CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5052 2 54 227 37 650 713 256 1158 23 1932 7.70 0 1 4 1 13 14 5 23 0 38
2 Oracle 4356 2 87 192 367 1234 972 509 407 21 565 6.20 0 2 4 8 28 22 12 9 0 13
3 Apple 3850 1 53 231 41 627 489 935 628 15 830 7.00 0 1 6 1 16 13 24 16 0 22
4 IBM 3356 2 54 184 422 898 578 345 479 28 366 6.10 0 2 5 13 27 17 10 14 1 11
5 Cisco 2982 1 3 34 41 550 687 427 891 37 311 6.90 0 0 1 1 18 23 14 30 1 10
6 Google 2604 3 30 7 412 314 327 762 8 741 7.70 0 0 1 0 16 12 13 29 0 28
7 Adobe 2295 18 3 156 138 70 122 1 1787 9.20 0 0 1 0 7 6 3 5 0 78
8 Linux 1914 1 87 292 43 579 134 152 501 4 121 5.90 0 5 15 2 30 7 8 26 0 6
9 Mozilla 1717 5 72 8 332 300 212 243 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1562 44 145 77 331 286 203 319 6 151 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1521 1 24 64 57 335 338 202 282 2 216 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1410 1 10 53 26 261 204 122 359 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1131 15 68 42 247 233 184 256 4 82 6.40 0 1 6 4 22 21 16 23 0 7
15 Canonical 852 22 42 26 219 174 132 166 3 68 6.30 0 3 5 3 26 20 15 19 0 8
16 Apache 798 5 35 19 214 263 88 129 2 43 6.20 0 1 4 2 27 33 11 16 0 5
17 PHP 570 21 6 63 164 75 199 1 41 6.90 0 0 4 1 11 29 13 35 0 7
18 GNU 484 1 9 38 26 83 132 60 105 30 6.20 0 2 8 5 17 27 12 22 0 6
19 Wireshark 455 24 32 171 164 7 35 3 19 5.70 0 0 5 7 38 36 2 8 1 4
20 Fedoraproject 447 8 22 16 88 115 62 111 1 24 6.40 0 2 5 4 20 26 14 25 0 5
21 Symantec 439 3 19 12 80 78 48 105 10 84 7.00 0 1 4 3 18 18 11 24 2 19
22 Suse 424 4 39 6 78 65 63 101 68 6.70 0 1 9 1 18 15 15 24 0 16
23 EMC 357 2 20 20 74 55 42 65 14 65 6.80 0 1 6 6 21 15 12 18 4 18
24 SAP 343 2 7 5 60 112 30 84 1 42 6.80 0 1 2 1 17 33 9 24 0 12
25 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
26 Moodle 340 5 26 156 79 48 19 7 5.70 0 0 1 8 46 23 14 6 0 2
27 Joomla 336 1 2 51 49 42 181 10 7.10 0 0 0 1 15 15 13 54 0 3
28 Drupal 313 13 49 94 63 45 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 303 10 11 118 68 40 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
30 Vmware 287 4 15 11 49 41 53 64 6 44 6.80 0 1 5 4 17 14 18 22 2 15
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 Openbsd 256 4 20 6 42 64 14 74 2 30 6.60 0 2 8 2 16 25 5 29 1 12
33 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
34 Imagemagick 246 2 132 28 42 33 9 6.00 0 0 1 0 54 11 17 13 0 4
35 Ffmpeg 243 1 2 34 12 66 51 77 7.80 0 0 1 0 14 5 27 21 0 32
36 Mcafee 242 3 17 18 68 42 33 43 4 14 6.10 0 1 7 7 28 17 14 18 2 6
37 Opera 240 4 73 87 22 8 46 6.60 0 0 2 0 30 36 9 3 0 19
38 Phpmyadmin 234 8 29 75 66 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
39 Huawei 228 2 8 5 46 31 40 58 3 35 7.00 0 1 4 2 20 14 18 25 1 15
40 Siemens 221 7 7 7 43 44 31 47 8 27 6.70 0 3 3 3 19 20 14 21 4 12
41 XEN 219 20 29 7 79 27 24 31 2 5.20 0 9 13 3 36 12 11 14 1 0
42 CA 218 1 8 2 39 35 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
43 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
44 Qemu 201 21 69 4 41 6 11 43 1 5 4.90 0 10 34 2 20 3 5 21 0 2
45 Juniper 200 8 4 48 44 17 59 1 19 6.70 0 0 4 2 24 22 9 30 1 10
46 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
47 Citrix 186 4 11 2 37 46 19 36 31 6.70 0 2 6 1 20 25 10 19 0 17
48 Openssl 181 3 9 39 84 11 25 10 6.10 0 2 5 0 22 46 6 14 0 6
49 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
50 Openstack 172 3 17 21 59 45 17 9 1 5.30 0 2 10 12 34 26 10 5 0 1

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.