CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 5145 2 57 233 38 669 717 270 1182 24 1953 7.70 0 1 5 1 13 14 5 23 0 38
2 Oracle 4359 2 87 192 367 1236 972 509 408 21 565 6.20 0 2 4 8 28 22 12 9 0 13
3 Apple 3852 1 53 231 41 627 489 937 628 15 830 7.00 0 1 6 1 16 13 24 16 0 22
4 IBM 3422 2 57 189 445 917 588 349 481 28 366 6.10 0 2 6 13 27 17 10 14 1 11
5 Cisco 3030 1 4 36 48 563 699 430 898 37 314 6.90 0 0 1 2 19 23 14 30 1 10
6 Google 2662 3 32 7 432 314 333 768 8 765 7.70 0 0 1 0 16 12 13 29 0 29
7 Adobe 2309 18 3 158 139 70 122 1 1798 9.20 0 0 1 0 7 6 3 5 0 78
8 Linux 1928 1 87 292 43 582 134 153 510 4 122 5.90 0 5 15 2 30 7 8 26 0 6
9 Mozilla 1717 5 72 8 332 300 212 243 1 544 7.30 0 0 4 0 19 17 12 14 0 32
10 SUN 1630 3 26 105 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
11 Redhat 1573 45 147 77 331 288 204 323 6 152 6.20 0 3 9 5 21 18 13 21 0 10
12 Novell 1522 1 24 63 57 336 338 202 283 2 216 6.60 0 2 4 4 22 22 13 19 0 14
13 HP 1411 1 10 53 26 261 204 122 359 23 352 7.30 0 1 4 2 18 14 9 25 2 25
14 Debian 1132 15 68 42 247 233 184 257 4 82 6.40 0 1 6 4 22 21 16 23 0 7
15 Canonical 854 22 42 26 220 175 132 166 3 68 6.30 0 3 5 3 26 20 15 19 0 8
16 Apache 822 5 35 19 217 273 92 136 2 43 6.20 0 1 4 2 26 33 11 17 0 5
17 PHP 577 21 6 63 169 76 200 1 41 6.90 0 0 4 1 11 29 13 35 0 7
18 GNU 512 1 9 38 26 88 137 75 108 30 6.20 0 2 7 5 17 27 15 21 0 6
19 Wireshark 462 24 32 171 167 7 39 3 19 5.70 0 0 5 7 37 36 2 8 1 4
20 Fedoraproject 450 8 22 16 90 116 62 111 1 24 6.40 0 2 5 4 20 26 14 25 0 5
21 Symantec 442 3 19 12 80 79 48 106 10 85 7.00 0 1 4 3 18 18 11 24 2 19
22 Suse 425 4 39 6 78 65 63 102 68 6.70 0 1 9 1 18 15 15 24 0 16
23 EMC 374 2 20 20 80 57 45 68 14 68 6.80 0 1 5 5 21 15 12 18 4 18
24 SAP 345 2 7 6 61 112 30 84 1 42 6.80 0 1 2 2 18 32 9 24 0 12
25 Moodle 343 5 26 159 79 48 19 7 5.70 0 0 1 8 46 23 14 6 0 2
26 Freebsd 341 8 43 9 55 62 26 113 25 6.30 0 2 13 3 16 18 8 33 0 7
27 Joomla 337 1 2 51 50 42 181 10 7.10 0 0 0 1 15 15 12 54 0 3
28 Drupal 313 13 49 94 63 45 41 3 5 5.80 0 0 4 16 30 20 14 13 1 2
29 Wordpress 303 10 11 118 68 40 44 1 11 6.00 0 0 3 4 39 22 13 15 0 4
30 Vmware 287 4 15 11 49 41 53 64 6 44 6.80 0 1 5 4 17 14 18 22 2 15
31 Mysql 261 3 21 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
32 Imagemagick 260 2 137 28 47 37 9 6.10 0 0 1 0 53 11 18 14 0 3
33 Openbsd 258 4 20 6 42 64 15 75 2 30 6.60 0 2 8 2 16 25 6 29 1 12
34 SGI 254 2 25 4 20 56 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
35 Ffmpeg 250 1 2 34 13 72 51 77 7.80 0 0 1 0 14 5 29 20 0 31
36 Mcafee 248 3 17 19 68 43 35 45 4 14 6.10 0 1 7 8 27 17 14 18 2 6
37 Opera 240 4 73 87 22 8 46 6.60 0 0 2 0 30 36 9 3 0 19
38 Phpmyadmin 239 8 29 76 69 26 25 2 4 5.70 0 0 3 12 32 29 11 10 1 2
39 XEN 231 20 29 7 79 31 26 32 2 5 5.40 0 9 13 3 34 13 11 14 1 2
40 Huawei 230 2 8 5 46 32 40 58 3 36 7.00 0 1 3 2 20 14 17 25 1 16
41 Siemens 222 7 7 7 43 44 32 47 8 27 6.70 0 3 3 3 19 20 14 21 4 12
42 CA 218 1 8 2 39 35 13 50 1 69 7.50 0 0 4 1 18 16 6 23 0 32
43 Realnetworks 207 1 5 12 31 6 29 123 8.50 0 0 2 0 6 15 3 14 0 59
44 Qemu 202 21 69 4 41 7 11 43 1 5 4.90 0 10 34 2 20 3 5 21 0 2
45 Juniper 200 8 4 48 44 17 59 1 19 6.70 0 0 4 2 24 22 9 30 1 10
46 Typo3 190 4 18 60 27 15 60 1 5 6.30 0 0 2 9 32 14 8 32 1 3
47 Citrix 187 4 11 2 37 47 19 36 31 6.70 0 2 6 1 20 25 10 19 0 17
48 Openssl 181 3 9 39 84 11 25 10 6.10 0 2 5 0 22 46 6 14 0 6
49 Openstack 173 3 17 21 59 45 17 10 1 5.30 0 2 10 12 34 26 10 6 0 1
50 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4

Vendor(s) with highest weighted average (9.20): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.