CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3590 2 5 143 16 398 644 186 833 21 1342 7.80 0 0 4 0 11 18 5 23 1 37
2 Oracle 2465 2 44 123 194 695 512 235 231 9 420 6.30 0 2 5 8 28 21 10 9 0 17
3 Apple 2386 1 38 143 28 371 322 507 408 9 559 7.10 0 2 6 1 16 13 21 17 0 23
4 IBM 2195 2 32 94 181 556 397 217 384 17 315 6.40 0 1 4 8 25 18 10 17 1 14
5 Cisco 1900 1 2 28 20 283 418 220 662 26 240 7.10 0 0 1 1 15 22 12 35 1 13
6 SUN 1601 3 25 105 35 304 278 118 419 3 311 6.90 0 2 7 2 19 17 7 26 0 19
7 Mozilla 1369 4 67 6 248 261 114 170 1 498 7.40 0 0 5 0 18 19 8 12 0 36
8 Linux 1241 1 79 200 36 415 108 123 250 3 26 5.50 0 6 16 3 33 9 10 20 0 2
9 HP 1165 1 9 45 19 222 154 87 297 18 313 7.30 0 1 4 2 19 13 7 25 2 27
10 Google 1134 3 8 1 120 223 127 443 1 208 7.50 0 0 1 0 11 20 11 39 0 18
11 Adobe 1058 18 2 105 61 38 64 770 8.90 0 0 2 0 10 6 4 6 0 73
12 Redhat 914 38 110 38 181 171 103 200 4 69 6.10 0 4 12 4 20 19 11 22 0 8
13 Apache 565 5 31 13 157 195 54 78 32 6.10 0 1 5 2 28 35 10 14 0 6
14 Novell 546 1 10 24 7 97 132 42 109 124 7.00 0 2 4 1 18 24 8 20 0 23
15 PHP 395 21 6 56 122 56 103 31 6.60 0 0 5 2 14 31 14 26 0 8
16 Symantec 371 3 16 9 69 70 37 92 3 72 7.00 0 1 4 2 19 19 10 25 1 19
17 GNU 344 1 8 34 23 53 85 39 75 26 6.20 0 2 10 7 15 25 11 22 0 8
18 Freebsd 313 7 40 9 52 55 24 102 24 6.30 0 2 13 3 17 18 8 33 0 8
19 Joomla 305 1 2 44 42 39 167 10 7.20 0 0 0 1 14 14 13 55 0 3
20 Debian 300 7 42 11 41 50 36 82 1 30 6.40 0 2 14 4 14 17 12 27 0 10
21 Wireshark 285 24 32 66 120 7 14 3 19 5.70 0 0 8 11 23 42 2 5 1 7
22 Drupal 280 13 52 82 50 36 40 2 5 5.70 0 0 5 19 29 18 13 14 1 2
23 Mysql 259 3 20 25 114 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
24 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
25 Moodle 241 4 14 106 59 35 16 7 5.80 0 0 2 6 44 24 15 7 0 3
26 Opera 232 5 70 83 21 8 45 6.60 0 0 2 0 30 36 9 3 0 19
27 Wordpress 232 10 6 85 47 31 41 1 11 6.10 0 0 4 3 37 20 13 18 0 5
28 Openbsd 222 3 18 6 29 61 12 62 1 30 6.70 0 1 8 3 13 27 5 28 0 14
29 Suse 222 2 30 23 38 13 85 31 6.80 0 1 14 0 10 17 6 38 0 14
30 Vmware 207 3 10 6 34 30 34 47 5 38 7.00 0 1 5 3 16 14 16 23 2 18
31 Realnetworks 203 1 5 10 31 6 28 122 8.60 0 0 2 0 5 15 3 14 0 60
32 EMC 198 1 9 7 36 31 24 38 12 40 7.10 0 1 5 4 18 16 12 19 6 20
33 SAP 196 1 3 40 65 16 44 27 6.80 0 0 1 2 20 33 8 22 0 14
34 CA 192 1 7 32 31 6 48 1 66 7.60 0 1 4 0 17 16 3 25 1 34
35 Typo3 174 3 13 54 26 13 59 1 5 6.40 0 0 2 7 31 15 7 34 1 3
36 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
37 Ffmpeg 168 1 2 23 10 45 9 78 8.00 0 1 1 0 14 6 27 5 0 46
38 Gentoo 164 5 22 2 9 33 17 45 31 6.80 0 3 13 1 5 20 10 27 0 19
39 Netbsd 153 4 28 3 27 23 10 42 16 6.20 0 3 18 2 18 15 7 27 0 10
40 Canonical 151 8 8 3 55 27 28 15 1 6 5.80 0 5 5 2 36 18 19 10 1 4
41 KDE 141 1 10 26 29 18 47 10 6.70 0 1 7 0 18 21 13 33 0 7
42 Mcafee 141 2 5 4 43 21 17 34 3 12 6.50 0 1 4 3 30 15 12 24 2 9
43 Phpmyadmin 141 7 19 45 30 16 20 1 3 5.80 0 0 5 13 32 21 11 14 1 2
44 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
45 Citrix 132 4 8 1 18 33 16 25 27 6.90 0 3 6 1 14 25 12 19 0 20
46 Siemens 130 1 1 3 27 25 13 33 8 19 7.10 0 1 1 2 21 19 10 25 6 15
47 SCO 127 3 10 3 20 21 3 53 14 6.80 0 2 8 2 16 17 2 42 0 11
48 Gnome 124 3 13 7 21 21 24 26 9 6.20 0 2 10 6 17 17 19 21 0 7
49 XEN 120 12 10 5 41 23 17 10 2 5.30 0 10 8 4 34 19 14 8 2 0
50 ISC 119 5 2 15 37 8 33 1 18 7.00 0 0 4 2 13 31 7 28 1 15

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.