month report
March 2020
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
March 2020 closed with 1,810 published CVEs. 323 criticals, google led volume, mostly via android. Biggest breakout: gitlab at ×17.0 their 12-month median. Top weakness class — CWE-79 (278 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,810
— MoM— YoY
Severity mix
323 / 732
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
4.0%
72 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
2183.9
n=72
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
603
n=20
Weakness × Vendor
What's spreading where in March 2020
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write78OS Command Injection125Out-of-bounds Read352CSRF89SQL Injection20Improper Input Validation120Buffer Overflow306Missing Auth for Critical Func…200Information Exposuregoogle1422375795chadhaajay83127microsoft8201microsoft corp7202сообщество свободного программного обеспечения412342723maven1213243debian21233234ооо «русбитех-астра»1941513gitlab8112qualcomm108314qualcomm, inc.108314ао «концерн вниинс»18311
Breakout vendors
CVE count ≥3× their own 12-period median.
- 17.0×gitlab51 CVE
- 12.7×red hat38 CVE
- 7.5×fortinet15 CVE
- 6.0×fasterxml12 CVE
- 6.0×fasterxml, llc12 CVE
- 4.0×dlink20 CVE
- 4.0×siemens ag16 CVE
- 3.8×nuget19 CVE
- 3.8×go15 CVE
- 3.1×npm34 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2chadhaajay118 CVE
- #9gitlab51 CVE
- #24wago32 CVE
- #26adobe systems inc.29 CVE
- #34mozilla24 CVE
- #37onap21 CVE
- #41cpanel19 CVE
- #45ооо «ред софт»18 CVE
- #54fortinet15 CVE
- #60fasterxml12 CVE
Top vendors
Ranked by distinct CVE count this period.
- 182 CVE43 critCVSS 7.3KEV 2PoC 2android (170) · chrome (10) · dart sdk (1)
- 118 CVECVSS 4.8NEWPoC 62phpkb (118)
- 117 CVE4 critCVSS 7.5KEV 2Nuclei 1PoC 3windows server 2016 (78) · windows 10 version 1909 for 32-bit systems (77) · windows 10 version 1909 for arm64-based systems (77)
- 117 CVE4 critCVSS 7.5KEV 2Nuclei 1PoC 2windows 10 1909 (78) · windows server 1909 (server core installation) (78) · windows server 1903 (server core installation) (77)
- 92 CVE16 critCVSS 7.4KEV 3Nuclei 7PoC 24debian gnu/linux (74) · linux (5) · envoy (3)
- 82 CVE16 critCVSS 7.4KEV 1Nuclei 10PoC 4com.fasterxml.jackson.core:jackson-databind (12) · org.igniterealtime.openfire:parent (3) · fr.edf.jenkins.plugins:mac (3)
- 77 CVE16 critCVSS 7.5Nuclei 4PoC 17debian linux (75) · python-apt (2)
- 65 CVE9 critCVSS 7.2KEV 2Nuclei 3PoC 18astra linux special edition (51) · astra linux common edition (27) · astra linux special edition для «эльбрус» (18)
- 51 CVE7 critCVSS 6.5NEW×17.0gitlab (51)
- 47 CVE23 critCVSS 8.8sm8150 firmware (43) · sxr1130 firmware (40) · qcs605 firmware (39)
- 47 CVE23 critCVSS 8.6snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (8) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4)
- 47 CVE8 critCVSS 7.9KEV 1Nuclei 2PoC 14ос он «стрелец» (47)
- 46 CVE6 critCVSS 7.0Nuclei 1PoC 13fedora (46)
- 44 CVE8 critCVSS 8.3Nuclei 3PoC 7red hat enterprise linux (22) · ansible (9) · ansible tower (9)
- 42 CVE17 critCVSS 8.4photoshop cc (22) · photoshop 2020 (22) · adobe photoshop (22)
- 40 CVE3 critCVSS 6.2PoC 2ansible tower (11) · openstack (8) · ansible (7)
- 39 CVE3 critCVSS 7.0PoC 10leap (29) · backports sle (17) · factory (3)
- 38 CVECVSS 6.3Nuclei 1jenkins (4) · jenkins mac plugin (3) · jenkins artifactory plugin (2)
- 38 CVE5 critCVSS 6.5×12.7PoC 6ansible (11) · newlib (8) · jackson-databind (2)
- 36 CVECVSS 6.3Nuclei 1jenkins (4) · mac (3) · cobertura (2)
- 34 CVE11 critCVSS 7.8×3.1Nuclei 1PoC 6bson (2) · vp-toolkit (2) · blamer (2)
- 33 CVE1 critCVSS 6.6tivoli netcool\/impact (6) · spectrum protect plus (6) · tivoli netcool impact (6)
- 32 CVE6 critCVSS 6.9Nuclei 6PoC 14moodle/moodle (5) · dolibarr/dolibarr (4) · froxlor/froxlor (3)
- 32 CVE2 critCVSS 7.3NEWPoC 13pfc200 firmware (28) · wago pfc200 (13) · wago pfc200 firmware (12)
- 31 CVE6 critCVSS 6.7Nuclei 1PoC 7ansible (11) · twisted (3) · python-apt (2)
- 29 CVE17 critCVSS 9.4NEWphotoshop cc 2019 (14) · photoshop 2020 (14) · adobe acrobat document cloud (10)
- 29 CVE1 critCVSS 7.5Nuclei 1PoC 5opensuse leap (25) · suse package hub for suse linux enterprise (10) · suse linux enterprise server for sap applications (4)
- 28 CVE4 critCVSS 7.3KEV 1Nuclei 1PoC 5ubuntu linux (26) · python-apt (2)
- 27 CVECVSS 5.7PoC 1graphics driver (17) · intel(r) graphics drivers (16) · celeron 1007u (2)
- 27 CVECVSS 7.0PoC 1intel graphics driver (17) · intel nuc kit nuc7i3bnk (2) · intel nuc kit nuc6i3syk (2)
- 25 CVE4 critCVSS 7.8Nuclei 1PoC 6fedora (25)
- 25 CVE10 critCVSS 8.2moxa mgate mb3180 (10) · moxa mgate mb3270 (10) · moxa mgate mb3280 (10)
- 24 CVE9 critCVSS 8.4mb3480 firmware (9) · mb3280 firmware (9) · mb3270 firmware (9)
- 24 CVE2 critCVSS 7.6NEWKEV 1PoC 4firefox (18) · thunderbird (14) · firefox esr (12)
- 22 CVE9 critCVSS 8.9Nuclei 2PoC 2weblogic server (11) · primavera unifier (11) · jd edwards enterpriseone tools (11)
- 22 CVE8 critCVSS 9.0Nuclei 2PoC 3jd edwards enterpriseone tools (11) · oracle agile plm (11) · oracle communications contacts server (10)
- 21 CVE17 critCVSS 9.4NEWPoC 9open network automation platform (21)
- 20 CVE1 critCVSS 8.2×4.0KEV 2PoC 14dsl-2680 firmware (5) · dir-825 firmware (4) · dwl-2600ap firmware (3)
- 20 CVE1 critCVSS 6.6KEV 1PoC 4альт 8 сп (20)
- 19 CVE1 critCVSS 6.9PoC 18cisco sd-wan (5) · cisco webex meetings (3) · prime collaboration provisioning (2)
- 19 CVE5 critCVSS 7.1NEWcpanel (19)
- 19 CVE1 critCVSS 7.7×3.8microsoft.chakracore (15) · sustainsys.saml2 (1) · umbracocms (1)
- 18 CVECVSS 6.7PoC 18sd-wan firmware (5) · webex meetings (4) · cisco sd-wan solution (3)
- 18 CVE4 critCVSS 6.7PoC 3осон основа оnyx (18)
- 18 CVE6 critCVSS 7.7NEWNuclei 2PoC 10ред ос (18) · goslinux (1)
- 17 CVE4 critCVSS 7.9Nuclei 3PoC 1steelstore cloud integrated storage (10) · active iq unified manager (4) · cloud backup (2)
- 17 CVE3 critCVSS 6.8KEV 1Nuclei 3PoC 2commerce cloud (2) · sap solution manager (2) · solution manager (2)
- 17 CVECVSS 7.1sinvr 3 central control server (8) · sinvr 3 video server (8) · control center server (ccs) (6)
- 17 CVECVSS 7.6PoC 6suse linux enterprise desktop (7) · suse linux enterprise server (7) · linux enterprise server (5)
- 16 CVE4 critCVSS 7.2Nuclei 1PoC 4ubuntu (16)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | 182 | 43 | 2 | · | KEV 2PoC 2 | android (170) · chrome (10) · dart sdk (1) | — | ||
| 2 | chadhaajay | 118 | · | · | · | NEWPoC 62 | phpkb (118) | — | |
| 3 | microsoft | 117 | 4 | 2 | 1 | KEV 2Nuclei 1PoC 3 | windows server 2016 (78) · windows 10 version 1909 for 32-bit systems (77) · windows 10 version 1909 for arm64-based systems (77) | — | |
| 4 | microsoft corp | 117 | 4 | 2 | 1 | KEV 2Nuclei 1PoC 2 | windows 10 1909 (78) · windows server 1909 (server core installation) (78) · windows server 1903 (server core installation) (77) | — | |
| 5 | сообщество свободного программного обеспечения | 92 | 16 | 3 | 7 | KEV 3Nuclei 7PoC 24 | debian gnu/linux (74) · linux (5) · envoy (3) | — | |
| 6 | maven | 82 | 16 | 1 | 10 | KEV 1Nuclei 10PoC 4 | com.fasterxml.jackson.core:jackson-databind (12) · org.igniterealtime.openfire:parent (3) · fr.edf.jenkins.plugins:mac (3) | — | |
| 7 | debian | 77 | 16 | · | 4 | Nuclei 4PoC 17 | debian linux (75) · python-apt (2) | — | |
| 8 | ооо «русбитех-астра» | 65 | 9 | 2 | 3 | KEV 2Nuclei 3PoC 18 | astra linux special edition (51) · astra linux common edition (27) · astra linux special edition для «эльбрус» (18) | — | |
| 9 | gitlab | 51 | 7 | · | · | NEW×17.0 | gitlab (51) | — | |
| 10 | qualcomm | 47 | 23 | · | · | sm8150 firmware (43) · sxr1130 firmware (40) · qcs605 firmware (39) | — | ||
| 11 | qualcomm, inc. | 47 | 23 | · | · | snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (8) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (4) | — | ||
| 12 | ао «концерн вниинс» | 47 | 8 | 1 | 2 | KEV 1Nuclei 2PoC 14 | ос он «стрелец» (47) | — | |
| 13 | fedoraproject | 46 | 6 | · | 1 | Nuclei 1PoC 13 | fedora (46) | — | |
| 14 | red hat inc. | 44 | 8 | · | 3 | Nuclei 3PoC 7 | red hat enterprise linux (22) · ansible (9) · ansible tower (9) | — | |
| 15 | adobe | 42 | 17 | · | · | photoshop cc (22) · photoshop 2020 (22) · adobe photoshop (22) | — | ||
| 16 | redhat | 40 | 3 | · | · | PoC 2 | ansible tower (11) · openstack (8) · ansible (7) | — | |
| 17 | opensuse | 39 | 3 | · | · | PoC 10 | leap (29) · backports sle (17) · factory (3) | — | |
| 18 | jenkins project | 38 | · | · | 1 | Nuclei 1 | jenkins (4) · jenkins mac plugin (3) · jenkins artifactory plugin (2) | — | |
| 19 | red hat | 38 | 5 | · | · | ×12.7PoC 6 | ansible (11) · newlib (8) · jackson-databind (2) | — | |
| 20 | jenkins | 36 | · | · | 1 | Nuclei 1 | jenkins (4) · mac (3) · cobertura (2) | — | |
| 21 | npm | 34 | 11 | · | 1 | ×3.1Nuclei 1PoC 6 | bson (2) · vp-toolkit (2) · blamer (2) | — | |
| 22 | ibm | 33 | 1 | · | · | tivoli netcool\/impact (6) · spectrum protect plus (6) · tivoli netcool impact (6) | — | ||
| 23 | packagist | 32 | 6 | · | 6 | Nuclei 6PoC 14 | moodle/moodle (5) · dolibarr/dolibarr (4) · froxlor/froxlor (3) | — | |
| 24 | wago | 32 | 2 | · | · | NEWPoC 13 | pfc200 firmware (28) · wago pfc200 (13) · wago pfc200 firmware (12) | — | |
| 25 | pypi | 31 | 6 | · | 1 | Nuclei 1PoC 7 | ansible (11) · twisted (3) · python-apt (2) | — | |
| 26 | adobe systems inc. | 29 | 17 | · | · | NEW | photoshop cc 2019 (14) · photoshop 2020 (14) · adobe acrobat document cloud (10) | — | |
| 27 | novell inc. | 29 | 1 | · | 1 | Nuclei 1PoC 5 | opensuse leap (25) · suse package hub for suse linux enterprise (10) · suse linux enterprise server for sap applications (4) | — | |
| 28 | canonical | 28 | 4 | 1 | 1 | KEV 1Nuclei 1PoC 5 | ubuntu linux (26) · python-apt (2) | — | |
| 29 | intel | 27 | · | · | · | PoC 1 | graphics driver (17) · intel(r) graphics drivers (16) · celeron 1007u (2) | — | |
| 30 | intel corp. | 27 | · | · | · | PoC 1 | intel graphics driver (17) · intel nuc kit nuc7i3bnk (2) · intel nuc kit nuc6i3syk (2) | — | |
| 31 | fedora project | 25 | 4 | · | 1 | Nuclei 1PoC 6 | fedora (25) | — | |
| 32 | moxa inc. | 25 | 10 | · | · | moxa mgate mb3180 (10) · moxa mgate mb3270 (10) · moxa mgate mb3280 (10) | — | ||
| 33 | moxa | 24 | 9 | · | · | mb3480 firmware (9) · mb3280 firmware (9) · mb3270 firmware (9) | — | ||
| 34 | mozilla | 24 | 2 | 1 | · | NEWKEV 1PoC 4 | firefox (18) · thunderbird (14) · firefox esr (12) | — | |
| 35 | oracle | 22 | 9 | · | 2 | Nuclei 2PoC 2 | weblogic server (11) · primavera unifier (11) · jd edwards enterpriseone tools (11) | — | |
| 36 | oracle corp. | 22 | 8 | · | 2 | Nuclei 2PoC 3 | jd edwards enterpriseone tools (11) · oracle agile plm (11) · oracle communications contacts server (10) | — | |
| 37 | onap | 21 | 17 | · | · | NEWPoC 9 | open network automation platform (21) | — | |
| 38 | dlink | 20 | 1 | 2 | · | ×4.0KEV 2PoC 14 | dsl-2680 firmware (5) · dir-825 firmware (4) · dwl-2600ap firmware (3) | — | |
| 39 | ао «ивк» | 20 | 1 | 1 | · | KEV 1PoC 4 | альт 8 сп (20) | — | |
| 40 | cisco systems inc. | 19 | 1 | · | · | PoC 18 | cisco sd-wan (5) · cisco webex meetings (3) · prime collaboration provisioning (2) | — | |
| 41 | cpanel | 19 | 5 | · | · | NEW | cpanel (19) | — | |
| 42 | nuget | 19 | 1 | · | · | ×3.8 | microsoft.chakracore (15) · sustainsys.saml2 (1) · umbracocms (1) | — | |
| 43 | cisco | 18 | · | · | · | PoC 18 | sd-wan firmware (5) · webex meetings (4) · cisco sd-wan solution (3) | — | |
| 44 | ао "нппкт" | 18 | 4 | · | · | PoC 3 | осон основа оnyx (18) | — | |
| 45 | ооо «ред софт» | 18 | 6 | · | 2 | NEWNuclei 2PoC 10 | ред ос (18) · goslinux (1) | — | |
| 46 | netapp | 17 | 4 | · | 3 | Nuclei 3PoC 1 | steelstore cloud integrated storage (10) · active iq unified manager (4) · cloud backup (2) | — | |
| 47 | sap | 17 | 3 | 1 | 3 | KEV 1Nuclei 3PoC 2 | commerce cloud (2) · sap solution manager (2) · solution manager (2) | — | |
| 48 | siemens | 17 | · | · | · | sinvr 3 central control server (8) · sinvr 3 video server (8) · control center server (ccs) (6) | — | ||
| 49 | suse | 17 | · | · | · | PoC 6 | suse linux enterprise desktop (7) · suse linux enterprise server (7) · linux enterprise server (5) | — | |
| 50 | canonical ltd. | 16 | 4 | · | 1 | Nuclei 1PoC 4 | ubuntu (16) | — |