"Alert: if you look up curl CVEs in public sources like NVD you will find they use inflated severity levels and CVSS scores. They think they know better and override our assessments. This is a systemic error that we unfortunately cannot fix. Feel free to complain to them - we keep doing it to no use - and consider using our material as the canonical sources for curl issues."
While it is well-documented that there are erroneous assignments, I think it is still better that a vendor-independent body does the scoring. Though, the presence of CNAs kind of admittedly downplays this line of argumentation.