CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4372 2 11 169 26 513 682 220 955 23 1771 7.90 0 0 4 1 12 16 5 22 1 41
2 Oracle 3288 2 74 159 292 974 647 364 288 9 479 6.20 0 2 5 9 30 20 11 9 0 15
3 Apple 3236 1 52 189 37 489 428 768 561 14 697 7.00 0 2 6 1 15 13 24 17 0 22
4 IBM 2751 2 45 135 281 709 491 266 446 23 353 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2538 1 2 30 30 450 566 353 805 31 270 7.00 0 0 1 1 18 22 14 32 1 11
6 Adobe 1679 18 3 126 110 50 79 1 1292 9.10 0 0 1 0 8 7 3 5 0 77
7 Mozilla 1639 5 72 8 307 291 189 228 1 538 7.40 0 0 4 0 19 18 12 14 0 33
8 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
9 Google 1618 3 10 4 183 290 176 581 5 366 7.60 0 0 1 0 11 18 11 36 0 23
10 Linux 1374 1 83 219 38 466 121 134 275 4 33 5.50 0 6 16 3 34 9 10 20 0 2
11 HP 1295 1 9 49 22 245 169 103 330 20 347 7.30 0 1 4 2 19 13 8 25 2 27
12 Redhat 1089 40 124 54 222 213 130 226 5 75 6.00 0 4 11 5 20 20 12 21 0 7
13 Novell 844 1 14 34 34 147 212 75 164 163 6.80 0 2 4 4 17 25 9 19 0 19
14 Apache 683 5 33 15 194 229 72 98 1 36 6.10 0 1 5 2 28 34 11 14 0 5
15 Debian 589 12 51 29 112 109 81 143 4 48 6.30 0 2 9 5 19 19 14 24 1 8
16 PHP 443 21 6 57 133 63 130 33 6.70 0 0 5 1 13 30 14 29 0 7
17 Symantec 419 3 19 11 76 78 46 101 10 75 7.00 0 1 5 3 18 19 11 24 2 18
18 Canonical 394 13 14 12 101 76 58 82 2 36 6.40 0 3 4 3 26 19 15 21 1 9
19 GNU 393 1 9 36 26 58 98 46 89 30 6.20 0 2 9 7 15 25 12 23 0 8
20 Wireshark 379 24 32 131 143 7 20 3 19 5.60 0 0 6 8 35 38 2 5 1 5
21 Freebsd 330 7 42 9 55 60 25 107 25 6.30 0 2 13 3 17 18 8 32 0 8
22 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
23 Moodle 304 5 25 139 67 43 18 7 5.70 0 0 2 8 46 22 14 6 0 2
24 Drupal 300 13 49 88 58 43 41 3 5 5.80 0 0 4 16 29 19 14 14 1 2
25 SAP 293 2 3 52 97 26 76 1 36 6.90 0 0 1 1 18 33 9 26 0 12
26 EMC 288 1 14 16 56 43 34 53 14 57 7.00 0 0 5 6 19 15 12 18 5 20
27 Suse 264 2 34 4 31 39 23 92 39 6.80 0 1 13 2 12 15 9 35 0 15
28 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
29 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
30 Wordpress 253 10 7 97 49 35 43 1 11 6.10 0 0 4 3 38 19 14 17 0 4
31 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
32 Openbsd 234 4 18 6 32 64 14 64 2 30 6.70 0 2 8 3 14 27 6 27 1 13
33 Vmware 229 3 10 10 38 34 39 50 5 40 6.90 0 1 4 4 17 15 17 22 2 17
34 Ffmpeg 220 1 2 26 11 61 42 77 7.90 0 0 1 0 12 5 28 19 0 35
35 CA 208 1 7 1 37 32 13 49 1 67 7.50 0 0 3 0 18 15 6 24 0 32
36 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
37 Mcafee 192 2 15 10 52 30 26 40 4 13 6.20 0 1 8 5 27 16 14 21 2 7
38 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
39 XEN 184 17 23 6 65 27 20 24 2 5.20 0 9 13 3 35 15 11 13 1 0
40 Fedoraproject 177 5 14 7 40 48 27 21 1 14 6.10 0 3 8 4 23 27 15 12 1 8
41 Siemens 174 3 7 5 35 33 20 39 8 24 6.80 0 2 4 3 20 19 11 22 5 14
42 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
43 Phpmyadmin 170 7 28 51 42 18 20 1 3 5.70 0 0 4 16 30 25 11 12 1 2
44 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
45 Openstack 156 3 17 18 55 42 13 7 1 5.20 0 2 11 12 35 27 8 4 0 1
46 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
47 Citrix 153 4 8 1 25 39 18 28 30 6.80 0 3 5 1 16 25 12 18 0 20
48 Openssl 151 2 6 37 69 10 19 8 6.10 0 1 4 0 25 46 7 13 0 5
49 Juniper 148 4 4 38 33 8 45 1 15 6.70 0 0 3 3 26 22 5 30 1 10
50 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.