CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3484 2 5 143 16 391 640 177 826 20 1264 7.70 0 0 4 0 11 18 5 24 1 36
2 Oracle 2349 2 43 117 186 644 494 223 225 8 407 6.30 0 2 5 8 27 21 9 10 0 17
3 Apple 2286 1 29 135 27 352 310 475 401 9 547 7.10 0 1 6 1 15 14 21 18 0 24
4 IBM 2079 2 33 83 160 525 369 206 375 16 310 6.50 0 2 4 8 25 18 10 18 1 15
5 Cisco 1832 1 2 28 19 265 401 212 642 24 238 7.20 0 0 2 1 14 22 12 35 1 13
6 SUN 1585 3 25 103 35 298 276 116 415 3 311 6.90 0 2 6 2 19 17 7 26 0 20
7 Mozilla 1343 4 67 6 241 255 113 163 1 493 7.40 0 0 5 0 18 19 8 12 0 37
8 Linux 1209 1 79 199 36 405 105 115 241 3 25 5.40 0 7 16 3 33 9 10 20 0 2
9 HP 1136 1 9 44 19 210 152 84 290 18 309 7.30 0 1 4 2 18 13 7 26 2 27
10 Google 1099 3 8 1 119 214 122 427 1 204 7.50 0 0 1 0 11 19 11 39 0 19
11 Adobe 1021 18 2 101 60 36 62 742 8.90 0 0 2 0 10 6 4 6 0 73
12 Redhat 899 36 110 37 178 166 102 197 4 69 6.10 0 4 12 4 20 18 11 22 0 8
13 Apache 547 5 29 13 148 192 53 77 30 6.10 0 1 5 2 27 35 10 14 0 5
14 Novell 538 1 8 24 7 97 132 40 107 122 7.00 0 1 4 1 18 25 7 20 0 23
15 PHP 391 21 5 55 122 54 103 31 6.70 0 0 5 1 14 31 14 26 0 8
16 Symantec 369 3 16 9 69 69 36 92 3 72 7.00 0 1 4 2 19 19 10 25 1 20
17 GNU 334 1 8 34 22 53 85 38 73 20 6.10 0 2 10 7 16 25 11 22 0 6
18 Freebsd 311 7 40 9 52 53 24 102 24 6.30 0 2 13 3 17 17 8 33 0 8
19 Joomla 298 1 2 41 41 39 164 10 7.20 0 0 0 1 14 14 13 55 0 3
20 Debian 294 7 42 11 40 48 33 82 1 30 6.40 0 2 14 4 14 16 11 28 0 10
21 Wireshark 268 24 32 66 103 7 14 3 19 5.70 0 0 9 12 25 38 3 5 1 7
22 Drupal 255 13 34 79 48 35 39 2 5 5.80 0 0 5 13 31 19 14 15 1 2
23 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
24 Mysql 242 3 19 24 105 34 21 23 2 11 5.60 0 1 8 10 43 14 9 10 1 5
25 Opera 232 5 70 83 21 8 45 6.60 0 0 2 0 30 36 9 3 0 19
26 Moodle 227 4 12 98 56 35 15 7 5.80 0 0 2 5 43 25 15 7 0 3
27 Wordpress 225 9 6 85 45 29 39 1 11 6.10 0 0 4 3 38 20 13 17 0 5
28 Suse 222 2 30 23 38 13 85 31 6.80 0 1 14 0 10 17 6 38 0 14
29 Openbsd 214 3 17 6 28 60 9 60 1 30 6.70 0 1 8 3 13 28 4 28 0 14
30 Vmware 204 3 10 6 33 29 33 47 5 38 7.00 0 1 5 3 16 14 16 23 2 19
31 Realnetworks 203 1 5 10 31 6 28 122 8.60 0 0 2 0 5 15 3 14 0 60
32 CA 192 1 7 32 31 6 48 1 66 7.60 0 1 4 0 17 16 3 25 1 34
33 EMC 185 1 9 7 34 30 19 37 9 39 7.10 0 1 5 4 18 16 10 20 5 21
34 SAP 178 37 60 12 42 27 6.90 0 0 0 0 21 34 7 24 0 15
35 Typo3 174 3 13 54 26 13 59 1 5 6.40 0 0 2 7 31 15 7 34 1 3
36 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
37 Ffmpeg 168 1 2 23 10 45 9 78 8.00 0 1 1 0 14 6 27 5 0 46
38 Gentoo 162 5 22 2 9 33 16 45 30 6.80 0 3 14 1 6 20 10 28 0 19
39 Netbsd 151 4 28 3 27 21 10 42 16 6.20 0 3 19 2 18 14 7 28 0 11
40 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
41 KDE 140 1 10 26 29 17 47 10 6.70 0 1 7 0 19 21 12 34 0 7
42 Mcafee 139 2 5 4 42 21 16 34 3 12 6.50 0 1 4 3 30 15 12 24 2 9
43 Phpmyadmin 138 7 16 45 30 16 20 1 3 5.80 0 0 5 12 33 22 12 14 1 2
44 Canonical 137 8 8 3 48 26 25 12 1 6 5.80 0 6 6 2 35 19 18 9 1 4
45 Citrix 131 4 8 1 18 33 15 25 27 6.90 0 3 6 1 14 25 11 19 0 21
46 Siemens 129 1 1 3 27 25 13 32 8 19 7.10 0 1 1 2 21 19 10 25 6 15
47 SCO 127 3 10 3 20 21 3 53 14 6.80 0 2 8 2 16 17 2 42 0 11
48 Gnome 124 3 13 7 21 21 24 26 9 6.20 0 2 10 6 17 17 19 21 0 7
49 Netscape 119 11 3 8 47 4 32 14 6.60 0 0 9 3 7 39 3 27 0 12
50 ISC 119 5 2 15 37 8 33 1 18 7.00 0 0 4 2 13 31 7 28 1 15

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.