CVE Tools
Sign in
month report

January 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2018 closed with 1,715 published CVEs. 170 criticals, oracle led volume, mostly via mysql. Biggest breakout: hp at ×25.0 their 12-month median. Top weakness class — CWE-79 (189 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
1,715
— MoM— YoY
Severity mix
170 / 574
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
5.0%
86 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
2975.3
n=86
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1431
n=4
Detection gap

KEV pressure, no Nuclei coverage

January 2018 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in January 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS20Improper Input Validation200Information Exposure119Memory Buffer Bounds787Out-of-bounds Write22Path Traversal89SQL Injection352CSRF287Improper Authentication78OS Command Injectionoracle111oracle corporation11debian2151106212google719146maven111192413canonical21113microsoft12181microsoft corporation12181ibm16462131redhat131122google inc.51346сообщество свободного программного обеспечения324311

Breakout vendors

CVE count ≥3× their own 12-period median.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1oracle
    177 CVE8 critCVSS 6.5
    KEV 1Nuclei 1PoC 7
    mysql (20) · jdk (20) · jre (20)
  • 2oracle corporation
    167 CVE7 critCVSS 6.7
    PoC 3
    mysql server (19) · java (18) · vm virtualbox (9)
  • 3debian
    115 CVE26 critCVSS 7.4
    PoC 21
    debian linux (115)
  • 4google
    76 CVE11 critCVSS 7.8
    PoC 3
    android (74) · chrome (2)
  • 5maven
    70 CVE8 critCVSS 7.1
    ×5.4KEV 2Nuclei 3PoC 7
    org.jenkins-ci.main:jenkins-core (16) · org.webjars.npm:jquery (3) · org.apache.geode:geode-core (3)
  • 6canonical
    65 CVE3 critCVSS 6.5
    ×5.0PoC 11
    ubuntu linux (65)
  • 7microsoft
    60 CVECVSS 7.3
    KEV 2PoC 18
    office (20) · edge (18) · chakracore (17)
  • 8microsoft corporation
    60 CVECVSS 7.3
    KEV 2PoC 18
    microsoft edge (16) · equation editor (12) · windows kernel (6)
  • 9ibm
    59 CVE3 critCVSS 6.3
    Nuclei 1PoC 1
    security key lifecycle manager (10) · engineering requirements management doors (7) · rational doors (7)
  • 10redhat
    52 CVE4 critCVSS 6.4
    PoC 4
    enterprise linux server (35) · enterprise linux workstation (34) · enterprise linux desktop (34)
  • 11google inc.
    51 CVE10 critCVSS 8.0
    PoC 2
    android (51)
  • 12сообщество свободного программного обеспечения
    48 CVE4 critCVSS 7.0
    PoC 12
    debian gnu/linux (32) · linux (12) · retirejs (2)
  • 13ооо «русбитех-астра»
    40 CVE1 critCVSS 6.9
    ×3.6PoC 11
    astra linux special edition (32) · astra linux common edition (11) · astra linux special edition для «эльбрус» (7)
  • 14jenkins
    35 CVE1 critCVSS 6.9
    ×7.0KEV 1Nuclei 1PoC 1
    jenkins (16) · translation assistance (1) · warnings (1)
  • 15microsoft corp
    35 CVECVSS 8.2
    KEV 2PoC 9
    microsoft office 2016 (18) · microsoft office 2016 click-to-run (c2r) (17) · microsoft office compatibility pack service pack 3 (16)
  • 16cisco
    31 CVE2 critCVSS 6.3
    Nuclei 1PoC 2
    webex meetings server (6) · nx-os (3) · sg300-10mpp firmware (2)
  • 17packagist
    30 CVE1 critCVSS 6.6
    Nuclei 7PoC 12
    wpglobus/wpglobus (7) · moodle/moodle (4) · mautic/core (3)
  • 18hp
    25 CVE2 critCVSS 8.2
    ×25.0PoC 1
    xp p9000 command view (16) · xp command view (16) · xp7 command view (16)
  • 19k7computing
    25 CVECVSS 7.2
    NEWPoC 14
    antivirus (24) · total security (11) · internet security (10)
  • 20tp-link
    25 CVECVSS 7.2
    PoC 25
    er5110g firmware (25) · er5120g firmware (25) · er5510g firmware (25)
  • 21google inc
    24 CVE11 critCVSS 8.4
    android (23) · libvpx (1)
  • 22netgain systems
    23 CVE5 critCVSS 7.8
    NEW
    netgain systems enterprise manager (23)
  • 23netgain-systems
    23 CVE5 critCVSS 7.8
    NEW
    enterprise manager (23)
  • 24rubygems
    21 CVECVSS 7.0
    ×6.0PoC 15
    jquery-rails (3) · vladtheenterprising (2) · cap-strap (1)
  • 25qualcomm, inc.
    20 CVE1 critCVSS 7.7
    android for msm, firefox os for msm, qrd android (20)
  • 26linux
    19 CVE2 critCVSS 6.9
    PoC 1
    linux kernel (18) · linux kernel ixgbe (1) · linux kernel i40e\/i40evf (1)
  • 27schneider-electric
    19 CVECVSS 5.6
    Nuclei 1
    struxureware data center expert (16) · pelco videoxpert (3)
  • 28ао «нтц ит роса»
    19 CVE2 critCVSS 6.8
    ×6.3PoC 5
    роса кобальт (15) · роса хром (4) · rels (3)
  • 29apache
    18 CVE4 critCVSS 7.2
    PoC 1
    nifi (3) · geode (3) · hadoop (2)
  • 30apache software foundation
    17 CVE3 critCVSS 7.3
    PoC 1
    apache nifi (3) · apache geode (3) · apache hadoop (2)
  • 31netapp
    17 CVE1 critCVSS 6.9
    PoC 3
    oncommand insight (12) · active iq unified manager (9) · oncommand workflow automation (9)
  • 32oracle corp.
    17 CVE2 critCVSS 6.8
    KEV 1Nuclei 1PoC 5
    mysql server (4) · mysql (4) · solaris (3)
  • 33canonical ltd.
    16 CVE1 critCVSS 6.8
    ×3.2PoC 4
    ubuntu (16)
  • 34pypi
    16 CVE1 critCVSS 6.6
    PoC 2
    opencv-python (4) · plone (4) · opencv-contrib-python (4)
  • 35juniper
    14 CVE2 critCVSS 6.9
    PoC 11
    junos (9) · junos space (4) · screenos (1)
  • 36novell inc.
    14 CVE1 critCVSS 6.2
    ×4.0PoC 6
    opensuse leap (13) · suse linux enterprise module for server applications (2) · suse linux enterprise module for public cloud (1)
  • 37imagemagick
    13 CVECVSS 6.7
    PoC 3
    imagemagick (13)
  • 38npm
    13 CVECVSS 6.8
    Nuclei 1PoC 7
    jquery (3) · electron (2) · marked (1)
  • 39talos
    13 CVECVSS 7.8
    NEWPoC 3
    cpp-ethereum (9) · tinysvcmdns (1) · delayed_job_web rails gem (1)
  • 40juniper networks
    12 CVE1 critCVSS 6.7
    PoC 11
    junos os (8) · junos space (3) · screenos (1)
  • 41red hat inc.
    12 CVE2 critCVSS 7.8
    PoC 2
    red hat enterprise linux (8) · openshift container platform (2) · jboss fuse (2)
  • 42x.org
    12 CVE12 critCVSS 9.8
    x server (12)
  • 43the x.org foundation
    11 CVE11 critCVSS 9.8
    NEW
    xorg-x11-server (11)
  • 44atlassian
    10 CVECVSS 6.4
    ×3.3
    jira (6) · sourcetree (2) · crowd (1)
  • 45malwarebytes
    10 CVECVSS 7.3
    NEWPoC 10
    malwarebytes (10)
  • 46red hat, inc.
    10 CVECVSS 7.2
    NEW×5.0
    rhel shipped xdg-user-dirs and gnome-session (1) · 389-ds-base (1) · hibernate-validator (1)
  • 47responsive coming soon page project
    10 CVECVSS 5.2
    NEWNuclei 10PoC 5
    responsive coming soon page (10)
  • 48advantech
    9 CVE3 critCVSS 7.7
    PoC 2
    webaccess (7) · webaccess\/scada (2)
  • 49ethereum
    9 CVECVSS 7.9
    NEWPoC 2
    cpp-ethereum (7) · aleth (1) · ethereum virtual machine (1)
  • 50hp inc.
    9 CVE2 critCVSS 7.4
    PoC 1
    hp jetadvantage security manager (2) · hp support assistant (1) · hp thinpro (1)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79189↑2
2CWE-20111↑4
3CWE-20087↑1
4CWE-11957↓3
5CWE-78747↑5
6CWE-2245↑5
7CWE-8944↓5
8CWE-35235↑1
9CWE-28722↑7
10CWE-7821↑4
11CWE-12519↓6
12CWE-19018↑8
13CWE-41618↓6
14CWE-86317
15CWE-47615↓3
16CWE-61115↑28
17CWE-29514↑5
18CWE-40014↑3
19CWE-77214·
20CWE-43413↑3