Common Vulnerability Scoring System. The 0.0 to 10.0 numeric severity score attached to every NVD CVE record.
CVSS is the quantitative way the industry compares vulnerability severity. The CVSS v3 base score (0.0 to 10.0) reflects exploitability, impact, and required attack conditions; v4 adds threat-intelligence and environmental modifiers. NVD publishes a CVSS base score for nearly every CVE; vendors may publish their own scores using the same vector format.
Severity bands map as follows: Critical 9.0 to 10.0, High 7.0 to 8.9, Medium 4.0 to 6.9, Low 0.1 to 3.9. The base score does not account for whether the affected product is present in your environment; the environmental score is the consumer's responsibility to apply.