There are 5 types of severity the issues are categorized on, Blocker, Critical, Major, Minor, INFO.
BLOCKER | Bug with a high probability to impact the behavior of the application in production like memory leaks, unclosed JDBC connection etc. The code must be immediately fixed. |
CRITICAL | Either a bug with a low probability to impact the behavior of the application in production or an issue which represents a security flaw like empty catch block, SQL injection etc. The code must be immediately reviewed. |
MAJOR | The flaws related to quality which can highly impact the developer’s productivity like uncovered piece of code, duplicated blocks, unused parameters etc. |
MINOR | Quality flaw which can slightly impact the developer productivity like length of the lines, usage of methods etc |
INFO | Neither a bug nor a quality flaw, just a finding that can be used for improvement. |
Here are some Best practices for Reviewing Code. Here is another blog on What is code vulnerability?
Related questions: