CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5397 2 74 260 45 714 726 278 1288 24 1986 7.70 0 1 5 1 13 13 5 24 0 37
2 Oracle 4797 2 97 209 393 1367 1165 551 426 21 566 6.10 0 2 4 8 28 24 11 9 0 12
3 Apple 4055 1 53 246 41 669 505 1003 652 15 870 7.00 0 1 6 1 16 12 25 16 0 21
4 IBM 3648 2 59 201 512 991 621 374 491 28 369 6.00 0 2 6 14 27 17 10 13 1 10
5 Cisco 3284 1 4 46 64 640 760 459 936 39 335 6.90 0 0 1 2 19 23 14 29 1 10
6 Google 3113 3 45 10 534 367 408 816 13 917 7.60 0 0 1 0 17 12 13 26 0 29
7 Adobe 2478 18 3 193 161 76 129 1 1897 9.10 0 0 1 0 8 6 3 5 0 77
8 Linux 2002 1 87 301 45 599 134 162 545 5 123 5.90 0 4 15 2 30 7 8 27 0 6
9 Mozilla 1718 5 72 8 332 300 212 244 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 Redhat 1641 46 158 80 346 308 207 336 6 154 6.20 0 3 10 5 21 19 13 20 0 9
11 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
12 Novell 1539 1 24 63 57 338 344 203 290 2 217 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1437 1 10 53 27 268 210 124 365 23 356 7.30 0 1 4 2 19 15 9 25 2 25
14 Debian 1243 16 76 44 273 267 204 272 4 87 6.40 0 1 6 4 22 21 16 22 0 7
15 Apache 950 6 38 22 241 314 107 168 2 52 6.20 0 1 4 2 25 33 11 18 0 5
16 Canonical 893 22 49 27 226 188 134 175 3 69 6.30 0 2 5 3 25 21 15 20 0 8
17 GNU 602 1 9 41 27 122 150 106 114 32 6.20 0 1 7 4 20 25 18 19 0 5
18 PHP 583 21 6 64 171 77 202 1 41 6.90 0 0 4 1 11 29 13 35 0 7
19 Fedoraproject 485 8 22 18 99 130 64 118 1 25 6.40 0 2 5 4 20 27 13 24 0 5
20 Wireshark 474 24 32 171 177 7 41 3 19 5.70 0 0 5 7 36 37 1 9 1 4
21 Symantec 468 4 22 17 88 84 50 107 11 85 6.90 0 1 5 4 19 18 11 23 2 18
22 Suse 442 4 45 7 78 73 64 102 69 6.70 0 1 10 2 18 17 14 23 0 16
23 Imagemagick 403 2 211 34 71 76 9 6.10 0 0 0 0 52 8 18 19 0 2
24 EMC 398 2 21 23 84 60 49 72 14 73 6.80 0 1 5 6 21 15 12 18 4 18
25 SAP 363 2 7 7 66 117 31 88 1 44 6.80 0 1 2 2 18 32 9 24 0 12
26 Freebsd 358 8 51 9 56 67 28 114 25 6.30 0 2 14 3 16 19 8 32 0 7
27 Moodle 346 5 26 162 79 48 19 7 5.70 0 0 1 8 47 23 14 5 0 2
28 Joomla 345 1 2 55 51 43 183 10 7.10 0 0 0 1 16 15 12 53 0 3
29 Wordpress 320 11 14 125 71 41 46 1 11 6.00 0 0 3 4 39 22 13 14 0 3
30 Drupal 317 13 49 95 66 46 40 3 5 5.80 0 0 4 15 30 21 15 13 1 2
31 Huawei 311 2 14 8 64 42 52 77 9 43 6.90 0 1 5 3 21 14 17 25 3 14
32 Vmware 304 4 17 13 51 44 59 66 6 44 6.80 0 1 6 4 17 14 19 22 2 14
33 Ffmpeg 276 1 2 36 15 78 67 77 7.70 0 0 1 0 13 5 28 24 0 28
34 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
35 Openbsd 260 4 20 6 42 65 15 76 2 30 6.60 0 2 8 2 16 25 6 29 1 12
36 XEN 255 20 32 7 90 31 28 39 2 6 5.40 0 8 13 3 35 12 11 15 1 2
37 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
38 Mcafee 253 3 17 20 70 44 35 46 4 14 6.10 0 1 7 8 28 17 14 18 2 6
39 Juniper 245 1 10 9 54 59 20 68 1 23 6.60 0 0 4 4 22 24 8 28 0 9
40 Opera 242 4 73 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
41 Siemens 241 7 8 7 47 52 35 48 8 29 6.70 0 3 3 3 20 22 15 20 3 12
42 Phpmyadmin 240 8 29 76 70 26 25 2 4 5.80 0 0 3 12 32 29 11 10 1 2
43 Qemu 222 23 76 4 46 10 11 46 1 5 4.90 0 10 34 2 21 5 5 21 0 2
44 CA 220 1 8 3 39 36 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 31
45 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
46 Citrix 194 4 11 2 39 47 20 38 33 6.70 0 2 6 1 20 24 10 20 0 17
47 Typo3 192 4 19 60 27 16 60 1 5 6.30 0 0 2 10 31 14 8 31 1 3
48 Openssl 184 3 9 40 86 11 25 10 6.10 0 2 5 0 22 47 6 14 0 5
49 Openstack 180 4 18 22 61 46 17 11 1 5.30 0 2 10 12 34 26 9 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.