the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Current CVSS Score Distribution For All Vulnerabilities

Distribution of all vulnerabilities by CVSS Scores
CVSS Score Number Of Vulnerabilities Percentage
0-1 24412 11.90
1-2 1198 0.60
2-3 8337 4.10
3-4 9494 4.60
4-5 42988 21.00
5-6 34098 16.70
6-7 27167 13.30
7-8 35998 17.60
8-9 898 0.40
9-10 19973 9.80
Total 204563
Weighted Average CVSS Score: 5.8
Vulnerability Distribution By CVSS Scores
CVSS Score Ranges

CVSS Scores Used By This Site

All CVSS scores used on this site are CVSS base scores. All CVSS data are taken from CVE vulnerability data published by National Vulnerability Database, NVD.

What is CVSS?

Common Vulnerability Scoring System , CVSS, is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities. CVSS helps organizations prioritize and coordinate a joint response to security vulnerabilities by communicating the base, temporal and environmental properties of a vulnerability. For additional information on CVSS v2, please see and

CVSS is composed of three metric groups: Base, Temporal, and Environmental, each consisting of a set of metrics.
These metric groups are described as follows:
  • Base: represents the intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments.
  • Temporal: represents the characteristics of a vulnerability that change over time but not among user environments.
  • Environmental: represents the characteristics of a vulnerability that are relevant and unique to a particular user's environment.
The purpose of the CVSS base group is to define and communicate the fundamental characteristics of a vulnerability. This objective approach to characterizing vulnerabilities provides users with a clear and intuitive representation of a vulnerability. Users can then invoke the temporal and environmental groups to provide contextual information that more accurately reflects the risk to their unique environment. This allows them to make more informed decisions when trying to mitigate risks posed by the vulnerabilities.
Click here for the CVSS complete documentation published by Forum of Incident Response and Security Teams
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.