month report

May 2020

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2020 closed with 1,079 published CVEs. 133 criticals, debian led volume, mostly via debian linux. Biggest breakout: google at ×5.1 their 12-month median. Top weakness class — CWE-79 (104 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,079

— MoM— YoY

Severity mix

133 / 448

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

5.4%

58 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2121.1

n=58

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

616

n=10

Weakness × Vendor

What's spreading where in May 2020

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

5.1×google72 CVE
4.9×ао «ивк»73 CVE
4.8×paloaltonetworks24 CVE
3.7×huawei11 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#24palo alto networks24 CVE
#25paloaltonetworks24 CVE
#43mcafee,llc11 CVE
#44zephyrproject11 CVE
#45zephyrproject-rtos11 CVE
#47blaauwproducts9 CVE
#51tecnick9 CVE
#53advantech8 CVE
#55glpi-project8 CVE
#57netgear8 CVE

Top vendors

Ranked by distinct CVE count this period.

1debian—
119 CVE11 critCVSS 6.3
Nuclei 2PoC 24
debian linux (119) · netqmail (2) · apt (1)
2microsoft—
112 CVE2 critCVSS 7.5
KEV 1Nuclei 1PoC 3
windows 10 version 1903 for x64-based systems (78) · windows 10 version 1909 for x64-based systems (78) · windows server, version 1903 (server core installation) (78)
3microsoft corp—
112 CVE2 critCVSS 7.6
KEV 1Nuclei 1PoC 3
windows server 1903 (server core installation) (77) · windows 10 1903 (76) · windows server 1909 (server core installation) (75)
4сообщество свободного программного обеспечения—
111 CVE13 critCVSS 6.6
Nuclei 2PoC 26
debian gnu/linux (101) · linux (22) · dpdk (5)
5opensuse—
101 CVE10 critCVSS 6.6
KEV 1Nuclei 2PoC 17
leap (99) · backports sle (36) · open build service (2)
6ооо «русбитех-астра»—
100 CVE14 critCVSS 6.7
Nuclei 1PoC 16
astra linux special edition (79) · astra linux special edition для «эльбрус» (30) · astra linux common edition (29)
7fedoraproject—
84 CVE7 critCVSS 6.9
Nuclei 3PoC 19
fedora (84)
8novell inc.—
78 CVE13 critCVSS 6.2
KEV 1Nuclei 2PoC 16
opensuse leap (73) · suse linux enterprise server (9) · suse linux enterprise server for sap applications (6)
9ао «ивк»—
73 CVE11 critCVSS 6.7
×4.9Nuclei 1PoC 13
альт 8 сп (72) · альт сп 10 (1)
10google—
72 CVE14 critCVSS 7.4
×5.1PoC 6
chrome (35) · android (34) · chrome-launcher (1)
11canonical—
71 CVE4 critCVSS 5.9
Nuclei 2PoC 14
ubuntu linux (69) · subiquity (1) · pulseaudio (1)
12ао «концерн вниинс»—
65 CVE10 critCVSS 6.9
Nuclei 2PoC 15
ос он «стрелец» (65)
13red hat inc.—
61 CVE10 critCVSS 7.2
Nuclei 1PoC 10
red hat enterprise linux (55) · red hat jboss fuse (4) · red hat enterprise mrg (3)
14ibm—
59 CVE3 critCVSS 6.4
KEV 3Nuclei 2
i2 analysts notebook (15) · spectrum scale (9) · security identity governance and intelligence (8)
15fedora project—
55 CVE5 critCVSS 6.7
Nuclei 1PoC 12
fedora (55)
16cisco—
43 CVE4 critCVSS 7.4
KEV 1Nuclei 1PoC 41
firepower threat defense (21) · cisco firepower threat defense software (13) · asa 5540 firmware (12)
17maven—
42 CVE8 critCVSS 6.9
KEV 1Nuclei 3PoC 3
org.keycloak:keycloak-core (5) · org.jenkins-ci.plugins:ec2 (4) · org.jenkins-ci.plugins:credentials-binding (2)
18cisco systems inc.—
41 CVE4 critCVSS 7.0
KEV 1Nuclei 2PoC 41
firepower threat defense (22) · adaptive security appliance (12) · cisco firepower management center (8)
19canonical ltd.—
38 CVE3 critCVSS 6.3
Nuclei 1PoC 10
ubuntu (38)
20google inc—
36 CVE9 critCVSS 7.5
PoC 4
google chrome (34) · android studio (1) · chrome-launcher (1)
21packagist—
32 CVE2 critCVSS 6.7
Nuclei 2PoC 15
typo3/cms (6) · typo3/cms-core (6) · dolibarr/dolibarr (4)
22freerdp—
30 CVECVSS 4.4
PoC 3
freerdp (30)
23ао "нппкт"—
25 CVE2 critCVSS 6.6
Nuclei 1PoC 7
осон основа оnyx (25)
24palo alto networks—
