Is It Normal for DefectDojo to Assign Different Severity Scores to the Same CWE in Separate Findings?

·Apr 07, 2026 03:03 PM·

Is it normal for defectdojo to assign different severity scores to separate instances of the same CWE? We have one finding of a CWE where it was scored as is high and another where it is low.

1 comment

· Sorted by Oldest

Valentijn S.
·
·
The severity is determined by what is in the report that was uploaded. It's not based on CWE. Did you mean CVE? Different scanners may produce different severities which end up in Defect Dojo. Can you tell us more about what you are uploading, what you are seeing?

Valentijn S.
·
·
The severity is determined by what is in the report that was uploaded. It's not based on CWE. Did you mean CVE? Different scanners may produce different severities which end up in Defect Dojo. Can you tell us more about what you are uploading, what you are seeing?