Historical archive of EPSS (Exploit Prediction Scoring System) scores from FIRST.org.
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. It produces a probability score between 0 and 1 (0% to 100%), where higher scores indicate greater probability of exploitation.
EPSS CSV files are organized by Year and Month:
data/
├── 2021/
│ ├── 04/
│ │ ├── epss_scores-2021-04-14.csv.gz
│ │ └── ...
│ └── ...
├── 2024/
│ ├── 01/
│ │ ├── epss_scores-2024-01-01.csv.gz
│ │ └── ...
│ └── ...
└── 2025/
└── ...
Files are downloaded from the EPSS API:
- URL format:
https://epss.empiricalsecurity.com/epss_scores-YYYY-MM-DD.csv.gz - Data available from: April 14, 2021 onwards
This repository is automatically updated daily via GitHub Actions. The workflow runs at 1:30 PM UTC / 7:30 AM Central (after EPSS scores are published around 1:30 PM UTC).
You can also trigger manual downloads via the GitHub Actions workflow:
- Go to Actions → Daily EPSS Download
- Click Run workflow
- Options:
- Download all historical files: Downloads all EPSS files from April 2021 to present
- Start date / End date: Download a specific date range
- Python 3.8+
requestslibrary
pip install -r scripts/requirements.txt# Download today's file (daily update)
python scripts/download_epss.py --today
# Download all historical files
python scripts/download_epss.py --all
# Download files for a specific date range
python scripts/download_epss.py --start 2024-01-01 --end 2024-12-31
# Download a specific date
python scripts/download_epss.py --date 2024-06-15
# Decompress all downloaded .gz files
python scripts/download_epss.py --decompress
# Specify custom output directory
python scripts/download_epss.py --today --output-dir my_dataEach gzipped CSV file contains:
| Column | Description |
|---|---|
cve |
CVE identifier (e.g., CVE-2021-44228) |
epss |
EPSS probability score (0-1) |
percentile |
Percentile ranking compared to all other CVEs |
EPSS data is provided by FIRST.org. Please refer to their terms of use for data usage policies.