Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 59 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 10840 3941
278 CRITICAL 1466 HIGH 2195 MEDIUM
6 237 0.1% 97% +2082
2 Microsoft 8212 2040
174 CRITICAL 1236 HIGH 579 MEDIUM 44 LOW
16 91 0.2% 89% +1347
3 Red Hat 7260 3201
142 CRITICAL 1140 HIGH 1918 MEDIUM
4 135 0.1% 96% +1485
4 Google 7004 2256
209 CRITICAL 1060 HIGH 885 MEDIUM 96 LOW
5 53 0.1% 88% +1638
5 WordPress 6590 2603
164 CRITICAL 688 HIGH 1726 MEDIUM 22 LOW
0 272 0.1% 6% +956
6 Linux 5480 2623
131 CRITICAL 960 HIGH 1322 MEDIUM 14 LOW
1 35 0.0% 95% +814
7 Oracle 2496 531
148 CRITICAL 183 HIGH 172 MEDIUM 27 LOW
3 15 0.2% 23% +518
8 Tenda 2169 253
22 CRITICAL 195 HIGH 19 MEDIUM 17 LOW
0 143 0.2% 0% +92
9 Apache 2102 505
102 CRITICAL 204 HIGH 172 MEDIUM 20 LOW
1 27 0.2% 78% +415
10 D-Link 2046 222
31 CRITICAL 130 HIGH 18 MEDIUM 43 LOW
0 149 0.1% 3% +109
11 Apple 1570 664
38 CRITICAL 249 HIGH 350 MEDIUM 26 LOW
1 18 0.1% 77% +279
12 Mozilla 1486 295
95 CRITICAL 124 HIGH 74 MEDIUM 1 LOW
0 5 0.1% 92% +182
13 Cisco 1015 181
13 CRITICAL 65 HIGH 103 MEDIUM
10 13 0.2% 8% +75
14 Nginx 732 144
30 CRITICAL 74 HIGH 36 MEDIUM 3 LOW
0 17 0.2% 75% +128
15 IBM 648 350
36 CRITICAL 72 HIGH 225 MEDIUM 15 LOW
0 0 0.1% 55% +211
16 Adobe 607 239
20 CRITICAL 61 HIGH 153 MEDIUM 5 LOW
2 5 0.4% 4% +189
17 Gitlab 508 164
6 CRITICAL 44 HIGH 93 MEDIUM 21 LOW
0 34 0.1% 68% +103
18 Canonical 484 117
18 CRITICAL 52 HIGH 42 MEDIUM 5 LOW
0 12 0.1% 92% +92
19 Ubiquiti 462 44
18 CRITICAL 25 HIGH 1 MEDIUM
3 4 0.2% 96% +39
20 Debian 456 133
10 CRITICAL 77 HIGH 34 MEDIUM 4 LOW
0 6 0.1% 100% -237
21 Nvidia 450 122
9 CRITICAL 82 HIGH 31 MEDIUM
0 2 0.1% 18% +13
22 Ivanti 438 26
5 CRITICAL 15 HIGH 6 MEDIUM
5 6 6.5% 4% +5
23 Dell 402 177
6 CRITICAL 73 HIGH 90 MEDIUM 8 LOW
1 0 0.3% 74% +91
24 Fortinet 397 87
9 CRITICAL 23 HIGH 49 MEDIUM 6 LOW
3 5 0.1% 0% +40
25 Hashicorp 346 67
14 CRITICAL 27 HIGH 19 MEDIUM 4 LOW
1 6 0.1% 76% +49
26 TP-Link 204 64
49 HIGH 14 MEDIUM
0 1 0.1% 58% +53
27 SAP 183 94
12 CRITICAL 10 HIGH 64 MEDIUM 8 LOW
0 0 0.1% 4% +25
28 Juniper 174 54
5 CRITICAL 31 HIGH 18 MEDIUM
0 0 0.2% 89% +31
29 Samsung 167 97
5 CRITICAL 24 HIGH 66 MEDIUM
0 0 0.0% 8% +32
30 Paloalto 154 45
1 CRITICAL 7 HIGH 24 MEDIUM 9 LOW
2 2 0.5% 91% +31
31 Amd 146 83
1 CRITICAL 34 HIGH 43 MEDIUM 1 LOW
0 0 0.0% 59% +47
32 TOTOLINK 130 7
4 CRITICAL 2 HIGH 1 MEDIUM
0 7 1.0% 0% -21
33 Citrix 116 11
1 CRITICAL 8 HIGH 2 MEDIUM
1 3 0.3% 82% +7
34 Atlassian 114 22
5 CRITICAL 12 HIGH 5 MEDIUM
0 2 0.2% 77% +2
35 VMware 112 18
1 CRITICAL 10 HIGH 6 MEDIUM 1 LOW
1 0 0.4% 28% +8
36 Intel 99 56
2 CRITICAL 19 HIGH 34 MEDIUM 1 LOW
0 0 0.0% 45% -82
37 Jenkins 89 69
1 CRITICAL 17 HIGH 49 MEDIUM 2 LOW
0 1 0.1% 45% +54
38 Elastic 76 50
2 CRITICAL 11 HIGH 36 MEDIUM 1 LOW
0 1 0.1% 42% +41
39 Zte 65 11
4 HIGH 7 MEDIUM
0 3 0.0% 0% +7
40 Wazuh 64 16
4 CRITICAL 2 HIGH 10 MEDIUM
0 2 0.1% 75% +12
41 Zyxel 63 19
1 CRITICAL 7 HIGH 11 MEDIUM
0 0 0.2% 0% +17
42 Broadcom 63 7
3 HIGH 2 MEDIUM
1 0 1.1% 71% -8
43 Mikrotik 53 5
3 HIGH 2 MEDIUM
0 2 0.1% 0% +4
44 Abb 53 9
7 HIGH 2 MEDIUM
0 0 0.0% 0% +1
45 HP 52 16
2 CRITICAL 8 HIGH 5 MEDIUM
0 0 0.1% 56%
46 Drupal 44 20
5 HIGH 15 MEDIUM
0 3 0.0% 85% +4
47 Lenovo 44 20
9 HIGH 10 MEDIUM
0 1 0.0% 85% +3
48 Synology 38 29
1 CRITICAL 7 HIGH 18 MEDIUM 3 LOW
0 0 0.0% 97% +20
49 Sonicwall 37 7
3 HIGH 2 MEDIUM 2 LOW
0 0 0.1% 0% +6
50 Qnap 30 18
1 CRITICAL 5 HIGH 10 MEDIUM 2 LOW
0 0 0.2% 56% -46
51 Netgear 28 21
3 HIGH 18 MEDIUM
0 2 0.1% 71% +8
52 Nokia 27 9
4 HIGH 5 MEDIUM
0 1 0.2% 44% +9
53 Ericsson 24 8
6 HIGH 2 MEDIUM
0 0 0.0% 100% +2
54 Qualcomm 18 6
1 CRITICAL 2 HIGH 2 MEDIUM
0 0 0.1% 100% -1
55 Huawei 12 3
1 HIGH 2 MEDIUM
0 1 0.1% 67%
56 Mediatek 12 7
3 HIGH 4 MEDIUM
0 0 0.0% 86% -7
57 Dahua 4 4
1 HIGH 1 MEDIUM 2 LOW
0 0 0.0% 0% +2
58 Fortigate 4 3
1 HIGH 1 MEDIUM 1 LOW
0 0 0.0% 0% +3
59 Siemens 0 3
1 MEDIUM 2 LOW
0 0 0.0% 67% +2

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy