CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4736 2 14 210 32 559 701 240 1071 23 1884 7.80 0 0 4 1 12 15 5 23 0 40
2 Oracle 4160 2 85 186 338 1182 932 478 382 14 561 6.20 0 2 4 8 28 22 11 9 0 13
3 Apple 3650 1 53 222 40 591 468 869 606 15 785 7.00 0 1 6 1 16 13 24 17 0 22
4 IBM 3201 2 52 174 380 859 559 319 467 26 363 6.10 0 2 5 12 27 17 10 15 1 11
5 Cisco 2829 1 3 30 36 520 642 408 860 34 295 7.00 0 0 1 1 18 23 14 30 1 10
6 Google 2336 3 28 6 361 308 301 705 7 617 7.60 0 0 1 0 15 13 13 30 0 26
7 Adobe 2205 18 3 142 134 69 119 1 1719 9.20 0 0 1 0 6 6 3 5 0 78
8 Linux 1718 1 87 252 43 553 133 146 401 4 98 5.80 0 5 15 3 32 8 8 23 0 6
9 Mozilla 1714 5 72 8 331 299 212 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1524 44 142 76 325 277 193 310 6 151 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1478 1 23 63 57 321 331 193 273 2 214 6.60 0 2 4 4 22 22 13 18 0 14
13 HP 1409 1 10 53 26 261 203 122 359 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1097 15 68 42 241 222 179 244 4 82 6.40 0 1 6 4 22 20 16 22 0 7
15 Canonical 824 22 42 26 215 164 128 157 3 67 6.30 0 3 5 3 26 20 16 19 0 8
16 Apache 743 5 34 18 202 246 84 111 1 42 6.20 0 1 5 2 27 33 11 15 0 6
17 PHP 555 21 6 62 160 73 191 1 41 6.90 0 0 4 1 11 29 13 34 0 7
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 Wireshark 421 24 32 170 145 7 21 3 19 5.60 0 0 6 8 40 34 2 5 1 5
20 GNU 416 1 9 37 26 59 112 49 93 30 6.20 0 2 9 6 14 27 12 22 0 7
21 Fedoraproject 414 8 19 16 80 107 56 105 1 22 6.40 0 2 5 4 19 26 14 25 0 5
22 Suse 407 3 38 6 74 61 60 97 68 6.80 0 1 9 1 18 15 15 24 0 17
23 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
24 EMC 337 1 18 20 70 50 41 62 14 61 6.80 0 0 5 6 21 15 12 18 4 18
25 Joomla 327 1 2 46 46 42 180 10 7.20 0 0 0 1 14 14 13 55 0 3
26 SAP 327 2 7 5 57 109 26 79 1 41 6.80 0 1 2 2 17 33 8 24 0 13
27 Moodle 327 5 25 150 76 46 18 7 5.70 0 0 2 8 46 23 14 6 0 2
28 Drupal 309 13 49 94 60 44 41 3 5 5.80 0 0 4 16 30 19 14 13 1 2
29 Wordpress 289 10 9 112 63 39 44 1 11 6.00 0 0 3 3 39 22 13 15 0 4
30 Vmware 264 3 12 11 48 40 45 56 6 43 6.90 0 1 5 4 18 15 17 21 2 16
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
33 Openbsd 241 4 19 6 33 64 14 69 2 30 6.70 0 2 8 2 14 27 6 29 1 12
34 Opera 239 4 73 86 22 8 46 6.60 0 0 2 0 31 36 9 3 0 19
35 Ffmpeg 234 1 2 34 12 65 43 77 7.80 0 0 1 0 15 5 28 18 0 33
36 Phpmyadmin 233 8 29 75 65 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
37 CA 213 1 7 2 38 33 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 32
38 XEN 210 19 29 7 75 27 22 29 2 5.20 0 9 14 3 36 13 10 14 1 0
39 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
40 Siemens 205 7 7 6 38 43 24 45 8 27 6.70 0 3 3 3 19 21 12 22 4 13
41 Mcafee 198 3 15 13 52 31 26 41 4 13 6.20 0 2 8 7 26 16 13 21 2 7
42 Typo3 187 4 18 58 26 15 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
43 Citrix 183 4 10 2 36 46 19 36 30 6.70 0 2 5 1 20 25 10 20 0 16
44 Openssl 174 3 8 38 79 11 25 10 6.20 0 2 5 0 22 45 6 14 0 6
45 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
46 Gentoo 168 5 22 2 9 35 18 45 32 6.80 0 3 13 1 5 21 11 27 0 19
47 Openstack 165 3 17 19 57 42 17 9 1 5.30 0 2 10 12 35 25 10 5 0 1
48 Netbsd 160 4 28 3 28 26 10 45 16 6.20 0 3 18 2 18 16 6 28 0 10
49 Juniper 159 4 4 38 35 11 50 1 16 6.80 0 0 3 3 24 22 7 31 1 10
50 Qemu 159 14 56 3 27 4 9 41 1 4 5.10 0 9 35 2 17 3 6 26 1 3

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.