month report

June 2018

Data as of Jun 4, 2026, 13:28 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

June 2018 closed with 1,804 published CVEs — +72.1% YoY . 292 criticals, npm led volume, mostly via serve. Biggest breakout: mozilla at ×79.5 their 12-month median. Top weakness class — CWE-200 (188 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,804

+51.5% MoM+72.1% YoY

Severity mix

292 / 922

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.5%

46 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2814.5

n=46

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1383

n=3

Weakness × Vendor

What's spreading where in June 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

79.5×mozilla318 CVE
58.5×npm351 CVE
16.6×red hat inc.108 CVE
16.2×ао «ивк»97 CVE
14.0×novell inc.154 CVE
12.7×canonical ltd.191 CVE
6.6×hackerone340 CVE
5.0×ca technologies10 CVE
4.8×redhat164 CVE
4.7×ооо «русбитех-астра»187 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#35bouncycastle11 CVE
#39ca technologies10 CVE
#41ecos10 CVE
#59axis7 CVE
#62eclipse7 CVE
#63faststone7 CVE
#66the eclipse foundation7 CVE
#67tibco7 CVE
#68tibco software inc.7 CVE
#69tinyexr project7 CVE

Top vendors

Ranked by distinct CVE count this period.

1npm·
351 CVE12 critCVSS 7.6
×58.5Nuclei 2PoC 136
serve (3) · sanitize-html (2) · express-cart (2)
2hackerone·
340 CVE11 critCVSS 7.6
×6.6Nuclei 2PoC 133
coffeescript node module (3) · sanitize-html node module (2) · serve node module (2)
3mozilla↑99
318 CVE110 critCVSS 8.0
×79.5KEV 1Nuclei 1PoC 66
firefox (309) · firefox esr (152) · thunderbird (152)
4debian↑2
202 CVE91 critCVSS 8.2
KEV 1Nuclei 5PoC 49
debian linux (202)
5canonical ltd.↑12
191 CVE72 critCVSS 7.9
×12.7Nuclei 1PoC 32
ubuntu (191)
6ооо «русбитех-астра»↑9
187 CVE68 critCVSS 7.9
×4.7Nuclei 1PoC 41
astra linux special edition (181) · astra linux common edition (12) · astra linux special edition для «эльбрус» (11)
7mozilla corp.—
182 CVE71 critCVSS 8.2
KEV 1Nuclei 1PoC 27
firefox (172) · firefox esr (96) · thunderbird (89)
8redhat↑1
164 CVE84 critCVSS 8.4
×4.8KEV 1Nuclei 2PoC 41
enterprise linux workstation (145) · enterprise linux server (144) · enterprise linux desktop (144)
9novell inc.↑19
154 CVE61 critCVSS 8.6
×14.0Nuclei 1PoC 29
opensuse leap (154) · suse linux enterprise server (85) · suse linux enterprise desktop (84)
10сообщество свободного программного обеспечения·
141 CVE65 critCVSS 8.3
KEV 1Nuclei 3PoC 37
debian gnu/linux (131) · liblouis (4) · linux (3)
11canonical↓4
135 CVE31 critCVSS 7.6
×3.5Nuclei 1PoC 17
ubuntu linux (135)
12red hat inc.↑9
108 CVE58 critCVSS 8.4
×16.6KEV 1Nuclei 1PoC 26
red hat enterprise linux (107) · red hat software collections (2) · jboss fuse (2)
13ао «ивк»—
97 CVE49 critCVSS 8.4
×16.2Nuclei 1PoC 19
альт линукс спт (97) · альт 8 сп сервер (6) · альт 8 сп рабочая станция (6)
14maven↓3
71 CVE7 critCVSS 6.9
Nuclei 5PoC 8
org.bouncycastle:bcprov-jdk15 (11) · org.bouncycastle:bcprov-jdk15on (11) · org.bouncycastle:bcprov-jdk14 (11)
15cisco↓2
63 CVE12 critCVSS 7.8
KEV 1Nuclei 1PoC 1
nx-os (19) · prime collaboration (8) · firepower extensible operating system (7)
16microsoft↓11
58 CVECVSS 6.6
PoC 4
windows server 2016 (29) · windows 10 (29) · windows 10 servers (27)
17apple↑98
55 CVE1 critCVSS 7.3
PoC 13
iphone os (37) · mac os x (33) · watchos (20)
18quest↑14
52 CVE1 critCVSS 8.7
PoC 52
disk backup (52)
19google↑11
40 CVECVSS 7.3
PoC 1
android (37) · boringssl (1) · chromecast firmware (1)
20qualcomm, inc.↑88
32 CVECVSS 7.4
android for msm, firefox os for msm, qrd android (32)
21jenkins↓2
29 CVECVSS 6.5
Nuclei 2PoC 1
jenkins (4) · github (3) · black duck hub (3)
22ibm↓14
25 CVE1 critCVSS 6.1
websphere mq (3) · infosphere information server (3) · security access manager (3)
23packagist↑2
22 CVE3 critCVSS 7.3
Nuclei 1PoC 9
baserproject/basercms (7) · symfony/symfony (6) · symfony/security (4)
24[unknown]↓6
20 CVE2 critCVSS 5.9
PoC 5
389-ds-base (2) · ovirt-engine (2) · python (2)
25ао «нтц ит роса»—
19 CVE7 critCVSS 8.2
Nuclei 1PoC 3
роса кобальт (17) · rosa virtualization (2) · rosa virtualization 3.0 (2)
26linux↑1
15 CVE1 critCVSS 6.2
PoC 2
linux kernel (15)
27apple inc.—
14 CVE1 critCVSS 7.5
PoC 5
macos (14) · tvos (3) · ios (3)
28cisco systems inc.↑61
14 CVE2 critCVSS 7.6
KEV 1Nuclei 1PoC 1
nx-os (10) · fx-os (7) · cisco wide area application services software (1)
29opensuse↑27
14 CVECVSS 7.9
open build service (7) · leap (5) · obs-service-set_version (1)
30oracle↑1
13 CVE4 critCVSS 6.9
Nuclei 4PoC 3
retail xstore point of service (6) · communications cloud native core automated test suite (4) · weblogic server (3)
31oracle corp.↑8
13 CVE4 critCVSS 7.7
Nuclei 3PoC 4
enterprise manager base platform (4) · retail xstore point of service (4) · communications webrtc session controller (2)
32netapp↑23
12 CVE4 critCVSS 8.8
Nuclei 1PoC 2
snap creator framework (4) · snapcenter (3) · snapmanager (3)
33siemens↑111
12 CVE1 critCVSS 7.6
×3.0PoC 1
scalance m875 firmware (6) · scalance x-200rna switch family (3) · scalance x-200irt switch family (incl. siplus net variants) (3)
34siemens ag↑76
12 CVE1 critCVSS 7.4
PoC 1
scalance m875 (6) · scalance x-200 (3) · scalance x-200 irt (3)
35bouncycastle—
11 CVECVSS 6.7
NEWPoC 1
bc-java (10) · fips java api (1) · legion-of-the-bouncy-castle-java-crytography-api (1)
36pypi↑105
11 CVE1 critCVSS 7.4
PoC 3
matrix-synapse (2) · pyyaml (1) · aiohttp-session (1)
37rubygems—
11 CVE2 critCVSS 7.2
Nuclei 1PoC 10
passenger (5) · json-jwt (1) · ffi (1)
38apache software foundation↓3
10 CVE2 critCVSS 7.7
Nuclei 1PoC 1
apache storm (2) · http server (1) · apache cassandra (1)
39ca technologies—
10 CVE4 critCVSS 8.2
NEW×5.0PoC 3
ca privileged access manager (10)
40cybozu—
10 CVECVSS 5.4
office (7) · mailwise (3)
41ecos—
10 CVE2 critCVSS 7.3
NEW
secure boot stick firmware (7) · system management appliance (3)
42f5↑8
10 CVECVSS 6.2
big-ip access policy manager (9) · big-ip application security manager (9) · big-ip analytics (8)
43f5 networks, inc.↑8
10 CVECVSS 6.2
big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (4) · big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, gtm, link controller, pem, webaccelerator, websafe) (3) · big-ip (apm) (1)
44ics-cert↓6
10 CVE4 critCVSS 8.3
PoC 2
intellivue patient monitors, avalon fetal/maternal monitors (3) · beckhoff twincat (2) · abb ip gateway (2)
45mcafee↑90
10 CVE1 critCVSS 6.7
×3.3PoC 1
network security management (nsm) (3) · network security manager (3) · epolicy orchestrator (3)
46synology↑28
10 CVECVSS 7.0
diskstation manager (2) · drive (2) · drive server (2)
47talos↓31
10 CVECVSS 7.1
PoC 3
natus (3) · pixar renderman (2) · network time protocol (1)
48apache↓14
9 CVE1 critCVSS 7.5
PoC 1
storm (2) · http server (1) · mxnet (1)
49broadcom↑71
9 CVE4 critCVSS 8.4
×3.0PoC 3
privileged access manager (9)
50cybozu, inc.—
9 CVECVSS 5.5
cybozu office (6) · cybozu mailwise (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	npm	351	12	·	2	×58.5Nuclei 2PoC 136	serve (3) · sanitize-html (2) · express-cart (2)	·
2	hackerone	340	11	·	2	×6.6Nuclei 2PoC 133	coffeescript node module (3) · sanitize-html node module (2) · serve node module (2)	·
3	mozilla	318	110	1	1	×79.5KEV 1Nuclei 1PoC 66	firefox (309) · firefox esr (152) · thunderbird (152)	↑99
4	debian	202	91	1	5	KEV 1Nuclei 5PoC 49	debian linux (202)	↑2
5	canonical ltd.	191	72	·	1	×12.7Nuclei 1PoC 32	ubuntu (191)	↑12
6	ооо «русбитех-астра»	187	68	·	1	×4.7Nuclei 1PoC 41	astra linux special edition (181) · astra linux common edition (12) · astra linux special edition для «эльбрус» (11)	↑9
7	mozilla corp.	182	71	1	1	KEV 1Nuclei 1PoC 27	firefox (172) · firefox esr (96) · thunderbird (89)	—
8	redhat	164	84	1	2	×4.8KEV 1Nuclei 2PoC 41	enterprise linux workstation (145) · enterprise linux server (144) · enterprise linux desktop (144)	↑1
9	novell inc.	154	61	·	1	×14.0Nuclei 1PoC 29	opensuse leap (154) · suse linux enterprise server (85) · suse linux enterprise desktop (84)	↑19
10	сообщество свободного программного обеспечения	141	65	1	3	KEV 1Nuclei 3PoC 37	debian gnu/linux (131) · liblouis (4) · linux (3)	·
11	canonical	135	31	·	1	×3.5Nuclei 1PoC 17	ubuntu linux (135)	↓4
12	red hat inc.	108	58	1	1	×16.6KEV 1Nuclei 1PoC 26	red hat enterprise linux (107) · red hat software collections (2) · jboss fuse (2)	↑9
13	ао «ивк»	97	49	·	1	×16.2Nuclei 1PoC 19	альт линукс спт (97) · альт 8 сп сервер (6) · альт 8 сп рабочая станция (6)	—
14	maven	71	7	·	5	Nuclei 5PoC 8	org.bouncycastle:bcprov-jdk15 (11) · org.bouncycastle:bcprov-jdk15on (11) · org.bouncycastle:bcprov-jdk14 (11)	↓3
15	cisco	63	12	1	1	KEV 1Nuclei 1PoC 1	nx-os (19) · prime collaboration (8) · firepower extensible operating system (7)	↓2
16	microsoft	58	·	·	·	PoC 4	windows server 2016 (29) · windows 10 (29) · windows 10 servers (27)	↓11
17	apple	55	1	·	·	PoC 13	iphone os (37) · mac os x (33) · watchos (20)	↑98
18	quest	52	1	·	·	PoC 52	disk backup (52)	↑14
19	google	40	·	·	·	PoC 1	android (37) · boringssl (1) · chromecast firmware (1)	↑11
20	qualcomm, inc.	32	·	·	·		android for msm, firefox os for msm, qrd android (32)	↑88
21	jenkins	29	·	·	2	Nuclei 2PoC 1	jenkins (4) · github (3) · black duck hub (3)	↓2
22	ibm	25	1	·	·		websphere mq (3) · infosphere information server (3) · security access manager (3)	↓14
23	packagist	22	3	·	1	Nuclei 1PoC 9	baserproject/basercms (7) · symfony/symfony (6) · symfony/security (4)	↑2
24	[unknown]	20	2	·	·	PoC 5	389-ds-base (2) · ovirt-engine (2) · python (2)	↓6
25	ао «нтц ит роса»	19	7	·	1	Nuclei 1PoC 3	роса кобальт (17) · rosa virtualization (2) · rosa virtualization 3.0 (2)	—
26	linux	15	1	·	·	PoC 2	linux kernel (15)	↑1
27	apple inc.	14	1	·	·	PoC 5	macos (14) · tvos (3) · ios (3)	—
28	cisco systems inc.	14	2	1	1	KEV 1Nuclei 1PoC 1	nx-os (10) · fx-os (7) · cisco wide area application services software (1)	↑61
29	opensuse	14	·	·	·		open build service (7) · leap (5) · obs-service-set_version (1)	↑27
30	oracle	13	4	·	4	Nuclei 4PoC 3	retail xstore point of service (6) · communications cloud native core automated test suite (4) · weblogic server (3)	↑1
31	oracle corp.	13	4	·	3	Nuclei 3PoC 4	enterprise manager base platform (4) · retail xstore point of service (4) · communications webrtc session controller (2)	↑8
32	netapp	12	4	·	1	Nuclei 1PoC 2	snap creator framework (4) · snapcenter (3) · snapmanager (3)	↑23
33	siemens	12	1	·	·	×3.0PoC 1	scalance m875 firmware (6) · scalance x-200rna switch family (3) · scalance x-200irt switch family (incl. siplus net variants) (3)	↑111
34	siemens ag	12	1	·	·	PoC 1	scalance m875 (6) · scalance x-200 (3) · scalance x-200 irt (3)	↑76
35	bouncycastle	11	·	·	·	NEWPoC 1	bc-java (10) · fips java api (1) · legion-of-the-bouncy-castle-java-crytography-api (1)	—
36	pypi	11	1	·	·	PoC 3	matrix-synapse (2) · pyyaml (1) · aiohttp-session (1)	↑105
37	rubygems	11	2	·	1	Nuclei 1PoC 10	passenger (5) · json-jwt (1) · ffi (1)	—
38	apache software foundation	10	2	·	1	Nuclei 1PoC 1	apache storm (2) · http server (1) · apache cassandra (1)	↓3
39	ca technologies	10	4	·	·	NEW×5.0PoC 3	ca privileged access manager (10)	—
40	cybozu	10	·	·	·		office (7) · mailwise (3)	—
41	ecos	10	2	·	·	NEW	secure boot stick firmware (7) · system management appliance (3)	—
42	f5	10	·	·	·		big-ip access policy manager (9) · big-ip application security manager (9) · big-ip analytics (8)	↑8
43	f5 networks, inc.	10	·	·	·		big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, fps, gtm, link controller, pem, webaccelerator) (4) · big-ip (ltm, aam, afm, analytics, apm, asm, dns, edge gateway, gtm, link controller, pem, webaccelerator, websafe) (3) · big-ip (apm) (1)	↑8
44	ics-cert	10	4	·	·	PoC 2	intellivue patient monitors, avalon fetal/maternal monitors (3) · beckhoff twincat (2) · abb ip gateway (2)	↓6
45	mcafee	10	1	·	·	×3.3PoC 1	network security management (nsm) (3) · network security manager (3) · epolicy orchestrator (3)	↑90
46	synology	10	·	·	·		diskstation manager (2) · drive (2) · drive server (2)	↑28
47	talos	10	·	·	·	PoC 3	natus (3) · pixar renderman (2) · network time protocol (1)	↓31
48	apache	9	1	·	·	PoC 1	storm (2) · http server (1) · mxnet (1)	↓14
49	broadcom	9	4	·	·	×3.0PoC 3	privileged access manager (9)	↑71
50	cybozu, inc.	9	·	·	·		cybozu office (6) · cybozu mailwise (3)	—