CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4467 2 12 174 27 524 682 226 998 23 1799 7.90 0 0 4 1 12 15 5 22 1 40
2 Apple 3319 1 52 193 37 500 437 786 568 15 730 7.10 0 2 6 1 15 13 24 17 0 22
3 Oracle 3289 2 74 159 292 975 646 364 288 9 480 6.20 0 2 5 9 30 20 11 9 0 15
4 IBM 2765 2 45 136 282 715 494 269 446 23 353 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2581 1 2 30 30 455 580 363 817 31 272 7.00 0 0 1 1 18 22 14 32 1 11
6 Adobe 1850 18 3 129 113 53 115 1 1418 9.10 0 0 1 0 7 6 3 6 0 77
7 Google 1731 3 13 4 203 297 196 594 6 415 7.60 0 0 1 0 12 17 11 34 0 24
8 Mozilla 1667 5 72 8 317 295 195 230 1 544 7.40 0 0 4 0 19 18 12 14 0 33
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1452 1 84 230 39 496 126 136 296 4 40 5.50 0 6 16 3 34 9 9 20 0 3
11 HP 1339 1 9 51 24 249 182 110 342 22 349 7.30 0 1 4 2 19 14 8 26 2 26
12 Redhat 1155 42 128 63 234 223 140 238 5 82 6.00 0 4 11 5 20 19 12 21 0 7
13 Novell 966 1 16 45 41 176 236 103 178 1 169 6.70 0 2 5 4 18 24 11 18 0 17
14 Apache 702 5 34 15 199 232 74 102 1 40 6.10 0 1 5 2 28 33 11 15 0 6
15 Debian 694 12 54 31 127 141 106 159 4 60 6.40 0 2 8 4 18 20 15 23 1 9
16 Canonical 524 15 25 18 135 100 83 99 2 47 6.30 0 3 5 3 26 19 16 19 0 9
17 PHP 495 21 6 59 146 67 154 1 41 6.80 0 0 4 1 12 29 14 31 0 8
18 Symantec 425 3 19 11 77 78 47 104 10 76 7.00 0 1 4 3 18 18 11 24 2 18
19 GNU 398 1 9 36 26 59 101 46 90 30 6.20 0 2 9 7 15 25 12 23 0 8
20 Wireshark 386 24 32 138 143 7 20 3 19 5.60 0 0 6 8 36 37 2 5 1 5
21 Freebsd 332 7 42 9 55 60 25 109 25 6.30 0 2 13 3 17 18 8 33 0 8
22 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
23 Moodle 314 5 25 147 68 44 18 7 5.70 0 0 2 8 47 22 14 6 0 2
24 EMC 302 1 15 16 63 44 36 54 14 59 6.90 0 0 5 5 21 15 12 18 5 20
25 Drupal 300 13 49 88 58 43 41 3 5 5.80 0 0 4 16 29 19 14 14 1 2
26 SAP 294 2 3 52 97 26 76 1 37 6.90 0 0 1 1 18 33 9 26 0 13
27 Suse 269 2 34 4 31 39 26 93 40 6.80 0 1 13 1 12 14 10 35 0 15
28 Wordpress 262 10 8 103 51 35 43 1 11 6.10 0 0 4 3 39 19 13 16 0 4
29 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
30 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
31 Openbsd 235 4 18 6 32 64 14 65 2 30 6.70 0 2 8 3 14 27 6 28 1 13
32 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
33 Vmware 232 3 10 10 39 34 40 50 5 41 6.90 0 1 4 4 17 15 17 22 2 18
34 Ffmpeg 221 1 2 26 11 62 42 77 7.90 0 0 1 0 12 5 28 19 0 35
35 Fedoraproject 221 5 15 7 50 59 30 37 1 17 6.20 0 2 7 3 23 27 14 17 0 8
36 CA 208 1 7 1 37 32 13 49 1 67 7.50 0 0 3 0 18 15 6 24 0 32
37 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
38 Mcafee 195 2 15 12 52 30 26 41 4 13 6.20 0 1 8 6 27 15 13 21 2 7
39 XEN 189 18 24 6 66 27 21 25 2 5.20 0 10 13 3 35 14 11 13 1 0
40 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
41 Siemens 176 3 7 5 35 35 20 39 8 24 6.80 0 2 4 3 20 20 11 22 5 14
42 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
43 Phpmyadmin 170 7 28 51 42 18 20 1 3 5.70 0 0 4 16 30 25 11 12 1 2
44 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
45 Openssl 160 2 8 37 72 11 21 9 6.10 0 1 5 0 23 45 7 13 0 6
46 Openstack 159 3 17 18 55 42 16 7 1 5.20 0 2 11 11 35 26 10 4 0 1
47 Citrix 157 4 8 1 26 41 18 29 30 6.80 0 3 5 1 17 26 11 18 0 19
48 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
49 Juniper 148 4 4 38 33 8 45 1 15 6.70 0 0 3 3 26 22 5 30 1 10
50 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.