Security hot spots review priority and rule severity

Looking at the review priority of the hot spots vs the severity of the rule itself things don’t line up. How is a Critical rule only classified as a Medium review priority? I have other examples of rules not lining up in what I would expect.

Is there any documentation that can explain how rules are classified when applied to hotspots?