diff --git a/README.md b/README.md
index 4f887359..f487de2f 100644
--- a/README.md
+++ b/README.md
@@ -1336,9 +1336,15 @@ using arguments or config files, or a mix of both:
 
 sleep better at night  by telling copyparty to periodically check whether your version has a [known vulnerability](https://github.com/9001/copyparty/security/advisories)
 
-this feature can be enabled by setting the global-option `--vc-url` to one of the following URLs; all of them provide the same information, so which one you choose is whatever
-* `https://api.copyparty.eu/advisories`
-* `https://api.github.com/repos/9001/copyparty/security-advisories?per_page=9`
+this feature can be enabled by setting the global-option `--vc-url` to one of the following URLs; choose what severity level you want to be notified for:
+* `https://api.copyparty.eu/advisories-panic` -- only really bad stuff, the "UPGRADE NOW" kind
+* `https://api.copyparty.eu/advisories` -- everything important / noteworthy, "upgrade when you can"
+* `https://api.copyparty.eu/advisories-all` -- *everything*, including stuff that's unlikely to affect anyone
+* `https://api.github.com/repos/9001/copyparty/security-advisories?per_page=9` -- same as `advisories-all`
+
+note that `https://api.copyparty.eu/advisories` may (for example) skip some advisories rated `High` but include some `Low`; that's because an easily-reachable `Low` in a default-enabled feature is more severe than a `High` which is a theoretical bug in a contrived use of a fringe feature, but the CVE calculator would still classify that as `High`
+
+if you want to use the github advisory feed but only care about advisories rated `medium`/`moderate` or higher, then global-option `--vc-sev medium` does that, but see previous paragraph
 
 > to see what happens when a bad version is detected, try `--vc-url https://api.copyparty.eu/advisories-test`
 
@@ -1354,6 +1360,7 @@ config file example:
   vc-url: https://api.copyparty.eu/advisories
   vc-age: 3  # how many hours to wait between each check
   vc-exit    # emergency-exit if current version is vulnerable
+  vc-sev: medium  # only care about severity 'Medium'/'Moderate' or higher (github-only; don't use this with api.copyparty.eu)
 ```
 
 
diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index 8eb39cd2..666aea32 100644
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -1237,6 +1237,7 @@ def add_general(ap, nc, srvname):
     ap2.add_argument("--reload-sig", metavar="S", type=u, default=("" if ANYWIN else "USR1"), help="reload server config when unix-signal \033[33mS\033[0m is received; examples: [\033[32mSIGUSR1\033[0m], [\033[32mUSR1\033[0m], [\033[32m10\033[0m]")
     ap2.add_argument("--vc-url", metavar="URL", type=u, default="", help="URL to check for vulnerable versions (default-disabled)")
     ap2.add_argument("--vc-age", metavar="HOURS", type=int, default=3, help="how many hours to wait between vulnerability checks")
+    ap2.add_argument("--vc-sev", metavar="LEVEL", type=u, default="low", help="minimum severity to care about; one of these: \033[32mlow medium high critical\033[0m")
     ap2.add_argument("--vc-exit", action="store_true", help="panic and exit if current version is vulnerable")
     ap2.add_argument("--license", action="store_true", help="show licenses and exit")
     ap2.add_argument("--version", action="store_true", help="show versions and exit")
diff --git a/copyparty/svchub.py b/copyparty/svchub.py
index 28f5cc0c..24f6007c 100644
--- a/copyparty/svchub.py
+++ b/copyparty/svchub.py
@@ -119,6 +119,8 @@ VER_IDP_DB = 1
 VER_SESSION_DB = 1
 VER_SHARES_DB = 2
 
+CVE_SEVS = {"low": 1, "medium": 2, "moderate": 2, "high": 3, "critical": 4}
+
 
 class SvcHub(object):
     """
@@ -298,6 +300,9 @@ class SvcHub(object):
                 self.log("root", "vc-age too low for copyparty.eu; will use 3 hours")
             args.vc_age = zi
 
+        if args.vc_sev and args.vc_sev not in CVE_SEVS:
+            self.log("root", "vc-sev %r invalid; will use 'low'" % (args.vc_sev,), 3)
+
         zs = ""
         if args.th_ram_max < 0.22:
             zs = "generate thumbnails"
@@ -1948,6 +1953,7 @@ class SvcHub(object):
         next_chk = 0
         # self.args.vc_age = 2 / 60
         fpath = os.path.join(self.E.cfg, "vuln_advisory.json")
+        minsev = CVE_SEVS.get(self.args.vc_sev, 0)
         while not self.stopping:
             now = time.time()
             if now < next_chk:
@@ -1991,10 +1997,13 @@ class SvcHub(object):
                 continue
 
             try:
+                sver = "0.1"
                 advisories = json.loads(jtxt)
                 for adv in advisories:
                     if adv.get("state") == "closed":
                         continue
+                    if CVE_SEVS.get(adv.get("severity"), 9) < minsev:
+                        continue
                     vuln = {}
                     for x in adv["vulnerabilities"]:
                         if x["package"]["name"].lower() == "copyparty":
@@ -2012,9 +2021,8 @@ class SvcHub(object):
                         if self.args.vc_exit:
                             self.sigterm()
                         return
-                    else:
-                        t = "%sok; v%s and newer is safe"
-                        self.log("ver-chk", t % (src, sver), 2)
+                t = "%sok; v%s and newer is safe"
+                self.log("ver-chk", t % (src, sver), 2)
                 next_chk = time.time() + self.args.vc_age * 3600 - age
             except Exception as e:
                 t = "failed to process vulnerability advisory; %s"