diff --git a/pyproject.toml b/pyproject.toml
index 3141ad0..a2d62f7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "appthreat-vulnerability-db"
-version = "5.6.1"
+version = "5.6.2"
 description = "AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities."
 authors = [
     {name = "Team AppThreat", email = "cloud@appthreat.com"},
diff --git a/vdb/lib/npm.py b/vdb/lib/npm.py
index dc69f16..cd895bd 100644
--- a/vdb/lib/npm.py
+++ b/vdb/lib/npm.py
@@ -3,6 +3,7 @@
 
 This module implements basic functionality to query npm registry for security advisories
 """
+
 import logging
 
 try:
@@ -206,6 +207,10 @@ def to_vuln(self, v, ret_data):
             score, severity, vectorString, attackComplexity = get_default_cve_data(
                 severity
             )
+            cvss = v.get("cvss")
+            if cvss:
+                score = cvss.get("score")
+                vectorString = cvss.get("vectorString")
             exploitabilityScore = score
             metadata = v.get("metadata", {})
             if isinstance(metadata, dict) and metadata.get("exploitability"):