VulnIQ processes advisories published by vendors such as Cisco, Red Hat etc and correlates advisories with other data.
CVSS scores discovered in advisories are associated with vulnerabilities.