CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4735 2 14 210 32 559 701 240 1070 23 1884 7.80 0 0 4 1 12 15 5 23 0 40
2 Oracle 3918 2 79 182 316 1145 777 470 372 14 561 6.20 0 2 5 8 29 20 12 9 0 14
3 Apple 3498 1 53 201 39 544 460 821 598 15 766 7.10 0 2 6 1 16 13 23 17 0 22
4 IBM 3016 2 48 154 339 801 537 297 455 25 358 6.20 0 2 5 11 27 18 10 15 1 12
5 Cisco 2795 1 3 30 32 509 629 404 860 34 293 7.00 0 0 1 1 18 23 14 31 1 10
6 Google 2216 3 24 6 317 308 278 675 7 598 7.60 0 0 1 0 14 14 13 30 0 27
7 Adobe 2177 18 3 140 126 67 118 1 1704 9.20 0 0 1 0 6 6 3 5 0 78
8 Mozilla 1714 5 72 8 331 299 212 242 1 544 7.30 0 0 4 0 19 17 12 14 0 32
9 Linux 1652 1 87 247 42 545 132 146 365 4 83 5.70 0 5 15 3 33 8 9 22 0 5
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1519 44 142 76 325 277 193 306 6 150 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1465 1 23 63 57 315 328 193 269 2 214 6.60 0 2 4 4 22 22 13 18 0 15
13 HP 1408 1 10 53 26 261 203 122 358 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1077 15 67 42 234 217 175 241 4 82 6.40 0 1 6 4 22 20 16 22 0 8
15 Canonical 822 22 41 26 214 164 128 157 3 67 6.30 0 3 5 3 26 20 16 19 0 8
16 Apache 742 5 34 18 202 245 84 111 1 42 6.20 0 1 5 2 27 33 11 15 0 6
17 PHP 549 21 6 62 156 73 189 1 41 6.90 0 0 4 1 11 28 13 34 0 7
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 Wireshark 418 24 32 170 143 7 20 3 19 5.60 0 0 6 8 41 34 2 5 1 5
20 GNU 411 1 9 36 26 59 109 49 92 30 6.20 0 2 9 6 14 27 12 22 0 7
21 Suse 402 3 37 6 70 61 60 97 68 6.80 0 1 9 1 17 15 15 24 0 17
22 Fedoraproject 397 8 19 16 73 104 55 99 1 22 6.40 0 2 5 4 18 26 14 25 0 6
23 Freebsd 335 8 42 9 55 61 26 109 25 6.30 0 2 13 3 16 18 8 33 0 7
24 EMC 332 1 18 20 67 50 41 60 14 61 6.80 0 0 5 6 20 15 12 18 4 18
25 Joomla 326 1 2 46 46 42 179 10 7.20 0 0 0 1 14 14 13 55 0 3
26 SAP 325 2 7 5 57 107 26 79 1 41 6.80 0 1 2 2 18 33 8 24 0 13
27 Moodle 318 5 25 148 69 46 18 7 5.70 0 0 2 8 47 22 14 6 0 2
28 Drupal 309 13 49 94 60 44 41 3 5 5.80 0 0 4 16 30 19 14 13 1 2
29 Wordpress 282 10 9 108 61 39 43 1 11 6.10 0 0 4 3 38 22 14 15 0 4
30 Vmware 264 3 12 11 48 40 45 56 6 43 6.90 0 1 5 4 18 15 17 21 2 16
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
33 Openbsd 241 4 19 6 33 64 14 69 2 30 6.70 0 2 8 2 14 27 6 29 1 12
34 Opera 238 4 73 85 22 8 46 6.60 0 0 2 0 31 36 9 3 0 19
35 Phpmyadmin 233 8 29 75 65 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
36 Ffmpeg 232 1 2 34 11 65 42 77 7.80 0 0 1 0 15 5 28 18 0 33
37 CA 212 1 7 2 38 32 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 33
38 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
39 Siemens 205 7 7 6 38 43 24 45 8 27 6.70 0 3 3 3 19 21 12 22 4 13
40 Mcafee 197 3 15 12 52 31 26 41 4 13 6.20 0 2 8 6 26 16 13 21 2 7
41 XEN 197 19 24 7 68 27 22 28 2 5.30 0 10 12 4 35 14 11 14 1 0
42 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
43 Openssl 174 3 8 39 79 11 24 10 6.10 0 2 5 0 22 45 6 14 0 6
44 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
45 Gentoo 168 5 22 2 9 35 18 45 32 6.80 0 3 13 1 5 21 11 27 0 19
46 Citrix 166 4 9 1 29 43 18 32 30 6.80 0 2 5 1 17 26 11 19 0 18
47 Openstack 165 3 17 19 57 42 17 9 1 5.30 0 2 10 12 35 25 10 5 0 1
48 Juniper 159 4 4 38 35 11 50 1 16 6.80 0 0 3 3 24 22 7 31 1 10
49 Qemu 158 14 56 3 27 4 8 41 1 4 5.10 0 9 35 2 17 3 5 26 1 3
50 Netbsd 158 4 28 3 28 26 10 43 16 6.20 0 3 18 2 18 16 6 27 0 10

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.