CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Microsoft : Vulnerability Statistics

  Products (749)   Vulnerabilities (9578)   Search for products of Microsoft   CVSS Scores Report   Possible matches for this vendor   Related Metasploit Modules  
Vulnerability Feeds & Widgets

Vulnerability Trends Over Time

Year # of Vulnerabilities DoS Code Execution Overflow Memory Corruption Sql Injection XSS Directory Traversal Http Response Splitting Bypass something Gain Information Gain Privileges CSRF File Inclusion # of exploits
1999 172 42 26 18 7 7 7
2000 143 42 21 16 2 8 2 6
2001 172 67 38 24 3 1 5 4 12
2002 242 57 67 54 3 15 1 25 8 12
2003 104 28 47 40 1 1 7 3 10 4 4
2004 148 36 58 34 1 3 6 21 4 4 1
2005 162 46 66 37 10 8 9 8 7
2006 254 75 141 77 44 6 1 11 11 8 4
2007 202 54 93 52 30 13 2 1 10 8 13
2008 197 40 122 44 40 13 1 12 9 11 14
2009 182 37 98 47 41 3 1 7 9 19 10
2010 248 52 144 61 50 14 6 8 44 1 22
2011 203 42 71 36 33 12 1 4 9 80 4
2012 130 15 60 21 19 13 10 6 32
2013 307 123 174 120 110 10 2 14 18 75 6
2014 346 243 260 196 226 10 20 18 24 14
2015 515 210 297 155 228 31 1 63 59 90 1 1
2016 478 120 223 178 166 15 48 79 103
2017 496 55 154 109 65 19 32 162 24 1
2018 584 33 211 13 98 53 1 53 52 8 2
2019 759 49 265 8 79 47 2 31 82 5 3 1
2020 1221 46 290 172 56 76 1 33 124 75 1
2021 910 53 308 8 7 4 9 3 54 38
2022 939 62 305 7 1 2 1 44
2023 396 37 150 14 1 24
Total 9510 1664 3689 1527 1304 9 398 28 2 561 729 663 9 1 76
% Of All 17.5 38.8 16.1 13.7 0.1 4.2 0.3 0.0 5.9 7.7 7.0 0.1 0.0

Warning : Vulnerabilities with publish dates before 1999 are not included in this table and chart. (Because there are not many of them and they make the page look bad; and they may not be actually published in those years.)

Vulnerabilities By Year
172
 143
 172
 242
 104
 148
 162
 254
 202
 197
 182
 248
 203
 130
 307
 346
 515
 478
 496
 584
 759
 1221
 910
 939
 396
   1999 172
2000 143
2001 172
2002 242
2003 104
2004 148
2005 162
2006 254
2007 202
2008 197
2009 182
2010 248
2011 203
2012 130
2013 307
2014 346
2015 515
2016 478
2017 496
2018 584
2019 759
2020 1221
2021 910
2022 939
2023 396
Vulnerabilities By Type
1664
 3689
 1527
 561
 729
 663
 398
 28
 9
 1304
 2
 9
 1
   Denial of Service 1664
Execute Code 3689
Overflow 1527
Bypass Something 561
Gain Information 729
Gain Privilege 663
XSS 398
Directory Traversal 28
Sql Injection 9
Memory Corruption 1304
Http Response Splitting 2
CSRF 9
File Inclusion 1

Click on legend names to show/hide lines for vulnerability types
If you can't see MS Office style charts above then it's time to upgrade your browser!
P.S: Charts may not be displayed properly especially if there are only a few data points.

This page lists vulnerability statistics for all products of Microsoft. Vulnerability statistics provide a quick overview for security vulnerabilities related to software products of this vendor. You can view products of this vendor or security vulnerabilities related to products of Microsoft.

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.