CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5770 2 96 295 57 787 739 323 1401 26 2044 7.60 0 2 5 1 14 13 6 24 0 35
2 Oracle 5099 2 100 221 405 1457 1292 593 442 21 566 6.10 0 2 4 8 29 25 12 9 0 11
3 Apple 4272 1 53 263 43 722 523 1060 675 15 917 7.00 0 1 6 1 17 12 25 16 0 21
4 IBM 3966 2 61 229 585 1095 677 409 507 28 373 5.90 0 2 6 15 28 17 10 13 1 9
5 Google 3521 5 54 14 631 431 432 929 25 1000 7.60 0 0 2 0 18 12 12 26 1 28
6 Cisco 3495 1 4 50 76 690 811 487 988 40 348 6.80 0 0 1 2 20 23 14 28 1 10
7 Adobe 2570 18 3 230 168 91 131 1 1928 9.00 0 0 1 0 9 7 4 5 0 75
8 Linux 2112 1 91 315 46 641 139 166 581 5 127 5.90 0 4 15 2 30 7 8 28 0 6
9 Mozilla 1769 5 72 8 345 328 213 251 1 546 7.30 0 0 4 0 20 19 12 14 0 31
10 Redhat 1760 46 168 86 376 340 223 351 6 164 6.20 0 3 10 5 21 19 13 20 0 9
11 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
12 HP 1615 1 10 58 35 281 235 137 383 24 451 7.40 0 1 4 2 17 15 8 24 1 28
13 Debian 1604 19 84 50 371 337 287 353 5 98 6.40 0 1 5 3 23 21 18 22 0 6
14 Novell 1540 1 24 63 57 338 346 203 289 2 217 6.60 0 2 4 4 22 22 13 19 0 14
15 Apache 1039 6 39 28 265 340 118 186 2 55 6.20 0 1 4 3 26 33 11 18 0 5
16 Canonical 1037 24 56 29 268 225 163 198 3 71 6.30 0 2 5 3 26 22 16 19 0 7
17 GNU 643 1 10 42 27 141 153 116 120 33 6.20 0 2 7 4 22 24 18 19 0 5
18 PHP 593 1 21 6 67 174 79 203 1 41 6.90 0 0 4 1 11 29 13 34 0 7
19 Wireshark 531 24 32 174 230 7 42 3 19 5.70 0 0 5 6 33 43 1 8 1 4
20 Fedoraproject 514 8 23 20 108 141 67 121 1 25 6.30 0 2 4 4 21 27 13 24 0 5
21 Symantec 481 4 22 18 93 88 53 107 11 85 6.90 0 1 5 4 19 18 11 22 2 18
22 Huawei 478 2 37 12 107 100 64 98 10 48 6.50 0 0 8 3 22 21 13 21 2 10
23 Imagemagick 459 2 247 35 80 86 9 6.10 0 0 0 0 54 8 17 19 0 2
24 Suse 450 4 46 7 79 75 65 105 69 6.70 0 1 10 2 18 17 14 23 0 15
25 SAP 434 2 7 11 95 137 44 93 1 44 6.60 0 0 2 3 22 32 10 21 0 10
26 EMC 411 2 21 23 85 61 50 79 14 76 6.90 0 0 5 6 21 15 12 19 3 18
27 Freebsd 368 8 52 9 57 69 28 117 28 6.30 0 2 14 2 15 19 8 32 0 8
28 Joomla 359 2 3 62 53 45 184 10 7.10 0 0 1 1 17 15 13 51 0 3
29 Moodle 357 5 27 168 81 50 19 7 5.70 0 0 1 8 47 23 14 5 0 2
30 Drupal 325 13 50 98 68 46 42 3 5 5.80 0 0 4 15 30 21 14 13 1 2
31 Wordpress 325 11 14 126 75 41 46 1 11 6.00 0 0 3 4 39 23 13 14 0 3
32 Qualcomm 323 1 1 6 62 8 30 2 213 8.80 0 0 0 0 2 19 2 9 1 66
33 Vmware 318 4 18 14 53 48 62 68 6 45 6.80 0 1 6 4 17 15 19 21 2 14
34 Ffmpeg 296 1 2 50 17 80 67 79 7.60 0 0 1 0 17 6 27 23 0 27
35 Mcafee 268 3 19 23 74 44 39 47 4 15 6.10 0 1 7 9 28 16 15 18 1 6
36 Juniper 268 1 11 12 60 60 22 74 3 25 6.60 0 0 4 4 22 22 8 28 1 9
37 XEN 267 21 32 7 95 31 32 41 2 6 5.50 0 8 12 3 36 12 12 15 1 2
38 Openbsd 262 4 20 6 42 67 15 76 2 30 6.60 0 2 8 2 16 26 6 29 1 11
39 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
40 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
41 Siemens 249 7 9 8 47 56 36 49 8 29 6.60 0 3 4 3 19 22 14 20 3 12
42 Phpmyadmin 244 8 30 76 70 28 26 2 4 5.80 0 0 3 12 31 29 11 11 1 2
43 Opera 243 4 74 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
44 Qemu 231 23 82 4 47 10 11 47 1 6 4.90 0 10 35 2 20 4 5 20 0 3
45 CA 225 1 8 3 42 36 14 51 1 69 7.40 0 0 4 1 19 16 6 23 0 31
46 Citrix 211 4 11 2 43 52 22 41 36 6.70 0 2 5 1 20 25 10 19 0 17
47 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
48 Foxitsoftware 205 2 1 54 5 128 1 14 6.60 0 0 1 0 26 2 62 0 0 7
49 Jenkins 200 1 9 19 73 43 40 11 4 5.70 0 1 5 10 37 22 20 6 0 2
50 Typo3 193 4 20 60 27 16 60 1 5 6.20 0 0 2 10 31 14 8 31 1 3

Vendor(s) with highest weighted average (9.00): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.