CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3564 2 5 143 16 396 644 182 830 21 1325 7.80 0 0 4 0 11 18 5 23 1 37
2 Oracle 2349 2 43 117 186 644 494 223 225 8 407 6.30 0 2 5 8 27 21 9 10 0 17
3 Apple 2296 1 31 135 27 352 311 482 401 9 547 7.10 0 1 6 1 15 14 21 17 0 24
4 IBM 2165 2 32 93 178 548 387 215 383 17 310 6.40 0 1 4 8 25 18 10 18 1 14
5 Cisco 1862 1 2 28 20 277 409 216 645 25 239 7.10 0 0 2 1 15 22 12 35 1 13
6 SUN 1587 3 25 104 35 299 276 116 415 3 311 6.90 0 2 7 2 19 17 7 26 0 20
7 Mozilla 1352 4 67 6 244 256 113 163 1 498 7.50 0 0 5 0 18 19 8 12 0 37
8 Linux 1219 1 79 200 36 408 108 116 243 3 25 5.40 0 6 16 3 33 9 10 20 0 2
9 HP 1149 1 9 45 19 215 153 86 291 18 312 7.30 0 1 4 2 19 13 7 25 2 27
10 Google 1115 3 8 1 119 218 125 433 1 207 7.50 0 0 1 0 11 20 11 39 0 19
11 Adobe 1042 18 2 101 60 37 63 761 8.90 0 0 2 0 10 6 4 6 0 73
12 Redhat 908 38 110 38 179 169 102 199 4 69 6.10 0 4 12 4 20 19 11 22 0 8
13 Apache 562 5 31 13 156 194 53 78 32 6.10 0 1 6 2 28 35 9 14 0 6
14 Novell 546 1 10 24 7 97 132 42 109 124 7.00 0 2 4 1 18 24 8 20 0 23
15 PHP 394 21 5 56 122 56 103 31 6.70 0 0 5 1 14 31 14 26 0 8
16 Symantec 371 3 16 9 69 70 37 92 3 72 7.00 0 1 4 2 19 19 10 25 1 19
17 GNU 337 1 8 34 23 53 85 39 74 20 6.10 0 2 10 7 16 25 12 22 0 6
18 Freebsd 313 7 40 9 52 55 24 102 24 6.30 0 2 13 3 17 18 8 33 0 8
19 Joomla 298 1 2 41 41 39 164 10 7.20 0 0 0 1 14 14 13 55 0 3
20 Debian 297 7 42 11 40 49 35 82 1 30 6.40 0 2 14 4 13 16 12 28 0 10
21 Wireshark 273 24 32 66 108 7 14 3 19 5.70 0 0 9 12 24 40 3 5 1 7
22 Drupal 257 13 34 79 50 35 39 2 5 5.80 0 0 5 13 31 19 14 15 1 2
23 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
24 Mysql 242 3 19 24 105 34 21 23 2 11 5.60 0 1 8 10 43 14 9 10 1 5
25 Moodle 240 4 14 105 59 35 16 7 5.80 0 0 2 6 44 25 15 7 0 3
26 Opera 232 5 70 83 21 8 45 6.60 0 0 2 0 30 36 9 3 0 19
27 Wordpress 231 10 6 85 47 31 40 1 11 6.10 0 0 4 3 37 20 13 17 0 5
28 Suse 222 2 30 23 38 13 85 31 6.80 0 1 14 0 10 17 6 38 0 14
29 Openbsd 222 3 18 6 29 61 12 62 1 30 6.70 0 1 8 3 13 27 5 28 0 14
30 Vmware 206 3 10 6 34 29 34 47 5 38 7.00 0 1 5 3 17 14 17 23 2 18
31 Realnetworks 203 1 5 10 31 6 28 122 8.60 0 0 2 0 5 15 3 14 0 60
32 EMC 196 1 9 7 36 31 24 37 11 40 7.10 0 1 5 4 18 16 12 19 6 20
33 CA 192 1 7 32 31 6 48 1 66 7.60 0 1 4 0 17 16 3 25 1 34
34 SAP 187 1 1 38 62 15 43 27 6.90 0 0 1 1 20 33 8 23 0 14
35 Typo3 174 3 13 54 26 13 59 1 5 6.40 0 0 2 7 31 15 7 34 1 3
36 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
37 Ffmpeg 168 1 2 23 10 45 9 78 8.00 0 1 1 0 14 6 27 5 0 46
38 Gentoo 163 5 22 2 9 33 17 45 30 6.80 0 3 13 1 6 20 10 28 0 18
39 Netbsd 153 4 28 3 27 23 10 42 16 6.20 0 3 18 2 18 15 7 27 0 10
40 Canonical 150 8 8 3 55 27 28 14 1 6 5.80 0 5 5 2 37 18 19 9 1 4
41 KDE 141 1 10 26 29 18 47 10 6.70 0 1 7 0 18 21 13 33 0 7
42 Mcafee 141 2 5 4 43 21 17 34 3 12 6.50 0 1 4 3 30 15 12 24 2 9
43 Phpmyadmin 140 7 18 45 30 16 20 1 3 5.80 0 0 5 13 32 21 11 14 1 2
44 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
45 Citrix 132 4 8 1 18 33 16 25 27 6.90 0 3 6 1 14 25 12 19 0 20
46 Siemens 130 1 1 3 27 25 13 33 8 19 7.10 0 1 1 2 21 19 10 25 6 15
47 SCO 127 3 10 3 20 21 3 53 14 6.80 0 2 8 2 16 17 2 42 0 11
48 Gnome 124 3 13 7 21 21 24 26 9 6.20 0 2 10 6 17 17 19 21 0 7
49 Netscape 119 11 3 8 47 4 32 14 6.60 0 0 9 3 7 39 3 27 0 12
50 ISC 119 5 2 15 37 8 33 1 18 7.00 0 0 4 2 13 31 7 28 1 15

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.