CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3998 2 10 157 21 457 669 208 872 23 1579 7.80 0 0 4 1 11 17 5 22 1 39
2 Oracle 2813 2 52 138 242 822 558 290 258 9 442 6.20 0 2 5 9 29 20 10 9 0 16
3 Apple 2687 1 50 157 28 400 359 592 459 10 631 7.10 0 2 6 1 15 13 22 17 0 23
4 IBM 2516 2 39 114 243 652 450 244 417 20 335 6.30 0 2 5 10 26 18 10 17 1 13
5 Cisco 2257 1 2 28 23 380 505 298 742 28 250 7.00 0 0 1 1 17 22 13 33 1 11
6 SUN 1617 3 26 106 36 311 280 119 422 3 311 6.90 0 2 7 2 19 17 7 26 0 19
7 Mozilla 1467 4 69 6 271 273 139 193 1 511 7.40 0 0 5 0 18 19 9 13 0 35
8 Adobe 1324 18 2 110 99 43 72 1 979 9.00 0 0 1 0 8 7 3 5 0 74
9 Linux 1315 1 80 212 38 438 114 130 266 4 32 5.50 0 6 16 3 33 9 10 20 0 2
10 Google 1297 3 7 2 142 258 144 525 1 215 7.40 0 0 1 0 11 20 11 40 0 17
11 HP 1211 1 9 48 20 227 158 92 303 20 333 7.40 0 1 4 2 19 13 8 25 2 27
12 Redhat 985 38 118 44 195 186 117 210 4 73 6.10 0 4 12 4 20 19 12 21 0 7
13 Novell 625 1 11 27 10 111 158 53 124 130 6.90 0 2 4 2 18 25 8 20 0 21
14 Apache 610 5 31 14 167 218 60 83 32 6.10 0 1 5 2 27 36 10 14 0 5
15 PHP 429 21 6 57 132 59 123 31 6.70 0 0 5 1 13 31 14 29 0 7
16 Debian 388 8 47 16 62 62 54 105 2 32 6.30 0 2 12 4 16 16 14 27 1 8
17 Symantec 387 3 16 10 72 71 42 96 3 74 7.00 0 1 4 3 19 18 11 25 1 19
18 GNU 377 1 9 35 26 56 94 42 84 30 6.20 0 2 9 7 15 25 11 22 0 8
19 Freebsd 326 7 42 9 54 60 24 105 25 6.30 0 2 13 3 17 18 7 32 0 8
20 Wireshark 313 24 32 67 143 7 18 3 19 5.80 0 0 8 10 21 46 2 6 1 6
21 Joomla 309 1 2 45 42 40 169 10 7.20 0 0 0 1 15 14 13 55 0 3
22 Drupal 285 13 49 85 53 38 40 2 5 5.70 0 0 5 17 30 19 13 14 1 2
23 Moodle 281 5 23 123 64 42 17 7 5.70 0 0 2 8 44 23 15 6 0 2
24 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
25 SAP 255 2 3 46 88 19 64 33 6.90 0 0 1 1 18 35 7 25 0 13
26 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
27 EMC 252 1 12 12 47 42 30 46 13 49 7.00 0 0 5 5 19 17 12 18 5 19
28 Wordpress 242 10 6 90 48 34 42 1 11 6.10 0 0 4 2 37 20 14 17 0 5
29 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
30 Canonical 228 8 10 5 67 45 40 42 2 9 6.10 0 4 4 2 29 20 18 18 1 4
31 Suse 226 2 30 23 38 14 87 32 6.90 0 1 13 0 10 17 6 38 0 14
32 Openbsd 225 3 18 6 30 62 12 63 1 30 6.70 0 1 8 3 13 28 5 28 0 13
33 Vmware 222 3 10 8 38 32 38 49 5 39 7.00 0 1 5 4 17 14 17 22 2 18
34 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
35 CA 205 1 7 1 37 32 10 49 1 67 7.50 0 0 3 0 18 16 5 24 0 33
36 Ffmpeg 192 1 2 23 11 50 27 78 8.00 0 1 1 0 12 6 26 14 0 41
37 Mcafee 179 2 13 10 51 27 23 38 3 12 6.20 0 1 7 6 28 15 13 21 2 7
38 Typo3 178 4 13 55 26 14 60 1 5 6.40 0 0 2 7 31 15 8 34 1 3
39 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
40 Gentoo 166 5 22 2 9 33 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
41 Siemens 161 3 6 3 32 30 19 37 8 23 6.90 0 2 4 2 20 19 12 23 5 14
42 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
43 Phpmyadmin 154 7 23 50 32 18 20 1 3 5.70 0 0 5 15 32 21 12 13 1 2
44 XEN 149 14 15 5 54 24 18 17 2 5.30 0 9 10 3 36 16 12 11 1 0
45 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7
46 Citrix 143 4 8 1 21 36 17 28 28 6.90 0 3 6 1 15 25 12 20 0 20
47 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
48 Openssl 135 1 5 32 64 10 18 5 6.10 0 1 4 0 24 47 7 13 0 4
49 Openstack 133 3 16 15 50 33 9 6 1 5.10 0 2 12 11 38 25 7 5 0 1
50 Gnome 128 3 13 7 21 21 25 29 9 6.30 0 2 10 5 16 16 20 23 0 7

Vendor(s) with highest weighted average (9.00): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.