CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4977 2 21 227 36 632 712 255 1147 23 1922 7.80 0 0 5 1 13 14 5 23 0 39
2 Oracle 4356 2 87 192 367 1234 972 509 407 21 565 6.20 0 2 4 8 28 22 12 9 0 13
3 Apple 3792 1 53 231 41 614 489 916 619 15 813 7.00 0 1 6 1 16 13 24 16 0 21
4 IBM 3311 2 54 181 408 890 565 340 478 28 365 6.10 0 2 5 12 27 17 10 14 1 11
5 Cisco 2938 1 3 30 41 540 675 419 887 37 305 7.00 0 0 1 1 18 23 14 30 1 10
6 Google 2508 3 30 7 389 312 324 748 8 687 7.60 0 0 1 0 16 12 13 30 0 27
7 Adobe 2284 18 3 156 137 70 122 1 1777 9.20 0 0 1 0 7 6 3 5 0 78
8 Linux 1904 1 87 289 43 577 134 152 497 4 120 5.90 0 5 15 2 30 7 8 26 0 6
9 Mozilla 1716 5 72 8 332 299 212 243 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1549 44 145 77 331 281 200 314 6 151 6.20 0 3 9 5 21 18 13 20 0 10
12 Novell 1512 1 24 63 57 335 338 198 279 2 215 6.60 0 2 4 4 22 22 13 18 0 14
13 HP 1410 1 10 53 26 261 204 122 359 22 352 7.30 0 1 4 2 19 14 9 25 2 25
14 Debian 1128 15 68 42 247 233 182 255 4 82 6.40 0 1 6 4 22 21 16 23 0 7
15 Canonical 850 22 42 26 219 174 131 166 3 67 6.30 0 3 5 3 26 20 15 20 0 8
16 Apache 782 5 35 18 208 256 88 128 1 43 6.20 0 1 4 2 27 33 11 16 0 5
17 PHP 561 21 6 62 163 75 192 1 41 6.90 0 0 4 1 11 29 13 34 0 7
18 GNU 477 1 9 38 26 82 132 57 102 30 6.20 0 2 8 5 17 28 12 21 0 6
19 Wireshark 441 24 32 170 156 7 30 3 19 5.70 0 0 5 7 39 35 2 7 1 4
20 Symantec 439 3 19 12 80 78 48 105 10 84 7.00 0 1 4 3 18 18 11 24 2 19
21 Fedoraproject 438 8 19 16 88 113 60 110 1 23 6.40 0 2 4 4 20 26 14 25 0 5
22 Suse 423 4 39 6 78 65 63 100 68 6.70 0 1 9 1 18 15 15 24 0 16
23 EMC 356 2 20 20 73 55 42 65 14 65 6.80 0 1 6 6 21 15 12 18 4 18
24 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
25 Moodle 340 5 26 156 79 48 19 7 5.70 0 0 1 8 46 23 14 6 0 2
26 SAP 339 2 7 5 60 111 28 83 1 42 6.80 0 1 2 1 18 33 8 24 0 12
27 Joomla 335 1 2 51 49 42 180 10 7.10 0 0 0 1 15 15 13 54 0 3
28 Drupal 313 13 49 94 63 45 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 302 10 11 118 67 40 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
30 Vmware 266 3 13 11 49 40 45 56 6 43 6.80 0 1 5 4 18 15 17 21 2 16
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 Openbsd 256 4 20 6 42 64 14 74 2 30 6.60 0 2 8 2 16 25 5 29 1 12
33 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
34 Ffmpeg 243 1 2 34 12 66 51 77 7.80 0 0 1 0 14 5 27 21 0 32
35 Mcafee 241 3 17 18 68 42 32 43 4 14 6.10 0 1 7 7 28 17 13 18 2 6
36 Opera 240 4 73 87 22 8 46 6.60 0 0 2 0 30 36 9 3 0 19
37 Imagemagick 235 2 122 27 42 33 9 6.10 0 0 1 0 52 11 18 14 0 4
38 Phpmyadmin 234 8 29 75 66 25 25 2 4 5.70 0 0 3 12 32 28 11 11 1 2
39 Siemens 221 7 7 7 43 44 31 47 8 27 6.70 0 3 3 3 19 20 14 21 4 12
40 Huawei 220 2 8 4 45 29 39 56 3 34 7.00 0 1 4 2 20 13 18 25 1 15
41 XEN 219 20 29 7 79 27 24 31 2 5.20 0 9 13 3 36 12 11 14 1 0
42 CA 218 1 8 2 39 35 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
43 Realnetworks 206 1 5 11 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
44 Qemu 192 16 68 4 39 6 11 42 1 5 5.00 0 8 35 2 20 3 6 22 1 3
45 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
46 Juniper 188 8 4 46 39 15 56 1 19 6.70 0 0 4 2 24 21 8 30 1 10
47 Citrix 186 4 11 2 37 46 19 36 31 6.70 0 2 6 1 20 25 10 19 0 17
48 Openssl 181 3 9 39 84 11 25 10 6.10 0 2 5 0 22 46 6 14 0 6
49 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
50 Openstack 171 3 17 21 58 45 17 9 1 5.30 0 2 10 12 34 26 10 5 0 1

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.