CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5200 2 57 236 39 680 719 275 1208 25 1959 7.70 0 1 5 1 13 14 5 23 0 38
2 Oracle 4514 2 91 197 373 1278 1045 525 417 21 565 6.20 0 2 4 8 28 23 12 9 0 13
3 Apple 3915 1 53 233 41 638 491 958 638 15 847 7.00 0 1 6 1 16 13 24 16 0 22
4 IBM 3476 2 57 191 462 935 594 358 482 28 367 6.10 0 2 5 13 27 17 10 14 1 11
5 Cisco 3094 1 4 37 54 572 718 438 905 37 328 6.90 0 0 1 2 18 23 14 29 1 11
6 Google 2714 3 37 8 445 315 351 772 8 775 7.60 0 0 1 0 16 12 13 28 0 29
7 Adobe 2392 18 3 181 152 74 123 1 1840 9.10 0 0 1 0 8 6 3 5 0 77
8 Linux 1936 1 87 292 44 584 134 155 513 4 122 5.90 0 4 15 2 30 7 8 26 0 6
9 Mozilla 1717 5 72 8 332 300 212 243 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1584 46 149 78 332 293 204 324 6 152 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1530 1 24 63 57 336 342 202 286 2 217 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1411 1 10 53 26 261 204 122 359 23 352 7.30 0 1 4 2 18 14 9 25 2 25
14 Debian 1139 15 68 42 248 238 184 258 4 82 6.40 0 1 6 4 22 21 16 23 0 7
15 Canonical 863 22 42 26 223 179 133 167 3 68 6.30 0 3 5 3 26 21 15 19 0 8
16 Apache 837 5 35 19 218 282 94 139 2 43 6.20 0 1 4 2 26 34 11 17 0 5
17 PHP 579 21 6 64 169 77 200 1 41 6.90 0 0 4 1 11 29 13 35 0 7
18 GNU 526 1 9 39 26 89 137 87 108 30 6.20 0 2 7 5 17 26 17 21 0 6
19 Wireshark 462 24 32 171 167 7 39 3 19 5.70 0 0 5 7 37 36 2 8 1 4
20 Fedoraproject 457 8 22 16 92 121 62 111 1 24 6.40 0 2 5 4 20 26 14 24 0 5
21 Symantec 442 3 19 12 80 79 48 106 10 85 7.00 0 1 4 3 18 18 11 24 2 19
22 Suse 428 4 39 6 78 68 63 102 68 6.70 0 1 9 1 18 16 15 24 0 16
23 EMC 380 2 20 22 81 57 46 69 14 69 6.80 0 1 5 6 21 15 12 18 4 18
24 SAP 352 2 7 7 63 113 30 87 1 42 6.80 0 1 2 2 18 32 9 25 0 12
25 Freebsd 343 8 43 9 55 63 27 113 25 6.30 0 2 13 3 16 18 8 33 0 7
26 Moodle 343 5 26 159 79 48 19 7 5.70 0 0 1 8 46 23 14 6 0 2
27 Joomla 340 1 2 53 50 43 181 10 7.10 0 0 0 1 16 15 13 53 0 3
28 Imagemagick 333 2 175 30 64 53 9 6.10 0 0 1 0 53 9 19 16 0 3
29 Drupal 313 13 49 94 63 46 40 3 5 5.80 0 0 4 16 30 20 15 13 1 2
30 Wordpress 303 10 11 118 68 40 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
31 Vmware 292 4 15 12 50 42 55 64 6 44 6.80 0 1 5 4 17 14 19 22 2 15
32 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
33 Openbsd 258 4 20 6 42 64 15 75 2 30 6.60 0 2 8 2 16 25 6 29 1 12
34 Ffmpeg 258 1 2 34 14 74 56 77 7.70 0 0 1 0 13 5 29 22 0 30
35 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
36 Mcafee 248 3 17 19 68 43 35 45 4 14 6.10 0 1 7 8 27 17 14 18 2 6
37 Opera 242 4 73 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
38 Phpmyadmin 240 8 29 76 70 26 25 2 4 5.80 0 0 3 12 32 29 11 10 1 2
39 XEN 231 20 29 7 79 31 26 32 2 5 5.40 0 9 13 3 34 13 11 14 1 2
40 Siemens 230 7 8 7 44 49 32 48 8 27 6.70 0 3 3 3 19 21 14 21 3 12
41 Huawei 230 2 8 5 46 32 40 58 3 36 7.00 0 1 3 2 20 14 17 25 1 16
42 Juniper 220 8 9 50 49 17 64 1 22 6.70 0 0 4 4 23 22 8 29 0 10
43 CA 218 1 8 2 39 35 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
44 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
45 Qemu 207 21 72 4 42 8 11 43 1 5 4.90 0 10 35 2 20 4 5 21 0 2
46 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
47 Citrix 189 4 11 2 38 47 19 36 32 6.70 0 2 6 1 20 25 10 19 0 17
48 Openssl 181 3 9 39 84 11 25 10 6.10 0 2 5 0 22 46 6 14 0 6
49 Openstack 173 3 17 21 59 45 17 10 1 5.30 0 2 10 12 34 26 10 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.