A vulnerability's severity (high, medium or low) is based on its CVSS score:
| CVSS Score | Severity |
| 7 - 10 | High |
| 4 - 6.9 | Medium |
| 0 - 3.9 | Low |
The score is comprised of measurements of each of the following metrics:
- Attack Vector (AV)
- Attack Complexity (AC)
- Privileges Required (PR)
- User Interaction (UI)
- Scope (S)
- Confidentiality (C)
- Integrity (I)
- Availability (A)
Check out this calculator for CVSS here: https://www.first.org/cvss/calculator/3.0
Linux Vulnerability Severity Definitions
Snyk now goes beyond NVD to bring distro-specific severities for our Linux vulnerabilities. With this change, even when a vulnerability is considered to be a high-severity issue in the most general context, it might still be a lower severity issue in specific Linux distros such as Debian or Ubuntu (or others).