CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5281 2 65 248 41 697 720 269 1245 24 1970 7.70 0 1 5 1 13 14 5 24 0 37
2 Oracle 4607 2 94 203 382 1315 1072 534 418 21 566 6.10 0 2 4 8 29 23 12 9 0 12
3 Apple 3918 1 53 233 41 638 491 958 639 15 849 7.00 0 1 6 1 16 13 24 16 0 22
4 IBM 3590 2 58 200 492 972 609 372 489 28 368 6.00 0 2 6 14 27 17 10 14 1 10
5 Cisco 3172 1 4 37 58 603 730 445 922 39 333 6.90 0 0 1 2 19 23 14 29 1 10
6 Google 2926 3 40 10 456 335 372 799 11 900 7.70 0 0 1 0 16 11 13 27 0 31
7 Adobe 2392 18 3 181 152 74 123 1 1840 9.10 0 0 1 0 8 6 3 5 0 77
8 Linux 1959 1 87 299 45 591 134 157 518 5 122 5.90 0 4 15 2 30 7 8 26 0 6
9 Mozilla 1718 5 72 8 332 300 212 244 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1612 46 152 79 342 299 205 330 6 153 6.20 0 3 9 5 21 19 13 20 0 9
12 Novell 1539 1 24 63 57 338 344 203 290 2 217 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1428 1 10 53 26 267 208 124 361 23 355 7.30 0 1 4 2 19 15 9 25 2 25
14 Debian 1163 15 69 43 249 247 187 264 4 85 6.40 0 1 6 4 21 21 16 23 0 7
15 Apache 896 5 36 20 232 306 100 149 2 46 6.20 0 1 4 2 26 34 11 17 0 5
16 Canonical 879 22 43 26 224 183 134 175 3 69 6.30 0 3 5 3 25 21 15 20 0 8
17 PHP 582 21 6 64 170 77 202 1 41 6.90 0 0 4 1 11 29 13 35 0 7
18 GNU 571 1 9 39 27 116 145 92 112 30 6.20 0 2 7 5 20 25 16 20 0 5
19 Fedoraproject 482 8 22 18 97 130 64 117 1 25 6.40 0 2 5 4 20 27 13 24 0 5
20 Wireshark 466 24 32 171 170 7 40 3 19 5.70 0 0 5 7 37 36 2 9 1 4
21 Symantec 459 3 19 15 88 82 50 107 10 85 7.00 0 1 4 3 19 18 11 23 2 19
22 Suse 431 4 39 7 78 69 63 102 69 6.70 0 1 9 2 18 16 15 24 0 16
23 Imagemagick 398 2 208 34 69 76 9 6.10 0 0 1 0 52 9 17 19 0 2
24 EMC 384 2 20 22 81 58 47 71 14 69 6.80 0 1 5 6 21 15 12 18 4 18
25 SAP 358 2 7 7 65 116 30 88 1 42 6.80 0 1 2 2 18 32 8 25 0 12
26 Moodle 345 5 26 161 79 48 19 7 5.70 0 0 1 8 47 23 14 6 0 2
27 Freebsd 344 8 43 9 55 63 28 113 25 6.30 0 2 13 3 16 18 8 33 0 7
28 Joomla 343 1 2 54 51 43 182 10 7.10 0 0 0 1 16 15 13 53 0 3
29 Drupal 316 13 49 95 65 46 40 3 5 5.80 0 0 4 16 30 21 15 13 1 2
30 Wordpress 313 10 11 125 70 40 45 1 11 6.00 0 0 3 4 40 22 13 14 0 4
31 Vmware 295 4 16 13 50 42 55 65 6 44 6.80 0 1 5 4 17 14 19 22 2 15
32 Ffmpeg 273 1 2 35 15 77 66 77 7.70 0 0 1 0 13 5 28 24 0 28
33 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
34 Openbsd 258 4 20 6 42 64 15 75 2 30 6.60 0 2 8 2 16 25 6 29 1 12
35 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
36 Mcafee 250 3 17 19 69 43 35 46 4 14 6.10 0 1 7 8 28 17 14 18 2 6
37 Opera 242 4 73 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
38 XEN 241 20 30 7 83 31 27 36 2 5 5.40 0 8 12 3 34 13 11 15 1 2
39 Phpmyadmin 240 8 29 76 70 26 25 2 4 5.80 0 0 3 12 32 29 11 10 1 2
40 Siemens 237 7 8 7 45 51 35 48 8 28 6.70 0 3 3 3 19 22 15 20 3 12
41 Huawei 236 2 9 5 47 32 42 60 3 36 6.90 0 1 4 2 20 14 18 25 1 15
42 Juniper 220 8 9 50 49 17 64 1 22 6.70 0 0 4 4 23 22 8 29 0 10
43 CA 219 1 8 2 39 36 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
44 Qemu 217 22 75 4 45 9 11 45 1 5 4.90 0 10 35 2 21 4 5 21 0 2
45 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
46 Citrix 194 4 11 2 39 47 20 38 33 6.70 0 2 6 1 20 24 10 20 0 17
47 Typo3 191 4 18 60 27 16 60 1 5 6.30 0 0 2 9 31 14 8 31 1 3
48 Openssl 182 3 9 39 85 11 25 10 6.10 0 2 5 0 21 47 6 14 0 5
49 Openstack 178 4 18 22 60 46 17 10 1 5.30 0 2 10 12 34 26 10 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.