---
library_name: transformers
license: cc-by-4.0
base_model: roberta-base
metrics:
- accuracy
tags:
- generated_from_trainer
- text-classification
- classification
- nlp
- vulnerability
model-index:
- name: vulnerability-severity-classification-roberta-base
  results: []
datasets:
- CIRCL/vulnerability-scores
---


# VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification

# Severity classification

This model is a fine-tuned version of [roberta-base](https://huggingface.co/roberta-base) on the dataset [CIRCL/vulnerability-scores](https://huggingface.co/datasets/CIRCL/vulnerability-scores).

The model was presented in the paper [VLAI: A RoBERTa-Based Model for Automated Vulnerability Severity Classification](https://huggingface.co/papers/2507.03607) [[arXiv](https://arxiv.org/abs/2507.03607)].

**Abstract:** VLAI is a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling faster and more consistent triage ahead of manual CVSS scoring. The model and dataset are open-source and integrated into the Vulnerability-Lookup service.

You can read [this page](https://www.vulnerability-lookup.org/user-manual/ai/) for more information.


## Model description

It is a classification model and is aimed to assist in classifying vulnerabilities by severity based on their descriptions.

## How to get started with the model

```python
from transformers import AutoModelForSequenceClassification, AutoTokenizer
import torch

labels = ["low", "medium", "high", "critical"]

model_name = "CIRCL/vulnerability-severity-classification-roberta-base"
tokenizer = AutoTokenizer.from_pretrained(model_name)
model = AutoModelForSequenceClassification.from_pretrained(model_name)
model.eval()

print("Model revision:", model.config._commit_hash)

test_description = "SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries \
that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system."
inputs = tokenizer(test_description, return_tensors="pt", truncation=True, padding=True)

# Run inference
with torch.no_grad():
    outputs = model(**inputs)
    predictions = torch.nn.functional.softmax(outputs.logits, dim=-1)

# Print results
print("Predictions:", predictions)
predicted_class = torch.argmax(predictions, dim=-1).item()
print("Predicted severity:", labels[predicted_class])
```

## Training procedure

### Training hyperparameters

The following hyperparameters were used during training:
- learning_rate: 3e-05
- train_batch_size: 32
- eval_batch_size: 32
- seed: 42
- optimizer: Use OptimizerNames.ADAMW_TORCH_FUSED with betas=(0.9,0.999) and epsilon=1e-08 and optimizer_args=No additional optimizer arguments
- lr_scheduler_type: linear
- num_epochs: 5

It achieves the following results on the evaluation set:
- Loss: 2.0444
- Accuracy: 0.8151
- F1 Macro: 0.7468
- Low Precision: 0.6636
- Low Recall: 0.5090
- Low F1: 0.5761
- Medium Precision: 0.8444
- Medium Recall: 0.8694
- Medium F1: 0.8567
- High Precision: 0.8099
- High Recall: 0.8094
- High F1: 0.8097
- Critical Precision: 0.7554
- Critical Recall: 0.7342
- Critical F1: 0.7446

### Training results

| Training Loss | Epoch | Step  | Validation Loss | Accuracy | F1 Macro | Low Precision | Low Recall | Low F1 | Medium Precision | Medium Recall | Medium F1 | High Precision | High Recall | High F1 | Critical Precision | Critical Recall | Critical F1 |
|:-------------:|:-----:|:-----:|:---------------:|:--------:|:--------:|:-------------:|:----------:|:------:|:----------------:|:-------------:|:---------:|:--------------:|:-----------:|:-------:|:------------------:|:---------------:|:-----------:|
| 2.7608        | 1.0   | 16685 | 2.5243          | 0.7411   | 0.6299   | 0.6253        | 0.2810     | 0.3877 | 0.7719           | 0.8474        | 0.8079    | 0.7165         | 0.7320      | 0.7242  | 0.6957             | 0.5270          | 0.5997      |
| 2.3464        | 2.0   | 33370 | 2.3441          | 0.7670   | 0.6837   | 0.5518        | 0.4400     | 0.4896 | 0.8160           | 0.8279        | 0.8219    | 0.7451         | 0.7738      | 0.7591  | 0.7014             | 0.6306          | 0.6642      |
| 1.7701        | 3.0   | 50055 | 2.1916          | 0.7895   | 0.7116   | 0.6944        | 0.4197     | 0.5232 | 0.8338           | 0.8397        | 0.8367    | 0.7599         | 0.8059      | 0.7822  | 0.7311             | 0.6793          | 0.7043      |
| 1.8485        | 4.0   | 66740 | 2.0622          | 0.8059   | 0.7348   | 0.6377        | 0.5008     | 0.5610 | 0.8259           | 0.8765        | 0.8504    | 0.8062         | 0.7891      | 0.7976  | 0.7674             | 0.6964          | 0.7302      |
| 1.4786        | 5.0   | 83425 | 2.0444          | 0.8151   | 0.7468   | 0.6636        | 0.5090     | 0.5761 | 0.8444           | 0.8694        | 0.8567    | 0.8099         | 0.8094      | 0.8097  | 0.7554             | 0.7342          | 0.7446      |


### Framework versions

- Transformers 5.9.0
- Pytorch 2.12.0+cu130
- Datasets 4.8.5
- Tokenizers 0.22.2