A practical primer on the four scoring systems that matter for dependency security: CVSS for severity, EPSS for exploit probability, CISA KEV for confirmed in-the-wild exploitation, and CWE for vulnerability taxonomy.