CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5970 2 100 305 64 834 750 340 1479 27 2069 7.60 0 2 5 1 14 13 6 25 0 35
2 Oracle 5505 2 105 232 428 1583 1483 621 459 25 567 6.10 0 2 4 8 29 27 11 8 0 10
3 Apple 4273 1 53 262 43 723 523 1060 676 15 917 7.00 0 1 6 1 17 12 25 16 0 21
4 IBM 4121 2 62 238 655 1127 704 417 512 28 376 5.90 0 2 6 16 27 17 10 12 1 9
5 Google 3686 9 65 16 708 440 444 974 27 1003 7.50 0 0 2 0 19 12 12 26 1 27
6 Cisco 3583 1 4 54 77 707 822 503 1012 42 361 6.90 0 0 2 2 20 23 14 28 1 10
7 Adobe 2736 18 3 273 204 134 142 1 1961 8.90 0 0 1 0 10 7 5 5 0 72
8 Linux 2176 1 91 322 48 666 138 176 603 6 125 5.90 0 4 15 2 31 6 8 28 0 6
9 Redhat 2105 49 179 100 451 419 270 451 7 179 6.20 0 2 9 5 21 20 13 21 0 9
10 Debian 2079 23 92 56 482 434 365 499 6 122 6.40 0 1 4 3 23 21 18 24 0 6
11 Mozilla 2048 9 78 12 391 420 236 346 1 555 7.20 0 0 4 1 19 21 12 17 0 27
12 HP 1646 1 10 60 39 284 238 141 397 24 452 7.40 0 1 4 2 17 14 9 24 1 27
13 SUN 1628 3 26 105 45 311 283 119 421 4 311 6.80 0 2 6 3 19 17 7 26 0 19
14 Canonical 1333 25 73 33 348 275 223 261 4 91 6.30 0 2 5 2 26 21 17 20 0 7
15 Opensuse 1105 18 53 53 235 250 187 192 3 114 6.40 0 2 5 5 21 23 17 17 0 10
16 Apache 1078 7 38 29 278 353 124 189 2 58 6.20 0 1 4 3 26 33 12 18 0 5
17 Novell 666 1 7 27 9 152 145 46 126 153 6.90 0 1 4 1 23 22 7 19 0 23
18 GNU 656 1 11 42 28 149 157 115 121 32 6.20 0 2 6 4 23 24 18 18 0 5
19 PHP 598 1 21 6 69 178 77 204 1 41 6.80 0 0 4 1 12 30 13 34 0 7
20 Wireshark 545 24 32 174 241 7 45 3 19 5.80 0 0 4 6 32 44 1 8 1 3
21 Fedoraproject 522 8 23 20 111 145 67 122 1 25 6.30 0 2 4 4 21 28 13 23 0 5
22 Huawei 494 2 38 12 115 101 65 103 10 48 6.50 0 0 8 2 23 20 13 21 2 10
23 Symantec 488 4 22 19 94 90 55 107 11 86 6.90 0 1 5 4 19 18 11 22 2 18
24 Imagemagick 488 2 269 35 84 90 8 6.00 0 0 0 0 55 7 17 18 0 2
25 SAP 461 2 9 11 104 147 49 94 1 44 6.60 0 0 2 2 23 32 11 20 0 10
26 Suse 453 4 45 7 81 76 65 106 69 6.70 0 1 10 2 18 17 14 23 0 15
27 EMC 419 2 22 23 87 63 51 79 14 78 6.80 0 0 5 5 21 15 12 19 3 19
28 Freebsd 373 8 52 9 60 70 28 118 28 6.30 0 2 14 2 16 19 8 32 0 8
29 Joomla 364 2 4 63 54 46 185 10 7.00 0 0 1 1 17 15 13 51 0 3
30 Moodle 360 5 27 169 83 50 19 7 5.70 0 0 1 8 47 23 14 5 0 2
31 Qualcomm 339 1 2 13 63 11 34 2 213 8.70 0 0 0 1 4 19 3 10 1 63
32 Wordpress 327 11 14 126 73 45 46 1 11 6.00 0 0 3 4 39 22 14 14 0 3
33 Drupal 324 13 50 98 66 46 43 3 5 5.80 0 0 4 15 30 20 14 13 1 2
34 Vmware 324 4 18 14 56 51 62 68 6 45 6.70 0 1 6 4 17 16 19 21 2 14
35 Ffmpeg 308 1 2 58 18 81 69 79 7.50 0 0 1 0 19 6 26 22 0 26
36 Foxitsoftware 298 2 1 58 5 211 7 14 6.70 0 0 1 0 19 2 71 2 0 5
37 Juniper 279 1 11 12 64 63 23 76 3 26 6.60 0 0 4 4 23 23 8 27 1 9
38 Mcafee 279 3 19 24 77 45 43 48 4 16 6.10 0 1 7 9 28 16 15 17 1 6
39 XEN 278 21 33 7 99 31 35 42 2 8 5.50 0 8 12 3 36 11 13 15 1 3
40 Siemens 274 7 10 10 54 58 39 52 9 35 6.60 0 3 4 4 20 21 14 19 3 13
41 Openbsd 269 8 20 6 43 69 15 76 2 30 6.50 0 3 7 2 16 26 6 28 1 11
42 Mysql 260 3 21 25 115 34 24 24 3 11 5.60 0 1 8 10 44 13 9 9 1 4
43 Jenkins 256 1 15 24 104 55 41 11 5 5.50 0 0 6 9 41 21 16 4 0 2
44 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
45 Phpmyadmin 247 8 30 78 70 29 26 2 4 5.80 0 0 3 12 32 28 12 11 1 2
46 Qemu 243 23 83 4 48 13 12 50 1 9 5.00 0 9 34 2 20 5 5 21 0 4
47 Opera 243 4 74 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
48 CA 238 1 8 3 45 40 15 56 1 69 7.40 0 0 3 1 19 17 6 24 0 29
49 Citrix 216 4 11 2 44 52 22 41 40 6.80 0 2 5 1 20 24 10 19 0 19
50 Realnetworks 213 1 5 13 32 6 29 127 8.50 0 0 2 0 6 15 3 14 0 60

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.