CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5343 2 66 255 45 704 722 277 1269 24 1979 7.70 0 1 5 1 13 14 5 24 0 37
2 Oracle 4792 2 97 209 393 1367 1163 549 425 21 566 6.10 0 2 4 8 29 24 11 9 0 12
3 Apple 3993 1 53 239 41 653 503 980 651 15 857 7.00 0 1 6 1 16 13 25 16 0 21
4 IBM 3628 2 59 201 504 983 619 374 490 28 368 6.00 0 2 6 14 27 17 10 14 1 10
5 Cisco 3214 1 4 41 60 611 746 451 927 39 334 6.90 0 0 1 2 19 23 14 29 1 10
6 Google 3024 3 45 10 499 348 407 800 11 901 7.60 0 0 1 0 17 12 13 26 0 30
7 Adobe 2393 18 3 181 152 75 123 1 1840 9.10 0 0 1 0 8 6 3 5 0 77
8 Linux 1984 1 87 300 45 596 134 160 534 5 122 5.90 0 4 15 2 30 7 8 27 0 6
9 Mozilla 1718 5 72 8 332 300 212 244 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 Redhat 1632 46 158 80 345 305 206 333 6 153 6.20 0 3 10 5 21 19 13 20 0 9
11 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
12 Novell 1539 1 24 63 57 338 344 203 290 2 217 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1435 1 10 53 27 268 209 124 364 23 356 7.30 0 1 4 2 19 15 9 25 2 25
14 Debian 1211 16 76 43 268 255 197 265 4 87 6.40 0 1 6 4 22 21 16 22 0 7
15 Apache 936 6 37 22 238 313 104 166 2 48 6.20 0 1 4 2 25 33 11 18 0 5
16 Canonical 890 22 49 26 225 187 134 175 3 69 6.30 0 2 6 3 25 21 15 20 0 8
17 GNU 587 1 9 40 27 121 150 93 114 32 6.20 0 2 7 5 21 26 16 19 0 5
18 PHP 582 21 6 64 170 77 202 1 41 6.90 0 0 4 1 11 29 13 35 0 7
19 Fedoraproject 485 8 22 18 99 130 64 118 1 25 6.40 0 2 5 4 20 27 13 24 0 5
20 Wireshark 471 24 32 171 174 7 41 3 19 5.70 0 0 5 7 36 37 1 9 1 4
21 Symantec 464 4 22 15 88 82 50 107 11 85 6.90 0 1 5 3 19 18 11 23 2 18
22 Suse 441 4 45 7 78 73 63 102 69 6.70 0 1 10 2 18 17 14 23 0 16
23 Imagemagick 403 2 211 34 71 76 9 6.10 0 0 0 0 52 8 18 19 0 2
24 EMC 393 2 20 23 84 59 49 71 14 71 6.80 0 1 5 6 21 15 12 18 4 18
25 SAP 363 2 7 7 66 117 31 88 1 44 6.80 0 1 2 2 18 32 9 24 0 12
26 Freebsd 355 8 49 9 55 67 28 114 25 6.30 0 2 14 3 15 19 8 32 0 7
27 Moodle 345 5 26 161 79 48 19 7 5.70 0 0 1 8 47 23 14 6 0 2
28 Joomla 343 1 2 54 51 43 182 10 7.10 0 0 0 1 16 15 13 53 0 3
29 Drupal 317 13 49 95 66 46 40 3 5 5.80 0 0 4 15 30 21 15 13 1 2
30 Wordpress 315 11 11 125 71 40 45 1 11 6.00 0 0 3 3 40 23 13 14 0 3
31 Vmware 295 4 16 13 50 42 55 65 6 44 6.80 0 1 5 4 17 14 19 22 2 15
32 Ffmpeg 274 1 2 36 15 77 66 77 7.70 0 0 1 0 13 5 28 24 0 28
33 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
34 Openbsd 260 4 20 6 42 65 15 76 2 30 6.60 0 2 8 2 16 25 6 29 1 12
35 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
36 XEN 252 20 31 7 89 31 28 38 2 6 5.40 0 8 12 3 35 12 11 15 1 2
37 Mcafee 252 3 17 20 70 43 35 46 4 14 6.10 0 1 7 8 28 17 14 18 2 6
38 Juniper 245 1 10 9 54 59 20 68 1 23 6.60 0 0 4 4 22 24 8 28 0 9
39 Opera 242 4 73 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
40 Huawei 242 2 9 5 48 33 42 63 3 37 7.00 0 1 4 2 20 14 17 26 1 15
41 Phpmyadmin 240 8 29 76 70 26 25 2 4 5.80 0 0 3 12 32 29 11 10 1 2
42 Siemens 237 7 8 7 45 51 35 48 8 28 6.70 0 3 3 3 19 22 15 20 3 12
43 Qemu 221 23 76 4 46 10 11 45 1 5 4.90 0 10 34 2 21 5 5 20 0 2
44 CA 219 1 8 2 39 36 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
45 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
46 Citrix 194 4 11 2 39 47 20 38 33 6.70 0 2 6 1 20 24 10 20 0 17
47 Typo3 192 4 19 60 27 16 60 1 5 6.30 0 0 2 10 31 14 8 31 1 3
48 Openssl 182 3 9 39 85 11 25 10 6.10 0 2 5 0 21 47 6 14 0 5
49 Openstack 178 4 18 22 60 46 17 10 1 5.30 0 2 10 12 34 26 10 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.