CVSS (Common Vulnerability Scoring System) is a standard measurement system used to assess and prioritize the severity of security vulnerabilities in software components. It provides a framework for evaluating the impact and risk of vulnerabilities, allowing organizations to understand and manage their vulnerability management more effectively. The CVSS scoring system takes into account various factors such as exploitability, impact, and temporal context to provide a comprehensive score range of 0-10 that maps to severity levels. However, challenges with CVSS include missing applicability context, incorrect scoring, and the lack of consideration for material consequences or specific implications in certain industries. To address these challenges, Snyk uses CVSS v3.1 as part of its security research efforts, providing a more accurate and consistent vulnerability impact score to balance out inaccuracies made by other authorities that issue CVEs. The CVSS scoring system is comprised of three groups: base metrics (exploitability and impact), temporal metrics (context related to timing and exploitation), and environmental metrics (customizing the score to the user's or organization's specific environment). Understanding how these groups work together provides a more accurate assessment of security vulnerabilities, enabling organizations to prioritize remediation activities and calculate severity scores.