CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4588 2 13 190 28 544 691 231 1032 23 1834 7.80 0 0 4 1 12 15 5 22 1 40
2 Oracle 3536 2 77 166 300 1040 697 398 321 14 521 6.20 0 2 5 8 29 20 11 9 0 15
3 Apple 3491 1 53 201 39 544 460 817 596 15 765 7.10 0 2 6 1 16 13 23 17 0 22
4 IBM 2886 2 46 147 314 753 513 281 450 24 356 6.20 0 2 5 11 26 18 10 16 1 12
5 Cisco 2685 1 2 30 32 479 601 386 836 33 285 7.00 0 0 1 1 18 22 14 31 1 11
6 Google 2020 3 17 5 260 306 260 639 7 523 7.60 0 0 1 0 13 15 13 32 0 26
7 Adobe 1983 18 3 132 122 67 115 1 1525 9.10 0 0 1 0 7 6 3 6 0 77
8 Mozilla 1713 5 72 8 331 299 211 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1504 1 87 232 39 511 131 137 313 4 49 5.60 0 6 15 3 34 9 9 21 0 3
11 Redhat 1433 44 137 72 309 265 181 287 6 132 6.20 0 3 10 5 22 18 13 20 0 9
12 HP 1383 1 10 53 25 256 196 116 352 22 352 7.30 0 1 4 2 19 14 8 25 2 25
13 Novell 1352 1 23 59 56 292 301 166 239 2 213 6.60 0 2 4 4 22 22 12 18 0 16
14 Debian 947 15 60 38 198 193 158 206 4 75 6.40 0 2 6 4 21 20 17 22 0 8
15 Canonical 734 22 39 22 190 148 113 139 3 58 6.30 0 3 5 3 26 20 15 19 0 8
16 Apache 731 5 34 18 202 243 82 105 1 41 6.10 0 1 5 2 28 33 11 14 0 6
17 PHP 538 21 6 61 154 73 181 1 41 6.90 0 0 4 1 11 29 14 34 0 8
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 Wireshark 413 24 32 165 143 7 20 3 19 5.60 0 0 6 8 40 35 2 5 1 5
20 GNU 407 1 9 36 26 59 106 49 91 30 6.20 0 2 9 6 14 26 12 22 0 7
21 Suse 353 3 36 4 58 50 58 94 50 6.70 0 1 10 1 16 14 16 27 0 14
22 Freebsd 335 8 42 9 55 61 26 109 25 6.30 0 2 13 3 16 18 8 33 0 7
23 Fedoraproject 322 8 17 14 68 86 45 66 1 17 6.20 0 2 5 4 21 27 14 20 0 5
24 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
25 EMC 321 1 17 19 65 49 40 57 14 59 6.90 0 0 5 6 20 15 12 18 4 18
26 Moodle 314 5 25 147 68 44 18 7 5.70 0 0 2 8 47 22 14 6 0 2
27 SAP 310 5 3 54 102 26 79 1 40 6.90 0 0 2 1 17 33 8 25 0 13
28 Drupal 303 13 49 88 60 44 41 3 5 5.80 0 0 4 16 29 20 15 14 1 2
29 Wordpress 273 10 8 106 58 36 43 1 11 6.10 0 0 4 3 39 21 13 16 0 4
30 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
31 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
32 Vmware 243 3 10 10 45 35 41 52 5 42 6.90 0 1 4 4 19 14 17 21 2 17
33 Opera 238 4 73 85 22 8 46 6.60 0 0 2 0 31 36 9 3 0 19
34 Openbsd 236 4 18 6 33 64 13 66 2 30 6.70 0 2 8 3 14 27 6 28 1 13
35 Ffmpeg 221 1 2 26 11 62 42 77 7.90 0 0 1 0 12 5 28 19 0 35
36 CA 212 1 7 2 38 32 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 33
37 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
38 Mcafee 196 2 15 12 52 31 26 41 4 13 6.20 0 1 8 6 27 16 13 21 2 7
39 XEN 195 19 24 6 67 27 22 28 2 5.30 0 10 12 3 34 14 11 14 1 0
40 Siemens 188 5 7 5 37 37 20 42 8 27 6.80 0 3 4 3 20 20 11 22 4 14
41 Phpmyadmin 185 7 28 59 47 18 22 1 3 5.70 0 0 4 15 32 25 10 12 1 2
42 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
43 Openssl 174 3 8 39 79 11 24 10 6.10 0 2 5 0 22 45 6 14 0 6
44 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
45 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
46 Citrix 163 4 9 1 28 41 18 32 30 6.80 0 2 6 1 17 25 11 20 0 18
47 Openstack 162 3 17 19 55 42 17 8 1 5.30 0 2 10 12 34 26 10 5 0 1
48 Netbsd 157 4 28 3 28 25 10 43 16 6.20 0 3 18 2 18 16 6 27 0 10
49 Juniper 156 4 4 38 34 11 48 1 16 6.70 0 0 3 3 24 22 7 31 1 10
50 KDE 148 1 11 29 31 18 48 10 6.60 0 1 7 0 20 21 12 32 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.