CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4915 2 17 224 35 618 706 250 1127 23 1913 7.80 0 0 5 1 13 14 5 23 0 39
2 Oracle 4160 2 85 186 338 1182 932 478 382 14 561 6.20 0 2 4 8 28 22 11 9 0 13
3 Apple 3775 1 53 231 41 609 487 910 617 15 811 7.00 0 1 6 1 16 13 24 16 0 21
4 IBM 3286 2 54 179 404 882 564 334 475 28 364 6.10 0 2 5 12 27 17 10 14 1 11
5 Cisco 2920 1 3 30 41 539 664 419 883 36 304 7.00 0 0 1 1 18 23 14 30 1 10
6 Google 2447 3 30 7 383 310 324 728 7 655 7.60 0 0 1 0 16 13 13 30 0 27
7 Adobe 2274 18 3 155 136 70 121 1 1770 9.20 0 0 1 0 7 6 3 5 0 78
8 Linux 1844 1 87 273 43 568 134 150 470 4 114 5.90 0 5 15 2 31 7 8 25 0 6
9 Mozilla 1715 5 72 8 332 299 212 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1549 44 145 77 331 281 200 314 6 151 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1507 1 23 63 57 333 338 197 278 2 215 6.60 0 2 4 4 22 22 13 18 0 14
13 HP 1409 1 10 53 26 261 203 122 359 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1125 15 68 42 247 233 181 253 4 82 6.40 0 1 6 4 22 21 16 22 0 7
15 Canonical 850 22 42 26 219 174 131 166 3 67 6.30 0 3 5 3 26 20 15 20 0 8
16 Apache 774 5 35 18 205 254 86 127 1 43 6.20 0 1 5 2 26 33 11 16 0 6
17 PHP 560 21 6 62 163 75 191 1 41 6.90 0 0 4 1 11 29 13 34 0 7
18 GNU 461 1 9 38 26 77 125 55 100 30 6.20 0 2 8 6 17 27 12 22 0 7
19 Wireshark 441 24 32 170 156 7 30 3 19 5.70 0 0 5 7 39 35 2 7 1 4
20 Symantec 439 3 19 12 80 78 48 105 10 84 7.00 0 1 4 3 18 18 11 24 2 19
21 Fedoraproject 437 8 19 16 88 113 60 109 1 23 6.40 0 2 4 4 20 26 14 25 0 5
22 Suse 422 3 39 6 78 65 63 100 68 6.70 0 1 9 1 18 15 15 24 0 16
23 EMC 354 2 20 20 72 55 42 65 14 64 6.80 0 1 6 6 20 16 12 18 4 18
24 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
25 SAP 338 2 7 5 60 111 27 83 1 42 6.80 0 1 2 1 18 33 8 25 0 12
26 Moodle 337 5 26 155 78 47 19 7 5.70 0 0 1 8 46 23 14 6 0 2
27 Joomla 327 1 2 46 46 42 180 10 7.20 0 0 0 1 14 14 13 55 0 3
28 Drupal 313 13 49 94 63 45 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 296 10 11 115 65 39 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
30 Vmware 264 3 12 11 48 40 45 56 6 43 6.90 0 1 5 4 18 15 17 21 2 16
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 Openbsd 255 4 19 6 42 64 14 74 2 30 6.60 0 2 7 2 16 25 5 29 1 12
33 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
34 Ffmpeg 243 1 2 34 12 66 51 77 7.80 0 0 1 0 14 5 27 21 0 32
35 Opera 240 4 73 87 22 8 46 6.60 0 0 2 0 30 36 9 3 0 19
36 Phpmyadmin 234 8 29 75 66 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
37 Mcafee 233 3 17 17 66 37 32 43 4 14 6.10 0 1 7 7 28 16 14 18 2 6
38 Huawei 220 2 8 4 45 29 39 56 3 34 7.00 0 1 4 2 20 13 18 25 1 15
39 Siemens 217 7 7 7 42 44 28 47 8 27 6.70 0 3 3 3 19 20 13 22 4 12
40 CA 217 1 7 2 39 35 13 50 1 69 7.50 0 0 3 1 18 16 6 23 0 32
41 XEN 215 19 29 7 79 27 22 30 2 5.20 0 9 13 3 37 13 10 14 1 0
42 Imagemagick 214 2 102 27 42 32 9 6.20 0 0 1 0 48 13 20 15 0 4
43 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
44 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
45 Qemu 188 16 68 4 36 6 10 42 1 5 5.00 0 9 36 2 19 3 5 22 1 3
46 Citrix 185 4 10 2 37 46 19 36 31 6.70 0 2 5 1 20 25 10 19 0 17
47 Juniper 184 8 4 46 37 14 55 1 19 6.70 0 0 4 2 25 20 8 30 1 10
48 Openssl 174 3 8 38 79 11 25 10 6.20 0 2 5 0 22 45 6 14 0 6
49 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
50 Openstack 171 3 17 21 58 45 17 9 1 5.30 0 2 10 12 34 26 10 5 0 1

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.