EPSS Data

The current fields in the available data are:

• cve : The CVE identifier as specified by MITRE’s CVE List
• epss : the EPSS score representing the probability [0-1] of exploitation in the wild in the next 30 days (following score publication)
• percentile : the percentile of the current score, the proportion of all scored vulnerabilities with the same or a lower EPSS score

The comma-separated values (CSV) contain the CVE Identifier and the EPSS score as of the date the data was generated.

All of the daily historical data for EPSS can be found in this github repo: https://github.com/empiricalsec/epss_scores

If you do historical analysis, keep in mind the following dates:

• No scores are available before 2021-04-14
• EPSS v2 (v2022.01.01) started publishing on 2022-02-04, you will see a major shift in most scores on that day, and the files now include a comment at the start with # stating the model version and publish date.
• EPSS v3 (v2023.03.01) started publishing on 2023-03-07, you will see a shift in scores on that day.
• EPSS v4 (v2025.03.14) started publishing on 2025-03-17, you will see a shift in scores on that day.

EPSS Report for Monday, Feb 9, 2026

• 314,521 total CVEs scored
• 111 CVEs are newly scored

• Exploit Prediction Scoring System (EPSS)
  • The EPSS Model
  • Data and Statistics
  • User Guide
  • EPSS Research and Presentations
  • Frequently Asked Questions
  • Who is using EPSS?
  • Open-source EPSS Tools
  • API
  • Related Exploit Research
  • Blog
    • Understanding EPSS Probabilities and Percentiles
    • Log4Shell Use Case
    • Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities
  • Data Partners