CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4276 2 11 165 26 507 677 219 904 23 1742 7.90 0 0 4 1 12 16 5 21 1 41
2 Apple 3106 1 51 183 35 466 398 757 536 12 667 7.00 0 2 6 1 15 13 24 17 0 21
3 Oracle 3081 2 71 153 272 909 602 323 274 9 466 6.20 0 2 5 9 30 20 10 9 0 15
4 IBM 2700 2 45 132 273 694 482 260 442 23 347 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2460 1 2 30 28 435 547 346 781 29 261 7.00 0 0 1 1 18 22 14 32 1 11
6 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
7 Mozilla 1591 5 72 8 300 290 154 227 1 534 7.40 0 0 5 1 19 18 10 14 0 34
8 Adobe 1581 18 3 124 108 49 74 1 1204 9.10 0 0 1 0 8 7 3 5 0 76
9 Google 1504 3 9 3 167 280 158 566 2 316 7.60 0 0 1 0 11 19 11 38 0 21
10 Linux 1351 1 83 217 38 453 118 133 272 4 32 5.50 0 6 16 3 34 9 10 20 0 2
11 HP 1270 1 9 48 21 241 164 103 327 20 336 7.30 0 1 4 2 19 13 8 26 2 26
12 Redhat 1040 38 123 51 208 198 125 218 5 74 6.00 0 4 12 5 20 19 12 21 0 7
13 Novell 776 1 14 32 33 133 201 64 145 153 6.80 0 2 4 4 17 26 8 19 0 20
14 Apache 640 5 32 15 176 223 64 92 33 6.10 0 1 5 2 28 35 10 14 0 5
15 Debian 498 10 50 28 85 90 65 125 2 43 6.30 0 2 10 6 17 18 13 25 0 9
16 PHP 441 21 6 57 133 62 130 32 6.70 0 0 5 1 13 30 14 29 0 7
17 Symantec 409 3 17 11 76 75 44 101 8 74 7.00 0 1 4 3 19 18 11 25 2 18
18 GNU 387 1 9 36 26 57 98 44 86 30 6.20 0 2 9 7 15 25 11 22 0 8
19 Wireshark 356 24 32 110 143 7 18 3 19 5.70 0 0 7 9 31 40 2 5 1 5
20 Canonical 345 11 14 12 87 66 52 69 2 32 6.40 0 3 4 3 25 19 15 20 1 9
21 Freebsd 327 7 42 9 54 60 25 105 25 6.30 0 2 13 3 17 18 8 32 0 8
22 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
23 Drupal 290 13 49 87 54 39 41 2 5 5.70 0 0 4 17 30 19 13 14 1 2
24 EMC 282 1 14 16 54 42 33 53 14 55 7.00 0 0 5 6 19 15 12 19 5 20
25 Moodle 281 5 23 123 64 42 17 7 5.70 0 0 2 8 44 23 15 6 0 2
26 SAP 276 2 3 49 90 24 72 1 35 6.90 0 0 1 1 18 33 9 26 0 13
27 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
28 Wordpress 253 10 7 97 49 35 43 1 11 6.10 0 0 4 3 38 19 14 17 0 4
29 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
30 Suse 238 2 32 1 27 39 16 87 34 6.80 0 1 13 0 11 16 7 37 0 14
31 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
32 Openbsd 233 4 18 6 32 63 14 64 2 30 6.70 0 2 8 3 14 27 6 27 1 13
33 Vmware 227 3 10 8 38 34 39 50 5 40 7.00 0 1 4 4 17 15 17 22 2 18
34 Ffmpeg 214 1 2 25 11 56 42 77 7.90 0 0 1 0 12 5 26 20 0 36
35 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
36 CA 205 1 7 1 37 32 10 49 1 67 7.50 0 0 3 0 18 16 5 24 0 33
37 Mcafee 187 2 15 10 51 29 25 39 3 13 6.20 0 1 8 5 27 16 13 21 2 7
38 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
39 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
40 XEN 171 14 20 6 63 25 19 22 2 5.30 0 8 12 4 37 15 11 13 1 0
41 Siemens 168 3 7 4 34 31 19 38 8 24 6.80 0 2 4 2 20 18 11 23 5 14
42 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
43 Phpmyadmin 157 7 23 50 35 18 20 1 3 5.70 0 0 4 15 32 22 11 13 1 2
44 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
45 Openstack 149 3 17 17 54 37 13 7 1 5.20 0 2 11 11 36 25 9 5 0 1
46 Citrix 148 4 8 1 23 38 17 28 29 6.80 0 3 5 1 16 26 11 19 0 20
47 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7
48 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
49 Openssl 140 1 5 33 68 10 18 5 6.10 0 1 4 0 24 49 7 13 0 4
50 Juniper 139 4 4 36 32 7 40 1 15 6.70 0 0 3 3 26 23 5 29 1 11

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.