What about the CVSS score
Not sure why no one has mentioned this, but every CVE code is usually accompanied by a corresponding CVSS score, which would indicate impact (the 2.0 CVSS scoring isn't perfect, but it's useful).
Why not just re-run the numbers with anything with a CVSS score above 7 to get a more meaningful rating.
CVE's alone are garbage, you can declare them youself on any product for something as simple as no password lockout....