supports CVSS 4.0, 3.1, and 3.0.

Visit vulnsig.io to interactively explore CVSS glyph configurations and recent or well-known CVE vector glyphs.

Install

npm install vulnsig

Usage

import { renderGlyph } from 'vulnsig';

const svg = renderGlyph({ vector: 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H' });

// override the score (e.g. if you already have it)
const svg2 = renderGlyph({ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H', score: 10.0 });

// control rendered size in pixels (default 120)
const svg3 = renderGlyph({ vector: 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N', size: 64 });

renderGlyph returns an SVG string ready to embed in HTML or write to a file.

Examples

CVSS 4.0

Glyph Name Vector Score
Log4Shell AV:N AC:L AT:N PR:N UI:N VC:H VI:H VA:H SC:H SI:H SA:H 10.0
EternalBlue AV:N AC:L AT:N PR:N UI:N VC:H VI:H VA:H SC:N SI:N SA:N 9.3
Heartbleed AV:N AC:L AT:N PR:N UI:N VC:H VI:N VA:N SC:L SI:N SA:N 8.7
Spectre AV:L AC:H AT:P PR:L UI:N VC:H VI:N VA:N SC:H SI:N SA:N 5.6
XSS Stored AV:N AC:L AT:N PR:L UI:P VC:L VI:L VA:N SC:N SI:N SA:N 5.1
USB Drop AV:P AC:L AT:N PR:N UI:N VC:H VI:H VA:H SC:N SI:N SA:N 7.3

CVSS 3.x

Glyph Name Vector Score
Log4Shell AV:N AC:L PR:N UI:N S:C C:H I:H A:H 10.0
XSS Reflected AV:N AC:L PR:N UI:R S:C C:L I:L A:N 6.1

Visual encoding

Each metric maps to a distinct visual channel:

Metric Channel
Score Hue — yellow (low) → orange → dark red (high)
AV Star points — N=8, A=6, L=4, P=3
AC Star pointiness — L=sharp, H=blunt
AT Ring segmentation — N=solid, P=cut pattern
PR Star outline — N=none, L=thin, H=thick
UI Perimeter — N=spikes, P=bumps, A=clean
VC/VI/VA Inner ring brightness per sector
SC/SI/SA Outer ring band (split when any > 0)

Requirements

Node.js 18+

What Is New in VulnSig

1.3.0

Added rendering of Exploit Maturity.

Improved rendering of PR.

1.2.0

Improved glyph rendering over diverse backgrounds.

1.1.0

Extension to the public interface.

About

Render CVSS vulnerability vectors as expressive SVG glyphs

vulnsig.io

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

1.3.0 Latest
Mar 5, 2026
+ 4 releases

Contributors

Languages