Severity is a categorization of the risk and urgency of a vulnerability.

For more information, see CVSS Scores vs. VPR.

CVSS-based Severity

When you view vulnerabilities in scan results, Tenable Nessus shows severity based on CVSSv2 scores or CVSSv3 scores, depending on your configuration.

  • You can choose whether Tenable Nessus calculates the severity of vulnerabilities using CVSSv2 or CVSSv3 scores by configuring your default severity base setting. For more information, see Configure Your Default Severity Base.

  • You can also configure individual scans to use a particular severity base, which overrides the default severity base for those scan results. For more information, see Configure the Severity Base for an Individual Scan.


You can also view the top 10 vulnerabilities by VPR threat. For more information, see View VPR Top Threats.