CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4535 2 14 186 27 530 685 227 1021 23 1820 7.90 0 0 4 1 12 15 5 23 1 40
2 Oracle 3490 2 75 165 300 1027 688 386 313 14 520 6.20 0 2 5 9 29 20 11 9 0 15
3 Apple 3400 1 52 197 39 518 446 806 587 15 739 7.10 0 2 6 1 15 13 24 17 0 22
4 IBM 2842 2 46 144 294 738 509 279 450 24 356 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2646 1 2 30 31 470 589 380 830 33 280 7.00 0 0 1 1 18 22 14 31 1 11
6 Google 1947 3 15 5 240 304 239 628 7 506 7.70 0 0 1 0 12 16 12 32 0 26
7 Adobe 1937 18 3 132 118 66 115 1 1484 9.10 0 0 1 0 7 6 3 6 0 77
8 Mozilla 1692 5 72 8 326 297 205 234 1 544 7.30 0 0 4 0 19 18 12 14 0 32
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1502 1 87 232 39 511 131 137 312 4 48 5.60 0 6 15 3 34 9 9 21 0 3
11 HP 1363 1 10 52 24 252 191 113 348 22 350 7.30 0 1 4 2 18 14 8 26 2 26
12 Redhat 1344 43 131 66 278 249 170 272 6 129 6.20 0 3 10 5 21 19 13 20 0 10
13 Novell 1246 1 20 53 55 259 281 155 213 2 207 6.60 0 2 4 4 21 23 12 17 0 17
14 Debian 873 14 58 38 183 168 145 188 4 75 6.40 0 2 7 4 21 19 17 22 0 9
15 Apache 725 5 34 17 202 240 80 105 1 41 6.10 0 1 5 2 28 33 11 14 0 6
16 Canonical 659 18 34 19 168 126 106 128 3 57 6.30 0 3 5 3 25 19 16 19 0 9
17 PHP 520 21 6 61 147 71 172 1 41 6.90 0 0 4 1 12 28 14 33 0 8
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 Wireshark 407 24 32 159 143 7 20 3 19 5.60 0 0 6 8 39 35 2 5 1 5
20 GNU 398 1 9 36 26 59 101 46 90 30 6.20 0 2 9 7 15 25 12 23 0 8
21 Suse 338 3 35 4 48 48 57 93 50 6.80 0 1 10 1 14 14 17 28 0 15
22 Freebsd 335 8 42 9 55 61 26 109 25 6.30 0 2 13 3 16 18 8 33 0 7
23 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
24 Moodle 314 5 25 147 68 44 18 7 5.70 0 0 2 8 47 22 14 6 0 2
25 SAP 306 5 3 54 99 26 79 1 39 6.90 0 0 2 1 18 32 8 26 0 13
26 EMC 306 1 15 17 63 45 38 54 14 59 6.90 0 0 5 6 21 15 12 18 5 19
27 Fedoraproject 302 7 17 12 65 82 41 59 1 18 6.20 0 2 6 4 22 27 14 20 0 6
28 Drupal 301 13 49 88 59 43 41 3 5 5.80 0 0 4 16 29 20 14 14 1 2
29 Wordpress 273 10 8 106 58 36 43 1 11 6.10 0 0 4 3 39 21 13 16 0 4
30 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
31 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
32 Vmware 238 3 10 10 44 34 41 50 5 41 6.90 0 1 4 4 18 14 17 21 2 17
33 Openbsd 236 4 18 6 32 64 14 66 2 30 6.70 0 2 8 3 14 27 6 28 1 13
34 Opera 235 4 73 83 21 8 46 6.60 0 0 2 0 31 35 9 3 0 20
35 Ffmpeg 221 1 2 26 11 62 42 77 7.90 0 0 1 0 12 5 28 19 0 35
36 CA 212 1 7 2 38 32 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 33
37 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
38 Mcafee 196 2 15 12 52 31 26 41 4 13 6.20 0 1 8 6 27 16 13 21 2 7
39 XEN 191 18 24 6 67 27 21 26 2 5.20 0 9 13 3 35 14 11 14 1 0
40 Phpmyadmin 185 7 28 59 47 18 22 1 3 5.70 0 0 4 15 32 25 10 12 1 2
41 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
42 Siemens 184 5 7 5 36 37 20 41 8 25 6.80 0 3 4 3 20 20 11 22 4 14
43 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
44 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
45 Openssl 161 3 8 37 73 11 20 9 6.10 0 2 5 0 23 45 7 12 0 6
46 Citrix 161 4 9 1 27 41 18 31 30 6.80 0 2 6 1 17 25 11 19 0 19
47 Openstack 160 3 17 19 55 42 16 7 1 5.20 0 2 11 12 34 26 10 4 0 1
48 Netbsd 157 4 28 3 28 25 10 43 16 6.20 0 3 18 2 18 16 6 27 0 10
49 Juniper 151 4 4 38 34 9 46 1 15 6.70 0 0 3 3 25 23 6 30 1 10
50 KDE 148 1 11 29 31 18 48 10 6.60 0 1 7 0 20 21 12 32 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.