CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5879 2 99 297 61 816 744 339 1439 27 2055 7.60 0 2 5 1 14 13 6 24 0 35
2 Oracle 5292 2 102 228 418 1516 1383 606 447 23 567 6.10 0 2 4 8 29 26 11 8 0 11
3 Apple 4272 1 53 263 43 722 523 1060 675 15 917 7.00 0 1 6 1 17 12 25 16 0 21
4 IBM 4059 2 62 234 637 1112 690 411 510 28 373 5.90 0 2 6 16 27 17 10 13 1 9
5 Google 3597 9 62 15 674 435 435 939 26 1002 7.50 0 0 2 0 19 12 12 26 1 28
6 Cisco 3540 1 4 51 76 697 818 497 1000 42 354 6.90 0 0 1 2 20 23 14 28 1 10
7 Adobe 2722 18 3 271 201 132 136 1 1960 8.90 0 0 1 0 10 7 5 5 0 72
8 Linux 2142 1 91 318 47 660 137 172 586 5 125 5.90 0 4 15 2 31 6 8 27 0 6
9 Mozilla 2048 9 78 12 390 420 237 346 1 555 7.20 0 0 4 1 19 21 12 17 0 27
10 Redhat 1937 47 168 88 394 383 244 432 7 174 6.30 0 2 9 5 20 20 13 22 0 9
11 Debian 1835 20 87 52 399 387 318 461 5 106 6.50 0 1 5 3 22 21 17 25 0 6
12 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
13 HP 1616 1 10 58 35 281 235 137 384 24 451 7.40 0 1 4 2 17 15 8 24 1 28
14 Novell 1540 1 24 63 57 338 346 203 289 2 217 6.60 0 2 4 4 22 22 13 19 0 14
15 Canonical 1147 25 57 30 295 250 180 233 3 74 6.30 0 2 5 3 26 22 16 20 0 6
16 Apache 1053 7 40 29 267 344 122 186 2 56 6.20 0 1 4 3 25 33 12 18 0 5
17 GNU 651 1 10 42 27 144 157 116 121 33 6.20 0 2 6 4 22 24 18 19 0 5
18 PHP 594 1 21 6 67 174 79 204 1 41 6.90 0 0 4 1 11 29 13 34 0 7
19 Wireshark 542 24 32 174 238 7 45 3 19 5.80 0 0 4 6 32 44 1 8 1 4
20 Fedoraproject 518 8 23 20 110 142 67 122 1 25 6.30 0 2 4 4 21 27 13 24 0 5
21 Huawei 484 2 37 12 109 101 65 100 10 48 6.50 0 0 8 2 23 21 13 21 2 10
22 Symantec 483 4 22 19 93 88 54 107 11 85 6.90 0 1 5 4 19 18 11 22 2 18
23 Imagemagick 466 2 252 35 82 86 9 6.10 0 0 0 0 54 8 18 18 0 2
24 Suse 450 4 46 7 79 75 65 105 69 6.70 0 1 10 2 18 17 14 23 0 15
25 SAP 448 2 9 11 100 141 47 93 1 44 6.60 0 0 2 2 22 31 10 21 0 10
26 EMC 415 2 21 23 86 62 51 79 14 77 6.90 0 0 5 6 21 15 12 19 3 19
27 Freebsd 370 8 52 9 58 69 28 118 28 6.30 0 2 14 2 16 19 8 32 0 8
28 Joomla 361 2 3 63 53 46 184 10 7.00 0 0 1 1 17 15 13 51 0 3
29 Moodle 360 5 27 168 83 50 20 7 5.70 0 0 1 8 47 23 14 6 0 2
30 Qualcomm 339 1 2 13 63 11 34 2 213 8.70 0 0 0 1 4 19 3 10 1 63
31 Wordpress 326 11 14 126 75 42 46 1 11 6.00 0 0 3 4 39 23 13 14 0 3
32 Drupal 325 13 50 98 68 46 42 3 5 5.80 0 0 4 15 30 21 14 13 1 2
33 Vmware 322 4 18 14 54 51 62 68 6 45 6.80 0 1 6 4 17 16 19 21 2 14
34 Ffmpeg 301 1 2 55 17 80 67 79 7.50 0 0 1 0 18 6 27 22 0 26
35 Juniper 279 1 11 12 64 63 23 76 3 26 6.60 0 0 4 4 23 23 8 27 1 9
36 Mcafee 276 3 19 24 76 45 41 49 4 15 6.10 0 1 7 9 28 16 15 18 1 5
37 XEN 272 21 33 7 96 31 33 41 2 8 5.50 0 8 12 3 35 11 12 15 1 3
38 Siemens 268 7 10 10 52 57 38 50 9 35 6.70 0 3 4 4 19 21 14 19 3 13
39 Openbsd 266 8 20 6 42 67 15 76 2 30 6.60 0 3 8 2 16 25 6 29 1 11
40 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
41 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
42 Phpmyadmin 246 8 30 77 70 29 26 2 4 5.80 0 0 3 12 31 28 12 11 1 2
43 Opera 243 4 74 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
44 Qemu 237 23 82 4 47 11 11 49 1 9 5.00 0 10 35 2 20 5 5 21 0 4
45 CA 229 1 8 3 43 36 14 54 1 69 7.40 0 0 3 1 19 16 6 24 0 30
46 Jenkins 219 1 12 20 86 45 40 11 4 5.60 0 0 5 9 39 21 18 5 0 2
47 Citrix 214 4 11 2 43 52 22 41 39 6.80 0 2 5 1 20 24 10 19 0 18
48 Realnetworks 208 1 5 13 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
49 Foxitsoftware 207 2 1 54 5 129 2 14 6.60 0 0 1 0 26 2 62 1 0 7
50 Typo3 193 4 20 60 27 16 60 1 5 6.20 0 0 2 10 31 14 8 31 1 3

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.