Hugging Face's logo

sumitp76
/
cve-exploitability

Text Classification
PyTorch
security
cve
vulnerability-management
exploit-prediction
sbom
Model card Files
xet
 Community

CVE Exploitability Model

Predicts the probability that a CVE is exploited in the wild (CISA KEV as the positive label), for prioritising vulnerabilities surfaced from an SBOM. Two-branch deep model: a TextCNN over the CVE description fused with an MLP over CVSS v3 metadata + CWE.

Held-out test metrics

Model ROC-AUC PR-AUC Precision@10% Recall@10%
Deep (TextCNN + CVSS fusion) 0.934 0.763 0.782 0.473
Baseline: CVSS score only 0.746 0.316 0.347 0.210
Baseline: logistic reg (structured) 0.819 0.440 0.463 0.280

Usage 

# pip install huggingface_hub torch numpy pandas
import importlib.util, sys
from huggingface_hub import hf_hub_download
spec = importlib.util.spec_from_file_location("hf_model", hf_hub_download("sumitp76/cve-exploitability", "hf_model.py"))
m = importlib.util.module_from_spec(spec); sys.modules["hf_model"] = m; spec.loader.exec_module(m)

pp, net = m.load_model("sumitp76/cve-exploitability")

import pandas as pd, torch
df = pd.DataFrame([{"description": "Remote code execution via crafted request ...",
                     "base_score": 9.8, "severity": "CRITICAL", "AV": "NETWORK", "AC": "LOW",
                     "PR": "NONE", "UI": "NONE", "S": "UNCHANGED", "C": "HIGH", "I": "HIGH",
                     "A": "HIGH", "has_v3": 1, "v2_base_score": None, "year": 2024, "cwe": "CWE-94"}])
Xt = torch.tensor(pp.transform_text(df.description.tolist()))
Xs = torch.tensor(pp.transform_struct(df), dtype=torch.float32)
print("exploit probability:", torch.sigmoid(net(Xt, Xs)).item())

Labels

  • 1 = listed in CISA KEV (known exploited in the wild)
  • 0 = not known-exploited (sampled from NVD)

Data sources

  • Labels: CISA KEV (cisagov/kev-data)
  • Features: NVD (fkie-cad/nvd-json-data-feeds) — description, CVSS v3, CWE

Limitations

KEV is a weak/incomplete label; the training class prevalence is inflated versus the real-world (<1%); CVEs seen during training score optimistically; novel patterns (e.g. supply-chain backdoors) are hard. Evaluate with a time-based split before operational use. This model assists triage and is not a substitute for human judgement.

Downloads last month
16
Inference Providers NEW
Text Classification
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support