Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 57 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 11246 3334
269 CRITICAL 1366 HIGH 1687 MEDIUM
6 349 0.1% 98% +1330
2 Red Hat 9492 3085
213 CRITICAL 1247 HIGH 1625 MEDIUM
7 253 0.1% 96% +1253
3 Microsoft 4458 1035
94 CRITICAL 610 HIGH 299 MEDIUM 22 LOW
15 41 0.1% 85% +238
4 WordPress 3609 2212
119 CRITICAL 481 HIGH 1589 MEDIUM 16 LOW
0 59 0.1% 3% +676
5 Linux 3598 2366
82 CRITICAL 600 HIGH 852 MEDIUM 6 LOW
1 41 0.0% 93% +794
6 Google 3214 998
61 CRITICAL 508 HIGH 350 MEDIUM 64 LOW
6 34 0.0% 71% +469
7 D-Link 2057 224
33 CRITICAL 126 HIGH 19 MEDIUM 46 LOW
0 150 0.1% 4% +77
8 Tenda 1685 177
8 CRITICAL 135 HIGH 15 MEDIUM 19 LOW
0 130 0.3% 1% -34
9 Mozilla 1422 252
93 CRITICAL 115 HIGH 43 MEDIUM 1 LOW
0 4 0.0% 97% +152
10 Apple 1314 485
31 CRITICAL 171 HIGH 247 MEDIUM 35 LOW
4 15 0.0% 62% +141
11 Apache 1182 285
50 CRITICAL 124 HIGH 90 MEDIUM 7 LOW
1 17 0.2% 82% +182
12 Debian 774 315
9 CRITICAL 107 HIGH 81 MEDIUM 9 LOW
0 32 0.1% 98% -569
13 Cisco 711 151
12 CRITICAL 36 HIGH 103 MEDIUM
7 9 0.1% 1% +30
14 Nginx 440 94
16 CRITICAL 52 HIGH 22 MEDIUM 2 LOW
0 9 0.2% 81% +82
15 Fortinet 381 77
9 CRITICAL 21 HIGH 40 MEDIUM 7 LOW
3 4 0.1% 0% +30
16 Oracle 375 213
12 CRITICAL 57 HIGH 129 MEDIUM 15 LOW
0 2 0.0% 28% +197
17 Gitlab 361 108
4 CRITICAL 36 HIGH 55 MEDIUM 13 LOW
0 22 0.0% 48% +35
18 Adobe 358 131
9 CRITICAL 45 HIGH 73 MEDIUM 4 LOW
1 2 0.1% 5% -185
19 Ivanti 325 20
3 CRITICAL 12 HIGH 5 MEDIUM
4 2 8.4% 5% -18
20 Dell 226 106
2 CRITICAL 39 HIGH 55 MEDIUM 5 LOW
1 0 0.4% 74% -1
21 Canonical 224 62
10 CRITICAL 25 HIGH 19 MEDIUM 3 LOW
0 3 0.0% 95% +44
22 IBM 220 257
5 CRITICAL 42 HIGH 192 MEDIUM 16 LOW
0 0 0.0% 46% +61
23 Hashicorp 216 38
9 CRITICAL 15 HIGH 8 MEDIUM 3 LOW
1 2 0.0% 63% +22
24 Nvidia 203 54
4 CRITICAL 36 HIGH 13 MEDIUM
0 0 0.1% 13% -52
25 Samsung 202 91
6 CRITICAL 30 HIGH 51 MEDIUM
0 0 0.0% 7% +35
26 TP-Link 184 59
46 HIGH 12 MEDIUM
0 0 0.1% 49% -6
27 SAP 163 84
10 CRITICAL 10 HIGH 57 MEDIUM 7 LOW
0 0 0.1% 5% -4
28 Juniper 162 53
5 CRITICAL 28 HIGH 20 MEDIUM
0 0 0.0% 49% +29
29 TOTOLINK 152 9
5 CRITICAL 3 HIGH 1 MEDIUM
0 8 1.2% 0% -102
30 Broadcom 115 16
2 CRITICAL 8 HIGH 5 MEDIUM
1 0 0.5% 25% +10
31 Ubiquiti 114 15
9 CRITICAL 6 HIGH
0 0 0.0% 87% +10
32 VMware 98 15
1 CRITICAL 8 HIGH 4 MEDIUM 1 LOW
1 0 0.5% 40% -1
33 Amd 86 54
1 CRITICAL 19 HIGH 29 MEDIUM 1 LOW
0 0 0.0% 54% +22
34 Paloalto 80 8
1 CRITICAL 1 HIGH 1 MEDIUM 1 LOW
1 1 1.9% 38% -15
35 Atlassian 72 12
4 CRITICAL 8 HIGH
0 0 0.3% 67% -7
36 Jenkins 70 37
1 CRITICAL 15 HIGH 20 MEDIUM
0 0 0.0% 62% -3
37 Intel 65 53
1 CRITICAL 13 HIGH 30 MEDIUM 1 LOW
0 0 0.0% 43% -80
38 Zte 65 11
4 HIGH 7 MEDIUM
0 3 0.0% 0% +7
39 Drupal 60 22
5 HIGH 17 MEDIUM
0 5 0.0% 77% -15
40 Zyxel 59 15
1 CRITICAL 6 HIGH 8 MEDIUM
0 0 0.2% 0% +13
41 Qnap 59 32
1 CRITICAL 6 HIGH 25 MEDIUM
0 0 0.1% 0% -18
42 Netgear 52 9
9 HIGH
0 2 0.2% 67% -4
43 Synology 48 22
2 CRITICAL 7 HIGH 13 MEDIUM
0 0 0.0% 96% +18
44 Wazuh 46 12
3 CRITICAL 9 MEDIUM
0 2 0.1% 83% +7
45 Elastic 38 24
1 CRITICAL 5 HIGH 17 MEDIUM 1 LOW
0 1 0.0% 50% +14
46 Sonicwall 37 7
3 HIGH 2 MEDIUM 2 LOW
0 0 0.1% 0% +6
47 HP 30 13
1 CRITICAL 5 HIGH 6 MEDIUM
0 0 0.0% 54% -6
48 Lenovo 20 14
5 HIGH 8 MEDIUM
0 0 0.0% 79%
49 Hikvision 16 4
4 HIGH
0 0 0.0% 0%
50 Abb 12 3
3 HIGH
0 0 0.0% 0% -5
51 Nokia 8 3
2 HIGH 1 MEDIUM
0 0 0.1% 0% +3
52 Mediatek 8 5
2 HIGH 1 MEDIUM
0 0 0.0% 100% +1
53 Fortigate 8 4
2 HIGH 1 MEDIUM 1 LOW
0 0 0.0% 0% +3
54 Ericsson 8 3
2 HIGH 1 MEDIUM
0 0 0.0% 100% -3
55 Joomla 4 4
1 HIGH 2 MEDIUM
0 0 0.0% 0% -13
56 Qualcomm 4 4
1 HIGH 2 MEDIUM
0 0 0.0% 100% -2
57 Aruba 4 3
1 HIGH 2 MEDIUM
0 0 0.0% 0% -4

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy