CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4691 2 14 205 32 551 695 237 1057 23 1875 7.80 0 0 4 1 12 15 5 23 0 40
2 Oracle 3902 2 79 181 316 1144 775 466 366 14 559 6.20 0 2 5 8 29 20 12 9 0 14
3 Apple 3495 1 53 201 39 543 460 819 598 15 766 7.10 0 2 6 1 16 13 23 17 0 22
4 IBM 3010 2 48 154 339 800 534 295 455 25 358 6.20 0 2 5 11 27 18 10 15 1 12
5 Cisco 2760 1 3 30 32 498 616 397 857 34 292 7.00 0 0 1 1 18 22 14 31 1 11
6 Google 2150 3 18 6 297 308 270 660 7 581 7.70 0 0 1 0 14 14 13 31 0 27
7 Adobe 2098 18 3 133 122 66 116 1 1639 9.20 0 0 1 0 6 6 3 6 0 78
8 Mozilla 1714 5 72 8 331 299 212 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1559 1 87 235 41 530 132 142 328 4 59 5.60 0 6 15 3 34 8 9 21 0 4
11 Redhat 1508 44 141 76 321 274 192 304 6 150 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1456 1 23 62 57 312 326 193 266 2 214 6.60 0 2 4 4 21 22 13 18 0 15
13 HP 1407 1 10 53 26 261 203 122 357 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1030 15 64 40 211 210 167 238 4 81 6.40 0 1 6 4 20 20 16 23 0 8
15 Canonical 795 22 41 25 206 159 122 152 3 65 6.30 0 3 5 3 26 20 15 19 0 8
16 Apache 739 5 34 18 202 243 84 111 1 41 6.20 0 1 5 2 27 33 11 15 0 6
17 PHP 539 21 6 62 154 73 181 1 41 6.90 0 0 4 1 12 29 14 34 0 8
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 Wireshark 418 24 32 170 143 7 20 3 19 5.60 0 0 6 8 41 34 2 5 1 5
20 GNU 408 1 9 36 26 59 107 49 91 30 6.20 0 2 9 6 14 26 12 22 0 7
21 Suse 401 3 37 6 70 61 60 96 68 6.80 0 1 9 1 17 15 15 24 0 17
22 Fedoraproject 361 8 18 16 71 96 54 76 1 21 6.30 0 2 5 4 20 27 15 21 0 6
23 Freebsd 335 8 42 9 55 61 26 109 25 6.30 0 2 13 3 16 18 8 33 0 7
24 EMC 325 1 16 20 65 49 40 59 14 61 6.90 0 0 5 6 20 15 12 18 4 19
25 Joomla 323 1 2 46 44 42 178 10 7.20 0 0 0 1 14 14 13 55 0 3
26 SAP 319 7 3 56 106 26 79 1 41 6.80 0 0 2 1 18 33 8 25 0 13
27 Moodle 318 5 25 148 69 46 18 7 5.70 0 0 2 8 47 22 14 6 0 2
28 Drupal 310 13 49 94 61 44 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 273 10 8 106 58 36 43 1 11 6.10 0 0 4 3 39 21 13 16 0 4
30 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
31 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
32 Vmware 244 3 10 10 45 35 42 52 5 42 6.90 0 1 4 4 18 14 17 21 2 17
33 Opera 238 4 73 85 22 8 46 6.60 0 0 2 0 31 36 9 3 0 19
34 Openbsd 236 4 18 6 33 64 13 66 2 30 6.70 0 2 8 3 14 27 6 28 1 13
35 Ffmpeg 221 1 2 26 11 62 42 77 7.90 0 0 1 0 12 5 28 19 0 35
36 CA 212 1 7 2 38 32 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 33
37 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
38 Siemens 199 7 7 6 37 41 24 42 8 27 6.70 0 4 4 3 19 21 12 21 4 14
39 XEN 197 19 24 7 68 27 22 28 2 5.30 0 10 12 4 35 14 11 14 1 0
40 Mcafee 196 2 15 12 52 31 26 41 4 13 6.20 0 1 8 6 27 16 13 21 2 7
41 Phpmyadmin 185 7 28 59 47 18 22 1 3 5.70 0 0 4 15 32 25 10 12 1 2
42 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
43 Openssl 174 3 8 39 79 11 24 10 6.10 0 2 5 0 22 45 6 14 0 6
44 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
45 Gentoo 168 5 22 2 9 35 18 45 32 6.80 0 3 13 1 5 21 11 27 0 19
46 Citrix 166 4 9 1 29 43 18 32 30 6.80 0 2 5 1 17 26 11 19 0 18
47 Openstack 164 3 17 19 56 42 17 9 1 5.30 0 2 10 12 34 26 10 5 0 1
48 Netbsd 158 4 28 3 28 26 10 43 16 6.20 0 3 18 2 18 16 6 27 0 10
49 Juniper 156 4 4 38 34 11 48 1 16 6.70 0 0 3 3 24 22 7 31 1 10
50 Huawei 152 1 6 3 30 19 25 38 3 27 7.10 0 1 4 2 20 13 16 25 2 18

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.