month report

May 2017

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2017 closed with 4,155 published CVEs. 153 criticals, apple led volume, mostly via iphone os. Biggest breakout: gnu at ×17.0 their 12-month median. Top weakness class — CWE-119 (141 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

4,155

— MoM— YoY

Severity mix

153 / 469

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.7%

31 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3214.3

n=31

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1753

n=10

Detection gap

KEV pressure, no Nuclei coverage

May 2017 · vendors with active exploitation listed by CISA but no public detection template.

KEV 6microsoft69 CVE
KEV 6microsoft corporation69 CVE
KEV 6microsoft corp28 CVE
KEV 1сообщество свободного программного обеспечения50 CVE
KEV 1ооо «русбитех-астра»30 CVE
KEV 1canonical ltd.15 CVE
KEV 1red hat inc.15 CVE

Weakness × Vendor

What's spreading where in May 2017

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

17.0×gnu17 CVE
14.0×ао «концерн вниинс»14 CVE
10.0×apache software foundation10 CVE
7.5×ооо «русбитех-астра»30 CVE
6.0×nextcloud6 CVE
6.0×videolan6 CVE
6.0×ао "нппкт"6 CVE
5.0×pivotal15 CVE
5.0×f510 CVE
5.0×openvswitch5 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

1apple—
78 CVE10 critCVSS 8.1
PoC 30
iphone os (53) · mac os x (44) · tvos (35)
2google inc—
75 CVE1 critCVSS 7.4
×4.1PoC 1
android (56) · qualcomm secure execution environment (18) · google chrome (1)
3google inc.—
70 CVECVSS 6.6
NEWPoC 1
android (70)
4microsoft—
69 CVE2 critCVSS 6.6
KEV 6PoC 16
windows server 2008 (27) · windows 7 (26) · windows server 2012 (25)
5microsoft corporation—
69 CVE2 critCVSS 6.8
NEWKEV 6PoC 16
microsoft edge (12) · microsoft windows (11) · malware protection engine (7)
6google—
64 CVE1 critCVSS 7.2
android (61) · chrome (2) · google i\/o 2017 (1)
7linux—
58 CVECVSS 6.3
×3.1PoC 3
linux kernel (58)
8autotrace project—
50 CVE33 critCVSS 9.0
NEW
autotrace (50)
9сообщество свободного программного обеспечения—
50 CVE8 critCVSS 7.5
×3.8KEV 1PoC 6
debian gnu/linux (42) · linux (9) · libxml2 (5)
10debian—
48 CVE10 critCVSS 7.7
KEV 1Nuclei 6PoC 5
debian linux (47) · lintian (1)
11cisco—
35 CVE2 critCVSS 6.9
PoC 1
remote expert manager (7) · prime collaboration provisioning (5) · nx-os (2)
12apple inc.—
32 CVE8 critCVSS 8.5
PoC 15
macos (25) · ios (19) · tvos (1)
13packagist—
32 CVE3 critCVSS 6.5
×4.3PoC 10
genix/cms (6) · modx/revolution (5) · baserproject/basercms (4)
14ооо «русбитех-астра»—
30 CVE6 critCVSS 7.6
×7.5KEV 1PoC 5
astra linux special edition (22) · astra linux common edition (17) · astra linux special edition для «эльбрус» (11)
15microsoft corp—
28 CVE3 critCVSS 7.6
KEV 6PoC 4
microsoft edge (14) · windows server 2016 (6) · windows server 2008 r2 service pack 1 (6)
16ibm—
27 CVE1 critCVSS 6.2
PoC 1
rational team concert (4) · rational quality manager (4) · maximo asset management essentials (3)
17ibm corporation—
23 CVE1 critCVSS 6.7
NEWPoC 1
rational collaborative lifecycle management (4) · websphere cast iron cloud integration (2) · interact (2)
18qualcomm, inc.—
23 CVECVSS 7.5
NEW
all qualcomm products (20) · android for msm, firefox os for msm, qrd android (3)
19redhat—
19 CVE6 critCVSS 8.8
Nuclei 1PoC 1
enterprise linux desktop (12) · enterprise linux workstation (12) · enterprise linux (7)
20gnu—
17 CVECVSS 6.9
×17.0
binutils (15) · glibc (1) · libtasn1 (1)
21maven—
16 CVE2 critCVSS 7.8
Nuclei 1PoC 1
org.springframework.security:spring-security-core (3) · org.cloudfoundry.identity:cloudfoundry-identity-server (2) · org.springframework:spring-core (2)
22canonical ltd.—
15 CVE4 critCVSS 7.8
KEV 1PoC 3
ubuntu (15)
23nvidia—
15 CVECVSS 7.2
gpu driver (15)
24nvidia corporation—
15 CVECVSS 7.2
gpu display driver (15)
25pivotal—
15 CVE3 critCVSS 7.8
×5.0Nuclei 1
cloud foundry (10) · spring security (3) · spring framework (2)
26red hat inc.—
15 CVE3 critCVSS 7.8
KEV 1PoC 2
red hat enterprise linux (12) · jboss core services (4) · jboss enterprise application platform (2)
27ао «концерн вниинс»—
14 CVE2 critCVSS 7.2
NEW×14.0PoC 2
ос он «стрелец» (14)
28canonical—
13 CVE5 critCVSS 7.6
PoC 4
ubuntu linux (12) · juju (1)
29novell inc.—
13 CVE3 critCVSS 7.2
PoC 3
opensuse leap (10) · suse linux enterprise desktop (7) · opensuse (5)
30accellion—
12 CVE5 critCVSS 7.9
×3.0PoC 5
file transfer appliance (12)
31apache—
12 CVECVSS 7.5
ambari (2) · cxf fediz (2) · bookkeeper (1)
32basercms—
12 CVECVSS 7.8
basercms (12) · mail (2)
33basercms users community—
12 CVECVSS 8.0
NEW
basercms (4) · basercms plugin blog (3) · basercms plugin mail (3)
34juniper—
12 CVECVSS 7.0
junos space (7) · junos (5)
35juniper networks—
12 CVECVSS 7.0
NEW
junos space (7) · junos os where the bgp add-path feature is enabled with 'send' option or with both 'send' and 'receive' options (1) · junos os with dhcpv6 enabled (1)
36pivotal software—
12 CVE2 critCVSS 7.3
×3.0
cloud foundry elastic runtime (10) · cloud foundry uaa (5) · cloud foundry (3)
37apache software foundation—
10 CVECVSS 7.5
×10.0
apache ambari (2) · apache cxf fediz (2) · apache qpid broker-j (1)
38f5—
10 CVE1 critCVSS 7.6
×5.0
big-ip access policy manager (10) · big-ip application security manager (8) · big-ip policy enforcement manager (8)
39f5 networks, inc.—
10 CVE1 critCVSS 8.4
big-ip (4) · big-ip apm (2) · big-ip advanced firewall manager (1)
40nuget—
10 CVE2 critCVSS 7.0
×3.3PoC 1
microsoft.chakracore (6) · microsoft.aspnetcore.mvc.cors (4) · microsoft.aspnetcore.mvc.dataannotations (4)
41vmware—
10 CVE2 critCVSS 7.0
×3.3PoC 3
spring security (3) · spring framework (3) · airwatch inbox (2)
42cloudfoundry—
9 CVE1 critCVSS 7.0
×3.6
cf-release (6) · cloud foundry uaa bosh (2) · garden linux (1)
43entropymine—
9 CVECVSS 6.5
NEW
imageworsener (9)
44fortinet—
9 CVE1 critCVSS 6.5
×3.6
fortiportal (5) · fortimanager firmware (1) · fortinet fortios (1)
45imagemagick—
9 CVECVSS 6.6
PoC 1
imagemagick (9)
46mcafee—
9 CVECVSS 6.1
Nuclei 1
network data loss prevention (7) · network data loss prevention (ndlp) (7) · epolicy orchestrator (epo) (1)
47php—
9 CVE7 critCVSS 9.2
PoC 4
php (9)
48adobe—
8 CVECVSS 8.7
PoC 1
flash player (7) · flash player desktop runtime (7) · experience manager forms (1)
49fortinet, inc.—
8 CVE1 critCVSS 7.0
NEW
fortinet fortiportal (5) · fortinet fortiwlc-sd (1) · fortinet fortianalyzer, fortimanager (1)
50trendmicro—
8 CVE1 critCVSS 7.6
×3.2PoC 6
serverprotect (6) · officescan (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	apple	78	10	·	·	PoC 30	iphone os (53) · mac os x (44) · tvos (35)	—
2	google inc	75	1	·	·	×4.1PoC 1	android (56) · qualcomm secure execution environment (18) · google chrome (1)	—
3	google inc.	70	·	·	·	NEWPoC 1	android (70)	—
4	microsoft	69	2	6	·	KEV 6PoC 16	windows server 2008 (27) · windows 7 (26) · windows server 2012 (25)	—
5	microsoft corporation	69	2	6	·	NEWKEV 6PoC 16	microsoft edge (12) · microsoft windows (11) · malware protection engine (7)	—
6	google	64	1	·	·		android (61) · chrome (2) · google i\/o 2017 (1)	—
7	linux	58	·	·	·	×3.1PoC 3	linux kernel (58)	—
8	autotrace project	50	33	·	·	NEW	autotrace (50)	—
9	сообщество свободного программного обеспечения	50	8	1	·	×3.8KEV 1PoC 6	debian gnu/linux (42) · linux (9) · libxml2 (5)	—
10	debian	48	10	1	6	KEV 1Nuclei 6PoC 5	debian linux (47) · lintian (1)	—
11	cisco	35	2	·	·	PoC 1	remote expert manager (7) · prime collaboration provisioning (5) · nx-os (2)	—
12	apple inc.	32	8	·	·	PoC 15	macos (25) · ios (19) · tvos (1)	—
13	packagist	32	3	·	·	×4.3PoC 10	genix/cms (6) · modx/revolution (5) · baserproject/basercms (4)	—
14	ооо «русбитех-астра»	30	6	1	·	×7.5KEV 1PoC 5	astra linux special edition (22) · astra linux common edition (17) · astra linux special edition для «эльбрус» (11)	—
15	microsoft corp	28	3	6	·	KEV 6PoC 4	microsoft edge (14) · windows server 2016 (6) · windows server 2008 r2 service pack 1 (6)	—
16	ibm	27	1	·	·	PoC 1	rational team concert (4) · rational quality manager (4) · maximo asset management essentials (3)	—
17	ibm corporation	23	1	·	·	NEWPoC 1	rational collaborative lifecycle management (4) · websphere cast iron cloud integration (2) · interact (2)	—
18	qualcomm, inc.	23	·	·	·	NEW	all qualcomm products (20) · android for msm, firefox os for msm, qrd android (3)	—
19	redhat	19	6	·	1	Nuclei 1PoC 1	enterprise linux desktop (12) · enterprise linux workstation (12) · enterprise linux (7)	—
20	gnu	17	·	·	·	×17.0	binutils (15) · glibc (1) · libtasn1 (1)	—
21	maven	16	2	·	1	Nuclei 1PoC 1	org.springframework.security:spring-security-core (3) · org.cloudfoundry.identity:cloudfoundry-identity-server (2) · org.springframework:spring-core (2)	—
22	canonical ltd.	15	4	1	·	KEV 1PoC 3	ubuntu (15)	—
23	nvidia	15	·	·	·		gpu driver (15)	—
24	nvidia corporation	15	·	·	·		gpu display driver (15)	—
25	pivotal	15	3	·	1	×5.0Nuclei 1	cloud foundry (10) · spring security (3) · spring framework (2)	—
26	red hat inc.	15	3	1	·	KEV 1PoC 2	red hat enterprise linux (12) · jboss core services (4) · jboss enterprise application platform (2)	—
27	ао «концерн вниинс»	14	2	·	·	NEW×14.0PoC 2	ос он «стрелец» (14)	—
28	canonical	13	5	·	·	PoC 4	ubuntu linux (12) · juju (1)	—
29	novell inc.	13	3	·	·	PoC 3	opensuse leap (10) · suse linux enterprise desktop (7) · opensuse (5)	—
30	accellion	12	5	·	·	×3.0PoC 5	file transfer appliance (12)	—
31	apache	12	·	·	·		ambari (2) · cxf fediz (2) · bookkeeper (1)	—
32	basercms	12	·	·	·		basercms (12) · mail (2)	—
33	basercms users community	12	·	·	·	NEW	basercms (4) · basercms plugin blog (3) · basercms plugin mail (3)	—
34	juniper	12	·	·	·		junos space (7) · junos (5)	—
35	juniper networks	12	·	·	·	NEW	junos space (7) · junos os where the bgp add-path feature is enabled with 'send' option or with both 'send' and 'receive' options (1) · junos os with dhcpv6 enabled (1)	—
36	pivotal software	12	2	·	·	×3.0	cloud foundry elastic runtime (10) · cloud foundry uaa (5) · cloud foundry (3)	—
37	apache software foundation	10	·	·	·	×10.0	apache ambari (2) · apache cxf fediz (2) · apache qpid broker-j (1)	—
38	f5	10	1	·	·	×5.0	big-ip access policy manager (10) · big-ip application security manager (8) · big-ip policy enforcement manager (8)	—
39	f5 networks, inc.	10	1	·	·		big-ip (4) · big-ip apm (2) · big-ip advanced firewall manager (1)	—
40	nuget	10	2	·	·	×3.3PoC 1	microsoft.chakracore (6) · microsoft.aspnetcore.mvc.cors (4) · microsoft.aspnetcore.mvc.dataannotations (4)	—
41	vmware	10	2	·	·	×3.3PoC 3	spring security (3) · spring framework (3) · airwatch inbox (2)	—
42	cloudfoundry	9	1	·	·	×3.6	cf-release (6) · cloud foundry uaa bosh (2) · garden linux (1)	—
43	entropymine	9	·	·	·	NEW	imageworsener (9)	—
44	fortinet	9	1	·	·	×3.6	fortiportal (5) · fortimanager firmware (1) · fortinet fortios (1)	—
45	imagemagick	9	·	·	·	PoC 1	imagemagick (9)	—
46	mcafee	9	·	·	1	Nuclei 1	network data loss prevention (7) · network data loss prevention (ndlp) (7) · epolicy orchestrator (epo) (1)	—
47	php	9	7	·	·	PoC 4	php (9)	—
48	adobe	8	·	·	·	PoC 1	flash player (7) · flash player desktop runtime (7) · experience manager forms (1)	—
49	fortinet, inc.	8	1	·	·	NEW	fortinet fortiportal (5) · fortinet fortiwlc-sd (1) · fortinet fortianalyzer, fortimanager (1)	—
50	trendmicro	8	1	·	·	×3.2PoC 6	serverprotect (6) · officescan (2)	—