month report
January 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
January 2017 closed with 1,149 published CVEs — +71.5% YoY . 166 criticals, oracle led volume, mostly via advanced outbound telephony. Biggest breakout: ntp at ×30.0 their 12-month median. Top weakness class — CWE-119 (135 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,149
— MoM+71.5% YoY
Severity mix
166 / 532
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.1%
24 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3337.8
n=24
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1966
n=3
Detection gap
KEV pressure, no Nuclei coverage
January 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1google inc171 CVE
- KEV 1google87 CVE
- KEV 1redhat25 CVE
Weakness × Vendor
What's spreading where in January 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds200Information Exposure284CWE-28479XSS20Improper Input Validation264CWE-264125Out-of-bounds Read416Use After Free190Integer Overflow254CWE-254oracle161911117google inc738365638652google inc.5333133431google31895415641linux42127224121debian126231121adobe231110adobe systems inc.23110tcpdump401ntp2126113oracle corp.2131сообщество свободного программного обеспечения42111121
Breakout vendors
CVE count ≥3× their own 12-period median.
- 30.0×ntp30 CVE
- 16.0×npm16 CVE
- 8.0×citrix16 CVE
- 7.9×oracle238 CVE
- 5.0×google inc171 CVE
- 5.0×netapp10 CVE
- 5.0×autodesk5 CVE
- 5.0×libgd5 CVE
- 5.0×trendmicro5 CVE
- 4.7×libtiff14 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #3google inc.130 CVE
- #21pidgin16 CVE
- #22synacor16 CVE
- #27potrace project12 CVE
- #33metalgenix10 CVE
- #39eclinicalworks8 CVE
- #41ооо «овен»8 CVE
- #45matrixssl7 CVE
- #50b2evolution6 CVE
- #51libical project6 CVE
Top vendors
Ranked by distinct CVE count this period.
- 238 CVE10 critCVSS 7.0×7.9Nuclei 1PoC 4advanced outbound telephony (41) · marketing (20) · one-to-one fulfillment (19)
- 171 CVE8 critCVSS 6.7×5.0KEV 1PoC 3android (140) · google chrome (31)
- 130 CVE7 critCVSS 6.6NEWPoC 2android (130)
- 87 CVE1 critCVSS 6.6KEV 1PoC 3android (56) · chrome (31)
- 87 CVE6 critCVSS 6.9×4.2PoC 1linux kernel (87)
- 53 CVE10 critCVSS 6.9Nuclei 3PoC 5debian linux (53)
- 46 CVECVSS 7.8PoC 6acrobat (33) · acrobat dc (32) · acrobat reader dc (32)
- 45 CVECVSS 7.8PoC 6adobe reader document cloud (32) · acrobat reader (32) · adobe acrobat (32)
- 41 CVE41 critCVSS 9.8tcpdump (41)
- 30 CVECVSS 5.8×30.0PoC 5ntp (30)
- 29 CVE3 critCVSS 6.0Nuclei 1PoC 3java platform (14) · mysql (9) · oracle data integrator (2)
- 26 CVE5 critCVSS 7.4Nuclei 1PoC 5debian gnu/linux (17) · libgd2 (3) · linux (2)
- 25 CVE6 critCVSS 7.4mybb (25) · merge system (24)
- 25 CVE7 critCVSS 7.0KEV 1PoC 3enterprise linux desktop (25) · enterprise linux server (25) · enterprise linux workstation (24)
- 23 CVE1 critCVSS 6.4PoC 1ubuntu linux (23)
- 17 CVE2 critCVSS 6.9PoC 4moodle/moodle (7) · genix/cms (2) · intelliants/subrion (1)
- 16 CVECVSS 5.9webex meetings server (4) · aironet access point software (2) · unified communications manager (2)
- 16 CVE3 critCVSS 7.4×8.0xenserver (11) · provisioning services (5)
