Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 38 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Microsoft 2866 787
56 CRITICAL 498 HIGH 211 MEDIUM 17 LOW
1 33 0.4% 96% +386
2 WordPress 1884 592
41 CRITICAL 188 HIGH 358 MEDIUM 5 LOW
0 88 0.3% 14% +148
3 Google 1828 661
78 CRITICAL 240 HIGH 321 MEDIUM 19 LOW
0 11 0.2% 95% -128
4 Oracle 1812 273
125 CRITICAL 111 HIGH 25 MEDIUM 11 LOW
1 6 0.4% 10% +224
5 Suse 1630 634
73 CRITICAL 209 HIGH 352 MEDIUM
0 8 0.2% 97% -287
6 Linux 1092 469
36 CRITICAL 179 HIGH 155 MEDIUM 6 LOW
0 2 0.2% 95% -69
7 Apache 652 153
36 CRITICAL 65 HIGH 43 MEDIUM 9 LOW
0 4 0.3% 68% +22
8 Red Hat 524 213
12 CRITICAL 91 HIGH 109 MEDIUM
0 5 0.3% 81% -663
9 IBM 310 69
25 CRITICAL 15 HIGH 27 MEDIUM
0 0 0.3% 68% +5
10 Apple 280 126
8 CRITICAL 36 HIGH 80 MEDIUM 1 LOW
0 7 0.2% 93% +10
11 Tenda 222 26
4 CRITICAL 19 HIGH 2 MEDIUM
0 10 0.5% 0% -43
12 Canonical 216 43
6 CRITICAL 23 HIGH 13 MEDIUM 1 LOW
0 8 0.3% 91% +17
13 Nvidia 200 45
5 CRITICAL 30 HIGH 10 MEDIUM
0 1 0.2% 7% +7
14 Mozilla 198 62
11 CRITICAL 18 HIGH 32 MEDIUM
0 2 0.2% 82% +17
15 Nginx 184 37
6 CRITICAL 21 HIGH 10 MEDIUM
0 5 0.4% 81% +9
16 Dell 164 66
4 CRITICAL 31 HIGH 28 MEDIUM 3 LOW
0 0 0.3% 70% +42
17 Ubiquiti 138 25
7 CRITICAL 17 HIGH 1 MEDIUM
0 0 0.3% 100% +16
18 Adobe 128 33
7 CRITICAL 6 HIGH 19 MEDIUM 1 LOW
0 1 2.8% 3% -52
19 Cisco 125 31
1 CRITICAL 26 HIGH 4 MEDIUM
0 1 0.7% 45% +22
20 Hashicorp 98 23
3 CRITICAL 11 HIGH 7 MEDIUM 2 LOW
0 3 0.2% 96% +8
21 Debian 92 18
2 CRITICAL 10 HIGH 4 MEDIUM
0 4 0.2% 94% +6
22 SAP 54 15
3 CRITICAL 3 HIGH 8 MEDIUM 1 LOW
0 0 0.3% 27% +3
23 Jenkins 48 30
6 HIGH 23 MEDIUM 1 LOW
0 0 0.2% 3% +7
24 Fortinet 47 12
1 CRITICAL 3 HIGH 8 MEDIUM
0 0 0.3% 0% +9
25 Juniper 44 22
11 HIGH 11 MEDIUM
0 0 0.3% 100% +19
26 Citrix 44 9
7 HIGH 2 MEDIUM
0 2 0.3% 89% +9
27 Gitlab 44 30
2 CRITICAL 4 HIGH 20 MEDIUM 4 LOW
0 1 0.2% 90% +4
28 D-Link 31 3
1 CRITICAL 1 HIGH 1 MEDIUM
0 2 0.7% 0% -8
29 Elastic 26 16
1 CRITICAL 4 HIGH 11 MEDIUM
0 0 0.2% 50% +4
30 HP 26 5
1 CRITICAL 4 HIGH
0 0 0.2% 60% +1
31 Amd 20 16
5 HIGH 7 MEDIUM
0 0 0.2% 100% +5
32 Atlassian 18 5
1 CRITICAL 2 HIGH 2 MEDIUM
0 0 0.2% 80%
33 Lenovo 12 3
1 HIGH 1 MEDIUM
0 1 0.1% 100% -1
34 Samsung 10 10
10 MEDIUM
0 0 0.1% 30% -18
35 TP-Link 8 4
2 HIGH 2 MEDIUM
0 0 0.3% 100% -3
36 Nokia 8 5
2 HIGH 3 MEDIUM
0 0 0.2% 80% +5
37 Paloalto 4 12
1 HIGH 5 MEDIUM 6 LOW
0 0 0.5% 100% +5
38 Netgear 0 6
6 MEDIUM
0 0 0.2% 83% -6

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy