Skip to main content

Vendor Intelligence

Security scorecards – CVE volume, patch rates, exploit exposure, and composite risk for 38 vendors

Period: 30d 90d 6m 1y All
# Vendor Risk Score CVEs Severity KEV PoC Avg EPSS Patch Rate Trend
1 Microsoft 2834 786
56 CRITICAL 496 HIGH 212 MEDIUM 16 LOW
1 30 0.4% 96% +387
2 WordPress 1969 605
43 CRITICAL 204 HIGH 353 MEDIUM 5 LOW
0 88 0.3% 13% +187
3 Google 1828 662
78 CRITICAL 240 HIGH 322 MEDIUM 19 LOW
0 11 0.2% 94% -125
4 Oracle 1804 272
125 CRITICAL 111 HIGH 25 MEDIUM 10 LOW
1 5 0.4% 10% +223
5 Suse 1650 638
75 CRITICAL 209 HIGH 354 MEDIUM
0 8 0.2% 97% -277
6 Linux 1092 469
36 CRITICAL 179 HIGH 155 MEDIUM 6 LOW
0 2 0.2% 95% -69
7 Apache 638 147
37 CRITICAL 59 HIGH 42 MEDIUM 9 LOW
0 4 0.3% 67% +16
8 Red Hat 518 210
13 CRITICAL 87 HIGH 109 MEDIUM
0 5 0.3% 81% -665
9 IBM 310 69
25 CRITICAL 15 HIGH 27 MEDIUM
0 0 0.3% 68% +5
10 Apple 268 124
8 CRITICAL 35 HIGH 79 MEDIUM 1 LOW
0 6 0.2% 93% +8
11 Tenda 222 25
4 CRITICAL 19 HIGH 2 MEDIUM
0 10 0.5% 0% -44
12 Canonical 216 43
6 CRITICAL 23 HIGH 13 MEDIUM 1 LOW
0 8 0.3% 86% +17
13 Nvidia 200 45
5 CRITICAL 30 HIGH 10 MEDIUM
0 1 0.2% 7% +7
14 Mozilla 198 61
11 CRITICAL 18 HIGH 31 MEDIUM
0 2 0.2% 82% +16
15 Nginx 164 32
6 CRITICAL 16 HIGH 10 MEDIUM
0 5 0.4% 78% +5
16 Dell 164 66
4 CRITICAL 31 HIGH 28 MEDIUM 3 LOW
0 0 0.3% 67% +42
17 Ubiquiti 138 25
7 CRITICAL 17 HIGH 1 MEDIUM
0 0 0.3% 100% +16
18 Adobe 128 33
7 CRITICAL 6 HIGH 19 MEDIUM 1 LOW
0 1 2.8% 3% -52
19 Cisco 125 31
1 CRITICAL 26 HIGH 4 MEDIUM
0 1 0.7% 45% +22
20 Hashicorp 98 23
3 CRITICAL 11 HIGH 7 MEDIUM 2 LOW
0 3 0.2% 96% +8
21 Debian 68 14
2 CRITICAL 6 HIGH 4 MEDIUM
0 3 0.2% 100% +2
22 SAP 54 15
3 CRITICAL 3 HIGH 8 MEDIUM 1 LOW
0 0 0.3% 27% +3
23 Jenkins 48 30
6 HIGH 23 MEDIUM 1 LOW
0 0 0.2% 3% +7
24 Fortinet 47 12
1 CRITICAL 3 HIGH 8 MEDIUM
0 0 0.3% 0% +9
25 Juniper 44 22
11 HIGH 11 MEDIUM
0 0 0.3% 100% +19
26 Citrix 44 9
7 HIGH 2 MEDIUM
0 2 0.3% 89% +9
27 Gitlab 44 30
2 CRITICAL 4 HIGH 20 MEDIUM 4 LOW
0 1 0.2% 90% +4
28 D-Link 31 3
1 CRITICAL 1 HIGH 1 MEDIUM
0 2 0.7% 0% -8
29 HP 30 6
1 CRITICAL 5 HIGH
0 0 0.2% 67% +3
30 Elastic 26 16
1 CRITICAL 4 HIGH 11 MEDIUM
0 0 0.2% 50% +4
31 Amd 20 16
5 HIGH 7 MEDIUM
0 0 0.2% 100% +5
32 Atlassian 18 5
1 CRITICAL 2 HIGH 2 MEDIUM
0 0 0.2% 80%
33 Lenovo 12 3
1 HIGH 1 MEDIUM
0 1 0.1% 100% -1
34 Samsung 10 10
10 MEDIUM
0 0 0.1% 30% -18
35 TP-Link 8 4
2 HIGH 2 MEDIUM
0 0 0.3% 100% -3
36 Nokia 8 5
2 HIGH 3 MEDIUM
0 0 0.2% 80% +5
37 Paloalto 4 12
1 HIGH 5 MEDIUM 6 LOW
0 0 0.5% 100% +5
38 Netgear 0 6
6 MEDIUM
0 0 0.2% 83% -6

How to read this table

Risk Score – composite metric: KEV ×50, Critical ×10, High ×4, PoC ×8, EPSS weight, patch rate penalty. Higher = riskier vendor.
Severity – bar + counts: C=Critical, H=High, M=Medium, L=Low.
KEV – CISA Known Exploited Vulnerabilities – confirmed actively exploited in the wild.
PoC – CVEs with public Proof of Concept exploit code available.
Avg EPSS – average Exploit Prediction Scoring System probability across vendor CVEs.
Patch Rate – % of CVEs where vendor has released a patch. Green ≥80%, Yellow ≥50%, Red <50%.
Trend – CVE count change vs previous period of same length. +N = more new CVEs, −N = fewer.

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy