CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5226 2 60 240 39 682 719 269 1231 25 1959 7.70 0 1 5 1 13 14 5 24 0 37
2 Oracle 4607 2 94 203 382 1315 1072 534 418 21 566 6.10 0 2 4 8 29 23 12 9 0 12
3 Apple 3915 1 53 233 41 638 491 958 638 15 847 7.00 0 1 6 1 16 13 24 16 0 22
4 IBM 3551 2 57 196 478 967 604 367 485 28 367 6.00 0 2 6 13 27 17 10 14 1 10
5 Cisco 3134 1 4 37 55 593 726 440 911 39 328 6.90 0 0 1 2 19 23 14 29 1 10
6 Google 2875 3 38 10 450 328 361 787 11 887 7.70 0 0 1 0 16 11 13 27 0 31
7 Adobe 2392 18 3 181 152 74 123 1 1840 9.10 0 0 1 0 8 6 3 5 0 77
8 Linux 1946 1 87 294 44 586 134 156 517 4 123 5.90 0 4 15 2 30 7 8 27 0 6
9 Mozilla 1718 5 72 8 332 300 212 244 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1592 46 150 78 336 296 204 324 6 152 6.20 0 3 9 5 21 19 13 20 0 10
12 Novell 1532 1 24 63 57 337 342 203 286 2 217 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1412 1 10 53 26 261 204 123 359 23 352 7.30 0 1 4 2 18 14 9 25 2 25
14 Debian 1149 15 69 43 248 242 184 260 4 84 6.40 0 1 6 4 22 21 16 23 0 7
15 Canonical 871 22 43 26 223 181 134 171 3 68 6.30 0 3 5 3 26 21 15 20 0 8
16 Apache 867 5 36 19 229 295 95 143 2 43 6.20 0 1 4 2 26 34 11 16 0 5
17 PHP 582 21 6 64 170 77 202 1 41 6.90 0 0 4 1 11 29 13 35 0 7
18 GNU 552 1 9 39 26 103 145 88 111 30 6.20 0 2 7 5 19 26 16 20 0 5
19 Fedoraproject 472 8 22 17 95 127 63 114 1 25 6.40 0 2 5 4 20 27 13 24 0 5
20 Wireshark 466 24 32 171 170 7 40 3 19 5.70 0 0 5 7 37 36 2 9 1 4
21 Symantec 458 3 19 15 87 82 50 107 10 85 7.00 0 1 4 3 19 18 11 23 2 19
22 Suse 430 4 39 6 78 69 63 102 69 6.70 0 1 9 1 18 16 15 24 0 16
23 EMC 382 2 20 22 81 57 46 71 14 69 6.80 0 1 5 6 21 15 12 19 4 18
24 Imagemagick 378 2 202 31 68 66 9 6.10 0 0 1 0 53 8 18 17 0 2
25 SAP 355 2 7 7 64 114 30 88 1 42 6.80 0 1 2 2 18 32 8 25 0 12
26 Freebsd 343 8 43 9 55 63 27 113 25 6.30 0 2 13 3 16 18 8 33 0 7
27 Moodle 343 5 26 159 79 48 19 7 5.70 0 0 1 8 46 23 14 6 0 2
28 Joomla 340 1 2 53 49 43 182 10 7.10 0 0 0 1 16 14 13 54 0 3
29 Drupal 313 13 49 94 63 46 40 3 5 5.80 0 0 4 16 30 20 15 13 1 2
30 Wordpress 303 10 11 118 68 40 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
31 Vmware 292 4 15 12 50 42 55 64 6 44 6.80 0 1 5 4 17 14 19 22 2 15
32 Ffmpeg 272 1 2 35 15 76 66 77 7.70 0 0 1 0 13 6 28 24 0 28
33 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
34 Openbsd 258 4 20 6 42 64 15 75 2 30 6.60 0 2 8 2 16 25 6 29 1 12
35 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
36 Mcafee 250 3 17 19 69 43 35 46 4 14 6.10 0 1 7 8 28 17 14 18 2 6
37 Opera 242 4 73 87 22 8 48 6.60 0 0 2 0 30 36 9 3 0 20
38 Phpmyadmin 240 8 29 76 70 26 25 2 4 5.80 0 0 3 12 32 29 11 10 1 2
39 Siemens 237 7 8 7 45 51 35 48 8 28 6.70 0 3 3 3 19 22 15 20 3 12
40 XEN 236 20 30 7 80 31 27 34 2 5 5.40 0 8 13 3 34 13 11 14 1 2
41 Huawei 233 2 8 5 46 32 42 59 3 36 7.00 0 1 3 2 20 14 18 25 1 15
42 Juniper 220 8 9 50 49 17 64 1 22 6.70 0 0 4 4 23 22 8 29 0 10
43 CA 218 1 8 2 39 35 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
44 Qemu 217 22 75 4 45 9 11 45 1 5 4.90 0 10 35 2 21 4 5 21 0 2
45 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
46 Citrix 193 4 11 2 39 47 20 38 32 6.70 0 2 6 1 20 24 10 20 0 17
47 Typo3 191 4 18 60 27 16 60 1 5 6.30 0 0 2 9 31 14 8 31 1 3
48 Openssl 182 3 9 39 85 11 25 10 6.10 0 2 5 0 21 47 6 14 0 5
49 Openstack 177 4 18 21 60 46 17 10 1 5.30 0 2 10 12 34 26 10 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.