diff --git a/core/src/main/java/org/owasp/dependencycheck/reporting/ReportTool.java b/core/src/main/java/org/owasp/dependencycheck/reporting/ReportTool.java
index 7f44c766bbe..7cca0fbaf09 100644
--- a/core/src/main/java/org/owasp/dependencycheck/reporting/ReportTool.java
+++ b/core/src/main/java/org/owasp/dependencycheck/reporting/ReportTool.java
@@ -122,7 +122,7 @@ private String determineScore(Vulnerability vuln) {
         return "unknown";
     }
 
-    private String normalizeSeverity(String sev) {
+    public String normalizeSeverity(String sev) {
         switch (sev.toLowerCase()) {
             case "critical":
                 return "critical";
diff --git a/core/src/main/resources/templates/gitlabReport.vsl b/core/src/main/resources/templates/gitlabReport.vsl
index c0bcd5d5999..efbca174547 100644
--- a/core/src/main/resources/templates/gitlabReport.vsl
+++ b/core/src/main/resources/templates/gitlabReport.vsl
@@ -100,7 +100,7 @@
                         ## optional properties
                         "name": "$enc.json($vulnerability.name)",
                         "description": "$enc.json($vulnerability.description)",
-                        "severity": "$rpt.normalizeSeverity($vulnerability.cvssV3.getBaseSeverity().toLowerCase())",
+                        "severity": "$rpt.normalizeSeverity($vulnerability.cvssV3.cvssData.baseSeverity).toLowerCase()",
                         ## "solution": "" --> not implemented
                         "links": [
                             #foreach( $ref in $vulnerability.getReferences(true) )