- 16 CVE1 critCVSS 6.7×16.0PoC 2validator (5) · uglify-js (2) · tar (1)
- 16 CVE10 critCVSS 8.9PoC 2php (15) · pecl http (1)
- 16 CVECVSS 6.4NEWPoC 1pidgin (16)
- 16 CVE1 critCVSS 6.9NEWPoC 1zimbra collaboration suite (16)
- 15 CVE1 critCVSS 6.5Nuclei 15PoC 3wordpress (15)
- 14 CVE1 critCVSS 7.3×4.7PoC 2libtiff (14)
- 13 CVE3 critCVSS 7.4PoC 4gstreamer (13)
- 13 CVE8 critCVSS 8.9PoC 1php (13)
- 12 CVECVSS 6.8NEWpotrace (12)
- 11 CVE3 critCVSS 8.2PoC 6dwr-932b firmware (10) · dgs-1100 firmware (1)
- 11 CVE3 critCVSS 7.6Nuclei 1PoC 1fedora (11)
- 11 CVECVSS 5.6mariadb (11)
- 11 CVE1 critCVSS 6.8×3.1PoC 2samsung mobile (5) · knox (3) · exynos fimg2d driver (2)
- 10 CVE1 critCVSS 7.4PoC 2ubuntu (10)
- 10 CVE4 critCVSS 8.3NEWPoC 2genixcms (10)
- 10 CVE3 critCVSS 6.9×5.0PoC 1clustered data ontap (8) · oncommand balance (4) · oncommand performance manager (2)
- 10 CVE1 critCVSS 6.5PoC 2web2py (2) · salt (2) · priority (1)
- 10 CVECVSS 6.8×4.0xen (10)
- 9 CVECVSS 5.5moodle (9)
- 9 CVECVSS 6.4opensuse (7) · leap (3)
- 8 CVE2 critCVSS 8.2NEWPoC 4patient portal (4) · population health (4)
- 8 CVE5 critCVSS 8.8×4.0KEV 2Nuclei 1PoC 5wnr2000v5 firmware (3) · arlo q camera firmware (2) · wnr2000v5 (2)
- 8 CVECVSS 5.8NEWовен плк110 (8)
- 8 CVE2 critCVSS 6.7×4.0astra linux special edition (7) · astra linux common edition (1)
- 7 CVECVSS 6.4×3.5scaleio (3) · documentum administrator (1) · documentum capital projects (1)
- 7 CVECVSS 7.8PoC 5hancom office 2014 (7) · hancom office (6)
- 7 CVE1 critCVSS 7.4NEWmatrixssl (7)
- 7 CVE2 critCVSS 7.8Nuclei 1PoC 3com.jcraft:jsch (1) · com.liferay.portal:portal-impl (1) · com.liferay.portal:portal-service (1)
- 7 CVECVSS 6.5×3.5node.js (7)
- 7 CVECVSS 7.0PoC 1libtiff (7)
- 6 CVE1 critCVSS 8.0PoC 1mujs (6)
- 6 CVE1 critCVSS 6.6NEWb2evolution (6)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | oracle | 238 | 10 | · | 1 | ×7.9Nuclei 1PoC 4 | advanced outbound telephony (41) · marketing (20) · one-to-one fulfillment (19) | — | |
| 2 | google inc | 171 | 8 | 1 | · | ×5.0KEV 1PoC 3 | android (140) · google chrome (31) | — | |
| 3 | google inc. | 130 | 7 | · | · | NEWPoC 2 | android (130) | — | |
| 4 | 87 | 1 | 1 | · | KEV 1PoC 3 | android (56) · chrome (31) | — | ||
| 5 | linux | 87 | 6 | · | · | ×4.2PoC 1 | linux kernel (87) | — | |
| 6 | debian | 53 | 10 | · | 3 | Nuclei 3PoC 5 | debian linux (53) | — | |
| 7 | adobe | 46 | · | · | · | PoC 6 | acrobat (33) · acrobat dc (32) · acrobat reader dc (32) | — | |
| 8 | adobe systems inc. | 45 | · | · | · | PoC 6 | adobe reader document cloud (32) · acrobat reader (32) · adobe acrobat (32) | — | |
| 9 | tcpdump | 41 | 41 | · | · | tcpdump (41) | — | ||
| 10 | ntp | 30 | · | · | · | ×30.0PoC 5 | ntp (30) | — | |
| 11 | oracle corp. | 29 | 3 | · | 1 | Nuclei 1PoC 3 | java platform (14) · mysql (9) · oracle data integrator (2) | — | |
| 12 | сообщество свободного программного обеспечения | 26 | 5 | · | 1 | Nuclei 1PoC 5 | debian gnu/linux (17) · libgd2 (3) · linux (2) | — | |
| 13 | mybb | 25 | 6 | · | · | mybb (25) · merge system (24) | — | ||
| 14 | redhat | 25 | 7 | 1 | · | KEV 1PoC 3 | enterprise linux desktop (25) · enterprise linux server (25) · enterprise linux workstation (24) | — | |
| 15 | canonical | 23 | 1 | · | · | PoC 1 | ubuntu linux (23) | — | |
| 16 | packagist | 17 | 2 | · | · | PoC 4 | moodle/moodle (7) · genix/cms (2) · intelliants/subrion (1) | — | |
| 17 | cisco | 16 | · | · | · | webex meetings server (4) · aironet access point software (2) · unified communications manager (2) | — | ||
| 18 | citrix | 16 | 3 | · | · | ×8.0 | xenserver (11) · provisioning services (5) | — | |
| 19 | npm | 16 | 1 | · | · | ×16.0PoC 2 | validator (5) · uglify-js (2) · tar (1) | — | |
| 20 | php | 16 | 10 | · | · | PoC 2 | php (15) · pecl http (1) | — | |
| 21 | pidgin | 16 | · | · | · | NEWPoC 1 | pidgin (16) | — | |
| 22 | synacor | 16 | 1 | · | · | NEWPoC 1 | zimbra collaboration suite (16) | — | |
| 23 | wordpress | 15 | 1 | · | 15 | Nuclei 15PoC 3 | wordpress (15) | — | |
| 24 | libtiff | 14 | 1 | · | · | ×4.7PoC 2 | libtiff (14) | — | |
| 25 | gstreamer | 13 | 3 | · | · | PoC 4 | gstreamer (13) | — | |
| 26 | php group | 13 | 8 | · | · | PoC 1 | php (13) | — | |
| 27 | potrace project | 12 | · | · | · | NEW | potrace (12) | — | |
| 28 | dlink | 11 | 3 | · | · | PoC 6 | dwr-932b firmware (10) · dgs-1100 firmware (1) | — | |
| 29 | fedoraproject | 11 | 3 | · | 1 | Nuclei 1PoC 1 | fedora (11) | — | |
| 30 | mariadb | 11 | · | · | · | mariadb (11) | — | ||
| 31 | samsung | 11 | 1 | · | · | ×3.1PoC 2 | samsung mobile (5) · knox (3) · exynos fimg2d driver (2) | — | |
| 32 | canonical ltd. | 10 | 1 | · | · | PoC 2 | ubuntu (10) | — | |
| 33 | metalgenix | 10 | 4 | · | · | NEWPoC 2 | genixcms (10) | — | |
| 34 | netapp | 10 | 3 | · | · | ×5.0PoC 1 | clustered data ontap (8) · oncommand balance (4) · oncommand performance manager (2) | — | |
| 35 | pypi | 10 | 1 | · | · | PoC 2 | web2py (2) · salt (2) · priority (1) | — | |
| 36 | xen | 10 | · | · | · | ×4.0 | xen (10) | — | |
| 37 | moodle | 9 | · | · | · | moodle (9) | — | ||
| 38 | opensuse | 9 | · | · | · | opensuse (7) · leap (3) | — | ||
| 39 | eclinicalworks | 8 | 2 | · | · | NEWPoC 4 | patient portal (4) · population health (4) | — | |
| 40 | netgear | 8 | 5 | 2 | 1 | ×4.0KEV 2Nuclei 1PoC 5 | wnr2000v5 firmware (3) · arlo q camera firmware (2) · wnr2000v5 (2) | — | |
| 41 | ооо «овен» | 8 | · | · | · | NEW | овен плк110 (8) | — | |
| 42 | ооо «русбитех-астра» | 8 | 2 | · | · | ×4.0 | astra linux special edition (7) · astra linux common edition (1) | — | |
| 43 | emc | 7 | · | · | · | ×3.5 | scaleio (3) · documentum administrator (1) · documentum capital projects (1) | — | |
| 44 | hancom | 7 | · | · | · | PoC 5 | hancom office 2014 (7) · hancom office (6) | — | |
| 45 | matrixssl | 7 | 1 | · | · | NEW | matrixssl (7) | — | |
| 46 | maven | 7 | 2 | · | 1 | Nuclei 1PoC 3 | com.jcraft:jsch (1) · com.liferay.portal:portal-impl (1) · com.liferay.portal:portal-service (1) | — | |
| 47 | nodejs | 7 | · | · | · | ×3.5 | node.js (7) | — | |
| 48 | silicon graphics corp. | 7 | · | · | · | PoC 1 | libtiff (7) | — | |
| 49 | artifex | 6 | 1 | · | · | PoC 1 | mujs (6) | — | |
| 50 | b2evolution | 6 | 1 | · | · | NEW | b2evolution (6) | — |