How XRay maps severities for vulnerabilities as minor, major and Critical.
Xray uses this criteria to determine severity:
- CVSS score 1-4, it will be marked as Minor.
- CVSS score between 4-7, it will be marked as Major
- CVSS score above 7 it will be marked Critical.
For Redhat/Pivotal, etc, XRay relies on the corresponding vendor's definitions.