Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 40 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Suse 2472 1026
52 CRITICAL 448 HIGH 526 MEDIUM
0 20 0.0% 99% +339
2 Red Hat 2126 891
48 CRITICAL 369 HIGH 474 MEDIUM
1 15 0.0% 99% +164
3 Microsoft 1488 351
40 CRITICAL 198 HIGH 97 MEDIUM 9 LOW
4 12 0.1% 86% +56
4 Linux 1228 1002
30 CRITICAL 222 HIGH 283 MEDIUM
0 5 0.0% 98% +621
5 Google 870 342
17 CRITICAL 169 HIGH 126 MEDIUM 27 LOW
0 3 0.0% 94% +164
6 WordPress 781 386
21 CRITICAL 105 HIGH 260 MEDIUM
0 16 0.1% 4% +50
7 Apple 360 148
4 CRITICAL 74 HIGH 63 MEDIUM 6 LOW
0 3 0.0% 93% +108
8 Apache 356 94
24 CRITICAL 27 HIGH 31 MEDIUM
0 1 0.0% 81%
9 Mozilla 222 52
9 CRITICAL 31 HIGH 11 MEDIUM 1 LOW
0 1 0.0% 96% -4
10 D-Link 203 21
4 CRITICAL 9 HIGH 2 MEDIUM 6 LOW
0 13 0.1% 5% -39
11 Hashicorp 151 18
7 CRITICAL 5 HIGH 3 MEDIUM
1 1 0.0% 44% +8
12 Nginx 138 28
5 CRITICAL 14 HIGH 8 MEDIUM
0 4 0.1% 82% +2
13 Cisco 135 20
2 CRITICAL 6 HIGH 12 MEDIUM
1 2 0.1% 0% -12
14 Ivanti 134 13
1 CRITICAL 10 HIGH 2 MEDIUM
1 1 0.6% 0% +11
15 Adobe 92 18
3 CRITICAL 10 HIGH 4 MEDIUM 1 LOW
0 0 0.2% 6% -13
16 Nvidia 83 20
2 CRITICAL 12 HIGH 5 MEDIUM
0 0 0.1% 20% +1
17 Tenda 82 7
2 HIGH 5 LOW
0 6 1.0% 0% -81
18 IBM 82 45
3 CRITICAL 12 HIGH 28 MEDIUM
0 0 0.0% 42% +10
19 Canonical 62 27
3 CRITICAL 8 HIGH 8 MEDIUM 3 LOW
0 0 0.0% 93% +5
20 Amd 58 40
1 CRITICAL 12 HIGH 23 MEDIUM
0 0 0.0% 50% +31
21 Intel 55 35
1 CRITICAL 10 HIGH 16 MEDIUM
0 0 0.0% 40% +31
22 Fortinet 53 11
2 CRITICAL 2 HIGH 6 MEDIUM 1 LOW
0 0 0.0% 0% -16
23 Oracle 52 23
2 CRITICAL 8 HIGH 12 MEDIUM 1 LOW
0 0 0.0% 78% -90
24 VMware 52 7
1 CRITICAL 6 HIGH
0 0 0.0% 14% +7
25 SAP 49 14
2 CRITICAL 1 HIGH 9 MEDIUM 2 LOW
0 0 0.0% 0% -2
26 Zte 49 9
2 HIGH 7 MEDIUM
0 2 0.0% 0% +7
27 Gitlab 46 15
3 CRITICAL 2 HIGH 9 MEDIUM 1 LOW
0 1 0.0% 87% -9
28 Ubiquiti 44 5
4 CRITICAL 1 HIGH
0 0 0.0% 100%
29 Jenkins 37 22
1 CRITICAL 5 HIGH 15 MEDIUM
0 0 0.1% 36% +22
30 Samsung 37 18
5 HIGH 11 MEDIUM
0 0 0.0% 17% -13
31 Dell 30 26
1 CRITICAL 5 HIGH 15 MEDIUM 2 LOW
0 0 0.0% 92% -17
32 Debian 30 15
1 CRITICAL 5 HIGH 5 MEDIUM
0 0 0.0% 100% -13
33 Atlassian 24 3
2 CRITICAL 1 HIGH
0 0 0.1% 100%
34 Synology 18 10
1 CRITICAL 2 HIGH 7 MEDIUM
0 0 0.0% 100% +9
35 Wazuh 18 5
1 CRITICAL 4 MEDIUM
0 1 0.0% 100% +5
36 Elastic 14 8
1 CRITICAL 1 HIGH 6 MEDIUM
0 0 0.0% 75% -3
37 HP 14 5
1 CRITICAL 1 HIGH 2 MEDIUM
0 0 0.0% 60% +3
38 Zyxel 8 4
2 HIGH 2 MEDIUM
0 0 0.3% 0% +1
39 Lenovo 8 4
2 HIGH 1 MEDIUM
0 0 0.1% 100% -2
40 Qualcomm 4 3
1 HIGH 1 MEDIUM
0 0 0.0% 100% +3

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy