CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4859 2 16 220 32 605 703 242 1110 23 1906 7.80 0 0 5 1 12 14 5 23 0 39
2 Oracle 4160 2 85 186 338 1182 932 478 382 14 561 6.20 0 2 4 8 28 22 11 9 0 13
3 Apple 3650 1 53 222 40 591 468 869 606 15 785 7.00 0 1 6 1 16 13 24 17 0 22
4 IBM 3245 2 54 179 388 869 563 327 472 27 364 6.10 0 2 6 12 27 17 10 15 1 11
5 Cisco 2863 1 3 30 37 531 655 411 864 35 296 6.90 0 0 1 1 19 23 14 30 1 10
6 Google 2384 3 30 6 369 309 306 715 7 639 7.60 0 0 1 0 15 13 13 30 0 27
7 Adobe 2213 18 3 142 135 70 119 1 1725 9.20 0 0 1 0 6 6 3 5 0 78
8 Linux 1778 1 87 266 43 560 134 149 425 4 109 5.80 0 5 15 2 31 8 8 24 0 6
9 Mozilla 1714 5 72 8 331 299 212 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1525 44 142 76 325 277 194 310 6 151 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1490 1 23 63 57 325 335 195 274 2 215 6.60 0 2 4 4 22 22 13 18 0 14
13 HP 1409 1 10 53 26 261 203 122 359 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1112 15 68 42 245 229 179 248 4 82 6.40 0 1 6 4 22 21 16 22 0 7
15 Canonical 840 22 42 26 218 171 129 162 3 67 6.30 0 3 5 3 26 20 15 19 0 8
16 Apache 749 5 34 18 202 249 84 113 1 43 6.20 0 1 5 2 27 33 11 15 0 6
17 PHP 556 21 6 62 160 74 191 1 41 6.90 0 0 4 1 11 29 13 34 0 7
18 GNU 438 1 9 38 26 74 112 53 95 30 6.20 0 2 9 6 17 26 12 22 0 7
19 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
20 Wireshark 429 24 32 170 152 7 22 3 19 5.60 0 0 6 7 40 35 2 5 1 4
21 Fedoraproject 423 8 19 16 82 111 57 107 1 22 6.40 0 2 4 4 19 26 13 25 0 5
22 Suse 415 3 39 6 78 62 60 99 68 6.70 0 1 9 1 19 15 14 24 0 16
23 EMC 351 1 19 20 72 54 42 65 14 64 6.80 0 0 5 6 21 15 12 19 4 18
24 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
25 SAP 329 2 7 5 58 110 26 79 1 41 6.80 0 1 2 2 18 33 8 24 0 12
26 Moodle 327 5 25 150 76 46 18 7 5.70 0 0 2 8 46 23 14 6 0 2
27 Joomla 327 1 2 46 46 42 180 10 7.20 0 0 0 1 14 14 13 55 0 3
28 Drupal 312 13 49 94 62 45 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 295 10 11 115 64 39 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
30 Vmware 264 3 12 11 48 40 45 56 6 43 6.90 0 1 5 4 18 15 17 21 2 16
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
33 Openbsd 253 4 19 6 42 64 14 72 2 30 6.60 0 2 8 2 17 25 6 28 1 12
34 Opera 239 4 73 86 22 8 46 6.60 0 0 2 0 31 36 9 3 0 19
35 Ffmpeg 238 1 2 34 12 66 46 77 7.80 0 0 1 0 14 5 28 19 0 32
36 Phpmyadmin 234 8 29 75 66 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
37 Mcafee 222 3 17 17 59 36 30 42 4 14 6.10 0 1 8 8 27 16 14 19 2 6
38 CA 217 1 7 2 39 35 13 50 1 69 7.50 0 0 3 1 18 16 6 23 0 32
39 XEN 214 19 29 7 79 27 22 29 2 5.20 0 9 14 3 37 13 10 14 1 0
40 Siemens 212 7 7 6 40 44 26 47 8 27 6.70 0 3 3 3 19 21 12 22 4 13
41 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
42 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
43 Citrix 184 4 10 2 37 46 19 36 30 6.70 0 2 5 1 20 25 10 20 0 16
44 Qemu 175 14 63 3 35 5 9 41 1 4 5.00 0 8 36 2 20 3 5 23 1 2
45 Openssl 174 3 8 38 79 11 25 10 6.20 0 2 5 0 22 45 6 14 0 6
46 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
47 Gentoo 168 5 22 2 9 35 18 45 32 6.80 0 3 13 1 5 21 11 27 0 19
48 Openstack 165 3 17 19 57 42 17 9 1 5.30 0 2 10 12 35 25 10 5 0 1
49 Juniper 165 4 4 40 35 13 51 1 17 6.80 0 0 2 2 24 21 8 31 1 10
50 Netbsd 160 4 28 3 28 26 10 45 16 6.20 0 3 18 2 18 16 6 28 0 10

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.