CVE Tools
Sign in
month report

January 2009

Data as of Jun 4, 2026, 13:27 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2009 closed with 469 published CVEs-6.6% YoY . 72 criticals, oracle led volume, mostly via secure backup. Biggest breakout: oracle at ×11.7 their 12-month median. Top weakness class — CWE-89 (87 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
469
-11.5% MoM-6.6% YoY
Severity mix
72 / 151
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
0.2%
1 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
6245.1
n=1
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
n=0
Weakness × Vendor

What's spreading where in January 2009

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

89SQL Injection264CWE-26479XSS119Memory Buffer Bounds22Path Traversal20Improper Input Validation287Improper Authentication94Code Injection200Information Exposure399CWE-399oracle32sun51121microsoft4113сообщество свободного программного обеспечения14422apple5112cisco13linux1112codeavalanche6gentoo foundation inc.211katywhitton222activewebsoftwares5debian11

Breakout vendors

CVE count ≥3× their own 12-period median.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1oracle
    41 CVE5 critCVSS 5.2
    ×11.7PoC 1
    secure backup (9) · database 10g (9) · peoplesoft enterprise (6)
  • 2sun·
    22 CVE4 critCVSS 6.4
    PoC 1
    opensolaris (14) · solaris (9) · java system access manager (3)
  • 3microsoft↓2
    16 CVE5 critCVSS 7.4
    PoC 7
    windows xp (5) · windows server 2003 (4) · windows 2000 (4)
  • 4сообщество свободного программного обеспечения↑20
    16 CVE4 critCVSS 7.0
    PoC 1
    debian gnu/linux (15) · libaudiofile (1)
  • 5apple↓1
    14 CVE8 critCVSS 7.7
    PoC 3
    quicktime (7) · safari (5) · cups (1)
  • 6cisco↑49
    10 CVECVSS 5.8
    PoC 1
    ironport postx (4) · ironport encryption appliance (4) · security manager (1)
  • 7linux↑3
    7 CVE1 critCVSS 6.2
    linux kernel (7)
  • 8codeavalanche
    6 CVECVSS 7.1
    NEWPoC 6
    articles (1) · directory (1) · freeforall (1)
  • 9gentoo foundation inc.↑5
    6 CVECVSS 6.2
    gentoo linux (6)
  • 10katywhitton↑56
    6 CVECVSS 5.6
    ×3.0PoC 6
    blogit\! (4) · rankem (2)
  • 11activewebsoftwares↓3
    5 CVECVSS 7.5
    PoC 5
    active price comparison (2) · active web mail (1) · active business directory (1)
  • 12debian↓5
    5 CVECVSS 5.9
    debian linux (5)
  • 13gnome↑147
    5 CVECVSS 6.9
    ×5.0PoC 1
    eog (1) · epiphany (1) · gnumeric (1)
  • 14ibm↓11
    5 CVE1 critCVSS 7.0
    db2 universal database (2) · aix (1) · hardware management console (1)
  • 15modxcms
    5 CVECVSS 5.6
    NEWPoC 2
    modxcms (5)
  • 16typo3↓7
    5 CVE1 critCVSS 6.7
    typo3 (4) · freecap captcha extension (1)
  • 17asp-dev
    4 CVECVSS 6.9
    NEWPoC 3
    xm events diary (3) · internal e-mail system (1)
  • 18icash
    4 CVECVSS 5.5
    NEWPoC 4
    click\&email (2) · click\&rank (2)
  • 19joomla↑15
    4 CVECVSS 6.9
    PoC 4
    com paxgallery (1) · com pccookbook (1) · com waticketsystem (1)
  • 20joomlahbs
    4 CVECVSS 7.5
    NEWPoC 4
    hotel booking reservation system (4) · com 5starhotels (1) · com allhotels (1)
  • 21mozilla↓16
    4 CVECVSS 4.8
    PoC 2
    firefox (3) · libxul (1) · seamonkey (1)
  • 22tigris
    4 CVECVSS 5.5
    NEWPoC 3
    websvn (4)
  • 23canonical↓17
    3 CVECVSS 5.6
    ubuntu linux (3)
  • 24constructr
    3 CVECVSS 4.3
    NEWPoC 3
    constructr-cms (3)
  • 25edreamers
    3 CVECVSS 7.0
    NEWPoC 3
    ednews (2) · edcontainer (1)
  • 26fujitsu
    3 CVE2 critCVSS 8.3
    ×3.0
    systemcastwizard lite (3)
  • 27git
    3 CVECVSS 6.5
    NEW×3.0
    git (3)
  • 28hp↑5
    3 CVE1 critCVSS 7.1
    PoC 1
    hplip (1) · openview network node manager (1) · select access (1)
  • 29jdedwards
    3 CVECVSS 4.8
    enterpriseone (3)
  • 30ktp computer customer database
    3 CVECVSS 6.8
    NEWPoC 2
    ktp computer customer database (3)
  • 31nokia
    3 CVECVSS 6.0
    ×3.0
    6131 nfc (3)
  • 32ocean12 technologies
    3 CVECVSS 5.6
    PoC 3
    mailing list manager (3)
  • 33phpauctions
    3 CVECVSS 6.4
    NEW×3.0PoC 3
    phpauctions (3)
  • 34phpclanwebsite
    3 CVECVSS 5.4
    NEWPoC 3
    phpclanwebsite (3)
  • 35phpicalendar
    3 CVECVSS 7.5
    NEWPoC 3
    phpicalendar (3) · phpicalendar2.0 (1)
  • 36redhat
    3 CVECVSS 4.0
    certificate system (3) · dogtag certificate system (1)
  • 37ryneezy
    3 CVECVSS 6.0
    NEWPoC 2
    phosheezy (3)
  • 38sg real estate portal
    3 CVECVSS 6.7
    NEWPoC 3
    sg real estate portal (3)
  • 39sixapart
    3 CVECVSS 4.2
    NEW
    movable type (3)
  • 40trend micro↑4
    3 CVE1 critCVSS 6.5
    internet security 2007 (3) · internet security 2008 (3) · officescan (3)
  • 41vuplayer
    3 CVE2 critCVSS 9.1
    NEWPoC 2
    vuplayer (3)
  • 42xrdp
    3 CVECVSS 7.5
    NEWPoC 1
    xrdp (3)
  • 43aj square
    2 CVECVSS 5.9
    PoC 2
    aj auction (2)
  • 44amarok
    2 CVE2 critCVSS 9.3
    amarok (2)
  • 45aspapps↓32
    2 CVECVSS 6.3
    PoC 2
    template creature (2)
  • 46ca↑75
    2 CVE2 critCVSS 10.0
    arcserve backup (1) · etrust intrusion detection (1) · internet security suite 2007 (1)
  • 47checkpoint
    2 CVECVSS 4.7
    connectra ngx (1) · vpn-1 (1)
  • 48cmsisweb
    2 CVECVSS 5.9
    NEWPoC 2
    cms isweb (2)
  • 49dmxready
    2 CVECVSS 5.9
    NEWPoC 1
    blog manager (2)
  • 50drupal
    2 CVECVSS 4.8
    ajax checklist (2)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-8987·
2CWE-26449↑3
3CWE-7943↑1
4CWE-11942↑2
5CWE-2238↑3
6CWE-2029↓3
7CWE-28725↑5
8CWE-9415↑1
9CWE-20011↑2
10CWE-39911↓8
11CWE-1898↓1
12CWE-2556↑2
13CWE-596↓6
14CWE-165↑2
15CWE-3104·
16CWE-3524↓3
17CWE-3623↑1
18CWE-4262
19CWE-1201
20CWE-1341·