labels vulnerabilities with a CVE (Common Vulnerabilities and Exposures) number, and
rates with a CVSS (Common Vulnerability Scoring System) number out of 10 (with 10 being most critical) the impact of software vulnerabilities
In the case of Shellshock (CVE-2014-6271) for example, the CVSS rating was 10 and an incomplete patch release resulted in a further vulnerability (CVE-2014-7169 ), also rated 10, to track the completion of the patch.
When a CVSS rating is 5 (eg. Heartbleed) or higher, your organisation may have agreed the patch needs to be accelerated beyond that which you may normally have as part of your patching regime.