CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 6045 2 102 314 68 846 759 343 1499 27 2085 7.60 0 2 5 1 14 13 6 25 0 34
2 Oracle 5511 2 105 232 428 1584 1486 622 459 25 568 6.10 0 2 4 8 29 27 11 8 0 10
3 Apple 4273 1 53 262 43 723 523 1060 676 15 917 7.00 0 1 6 1 17 12 25 16 0 21
4 IBM 4225 2 63 248 682 1158 723 424 519 29 377 5.90 0 1 6 16 27 17 10 12 1 9
5 Google 3744 9 66 16 732 440 458 988 28 1007 7.50 0 0 2 0 20 12 12 26 1 27
6 Cisco 3658 1 4 54 81 724 832 518 1022 42 380 6.90 0 0 1 2 20 23 14 28 1 10
7 Adobe 2855 18 3 319 220 136 143 1 2015 8.80 0 0 1 0 11 8 5 5 0 71
8 Debian 2197 24 93 59 525 447 388 530 6 125 6.40 0 1 4 3 24 20 18 24 0 6
9 Linux 2192 1 91 326 49 671 138 177 608 6 125 5.90 0 4 15 2 31 6 8 28 0 6
10 Redhat 2174 49 181 102 479 427 286 463 7 180 6.20 0 2 8 5 22 20 13 21 0 8
11 Mozilla 2076 9 79 12 397 423 246 354 1 555 7.20 0 0 4 1 19 20 12 17 0 27
12 HP 1651 1 10 60 39 284 239 142 397 24 455 7.40 0 1 4 2 17 14 9 24 1 28
13 SUN 1628 3 26 105 45 311 283 119 421 4 311 6.80 0 2 6 3 19 17 7 26 0 19
14 Canonical 1428 27 79 36 374 284 246 285 4 93 6.30 0 2 6 3 26 20 17 20 0 7
15 Opensuse 1106 18 53 53 236 250 187 192 3 114 6.40 0 2 5 5 21 23 17 17 0 10
16 Apache 1084 7 38 29 278 359 125 189 2 57 6.20 0 1 4 3 26 33 12 17 0 5
17 Novell 666 1 7 27 9 152 145 46 126 153 6.90 0 1 4 1 23 22 7 19 0 23
18 GNU 664 1 11 42 28 156 157 115 122 32 6.20 0 2 6 4 23 24 17 18 0 5
19 PHP 598 1 21 6 69 178 77 204 1 41 6.80 0 0 4 1 12 30 13 34 0 7
20 Wireshark 548 24 32 174 243 7 46 3 19 5.80 0 0 4 6 32 44 1 8 1 3
21 Fedoraproject 524 8 23 20 111 146 67 123 1 25 6.30 0 2 4 4 21 28 13 23 0 5
22 Huawei 503 2 41 13 119 101 65 104 10 48 6.40 0 0 8 3 24 20 13 21 2 10
23 Symantec 490 4 22 19 94 91 55 108 11 86 6.90 0 1 4 4 19 19 11 22 2 18
24 Imagemagick 488 2 269 35 84 90 8 6.00 0 0 0 0 55 7 17 18 0 2
25 SAP 478 2 9 12 109 154 53 94 1 44 6.50 0 0 2 3 23 32 11 20 0 9
26 Suse 463 4 45 7 84 77 70 107 69 6.70 0 1 10 2 18 17 15 23 0 15
27 EMC 420 2 22 23 87 63 51 80 14 78 6.90 0 0 5 5 21 15 12 19 3 19
28 Qualcomm 407 1 3 22 65 14 82 4 216 8.50 0 0 0 1 5 16 3 20 1 53
29 Freebsd 381 8 53 9 62 72 28 121 28 6.30 0 2 14 2 16 19 7 32 0 7
30 Joomla 367 2 4 65 54 47 185 10 7.00 0 0 1 1 18 15 13 50 0 3
31 Moodle 361 5 27 169 83 51 19 7 5.70 0 0 1 7 47 23 14 5 0 2
32 Foxitsoftware 343 2 1 62 7 250 7 14 6.70 0 0 1 0 18 2 73 2 0 4
33 Wordpress 327 11 14 126 73 45 46 1 11 6.00 0 0 3 4 39 22 14 14 0 3
34 Vmware 324 4 18 14 56 51 62 68 6 45 6.70 0 1 6 4 17 16 19 21 2 14
35 Drupal 324 13 50 98 66 46 43 3 5 5.80 0 0 4 15 30 20 14 13 1 2
36 Ffmpeg 308 1 2 58 18 81 69 79 7.50 0 0 1 0 19 6 26 22 0 26
37 Mcafee 283 3 19 25 80 45 43 48 4 16 6.10 0 1 7 9 28 16 15 17 1 6
38 Juniper 282 1 11 14 65 63 23 76 3 26 6.60 0 0 4 5 23 22 8 27 1 9
39 XEN 278 21 33 7 99 31 35 42 2 8 5.50 0 8 12 3 36 11 13 15 1 3
40 Siemens 277 7 10 10 54 58 40 53 9 36 6.70 0 3 4 4 19 21 14 19 3 13
41 Openbsd 269 8 20 6 43 69 15 76 2 30 6.50 0 3 7 2 16 26 6 28 1 11
42 Mysql 259 3 21 24 115 34 24 24 3 11 5.60 0 1 8 9 44 13 9 9 1 4
43 Jenkins 255 1 14 24 104 55 41 11 5 5.50 0 0 5 9 41 22 16 4 0 2
44 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
45 Phpmyadmin 247 8 30 78 70 29 26 2 4 5.80 0 0 3 12 32 28 12 11 1 2
46 Qemu 247 23 84 4 48 15 12 51 1 9 5.00 0 9 34 2 19 6 5 21 0 4
47 Opera 242 4 74 87 22 8 47 6.60 0 0 2 0 31 36 9 3 0 19
48 CA 238 1 8 3 45 40 15 56 1 69 7.40 0 0 3 1 19 17 6 24 0 29
49 Citrix 221 4 11 3 44 53 22 44 40 6.80 0 2 5 1 20 24 10 20 0 18
50 Realnetworks 213 1 5 13 32 6 29 127 8.50 0 0 2 0 6 15 3 14 0 60

Vendor(s) with highest weighted average (8.80): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.