24 CVE1 critCVSS 7.0
NEWPoC 1
pan-os (23) · globalprotect app (1)
25paloaltonetworks—
24 CVE1 critCVSS 7.0
NEW×4.8PoC 1
pan-os (23) · globalprotect (1)
26oracle—
23 CVE5 critCVSS 7.4
Nuclei 4PoC 4
communications diameter signaling router (7) · flexcube private banking (5) · enterprise manager base platform (4)
27oracle corp.—
23 CVE4 critCVSS 7.3
Nuclei 4PoC 3
oracle flexcube private banking (5) · enterprise communications broker (5) · communications diameter signaling router (4)
28redhat—
23 CVECVSS 5.9
PoC 2
keycloak (8) · openshift application runtimes (5) · openstack (3)
29linux—
20 CVECVSS 5.9
PoC 5
linux kernel (20)
30sap—
19 CVE1 critCVSS 7.5
businessobjects business intelligence platform (5) · adaptive server enterprise (5) · adaptive server enterprise cockpit (1)
31sap se—
19 CVE1 critCVSS 7.5
sap adaptive server enterprise (3) · sap business objects business intelligence platform (2) · sap adaptive server enterprise (cockpit) (1)
32netapp—
18 CVE2 critCVSS 6.5
PoC 3
cloud backup (12) · active iq unified manager (10) · steelstore cloud integrated storage (8)
33apache—
17 CVE9 critCVSS 8.2
KEV 1Nuclei 3PoC 3
camel (3) · syncope (3) · ant (1)
34pypi—
16 CVE3 critCVSS 6.9
Nuclei 1PoC 1
keystone (4) · ansible (3) · qutebrowser (1)
35red hat—
16 CVECVSS 6.0
keycloak (5) · ansible (3) · kernel (2)
36free software foundation, inc.—
15 CVECVSS 4.8
PoC 1
freerdp (15)
37npm—
15 CVE4 critCVSS 7.8
PoC 3
snyk-broker (6) · chrome-launcher (1) · curlrequest (1)
38mozilla—
13 CVE6 critCVSS 8.2
PoC 2
firefox (12) · firefox esr (7) · thunderbird (6)
39mcafee—
12 CVECVSS 8.1
Nuclei 1PoC 1
active response (3) · endpoint detection and response (3) · endpoint security (2)
40ооо «ред софт»—
12 CVECVSS 5.6
ред ос (12)
41dell—
11 CVECVSS 6.3
rsa archer (7) · isilon onefs (2) · emc isilon onefs (2)
42huawei—
11 CVECVSS 6.2
×3.7
e6878-370 firmware (3) · e6878-370 (2) · huawei mate 20 (2)
43mcafee,llc—
11 CVECVSS 8.2
NEW
mcafee exploit detection and response (edr) for mac (1) · mcafee exploit detection and response (edr) for windows (1) · mcafee mvision endpoint (1)
44zephyrproject—
11 CVE1 critCVSS 7.6
NEW
zephyr (11)
45zephyrproject-rtos—
11 CVE1 critCVSS 7.6
NEW
zephyr (11)
46rubygems—
10 CVE1 critCVSS 7.5
PoC 8
puma (2) · doorkeeper (1) · em-http-request (1)
47blaauwproducts—
9 CVE2 critCVSS 7.8
NEWPoC 4
remote kiln control (9)
48ibm corp.—
9 CVE2 critCVSS 7.8
KEV 3Nuclei 1
ibm i2 analysts notebook (6) · ibm data risk manager (3)
49jenkins—
9 CVECVSS 5.6
amazon ec2 (4) · credentials binding (2) · copy artifact (1)
50jenkins project—
9 CVECVSS 5.6
jenkins amazon ec2 plugin (4) · jenkins credentials binding plugin (2) · jenkins scm filter jervis plugin (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	debian	119	11	·	2	Nuclei 2PoC 24	debian linux (119) · netqmail (2) · apt (1)	—
2	microsoft	112	2	1	1	KEV 1Nuclei 1PoC 3	windows 10 version 1903 for x64-based systems (78) · windows 10 version 1909 for x64-based systems (78) · windows server, version 1903 (server core installation) (78)	—
3	microsoft corp	112	2	1	1	KEV 1Nuclei 1PoC 3	windows server 1903 (server core installation) (77) · windows 10 1903 (76) · windows server 1909 (server core installation) (75)	—
4	сообщество свободного программного обеспечения	111	13	·	2	Nuclei 2PoC 26	debian gnu/linux (101) · linux (22) · dpdk (5)	—
5	opensuse	101	10	1	2	KEV 1Nuclei 2PoC 17	leap (99) · backports sle (36) · open build service (2)	—
6	ооо «русбитех-астра»	100	14	·	1	Nuclei 1PoC 16	astra linux special edition (79) · astra linux special edition для «эльбрус» (30) · astra linux common edition (29)	—
7	fedoraproject	84	7	·	3	Nuclei 3PoC 19	fedora (84)	—
8	novell inc.	78	13	1	2	KEV 1Nuclei 2PoC 16	opensuse leap (73) · suse linux enterprise server (9) · suse linux enterprise server for sap applications (6)	—
9	ао «ивк»	73	11	·	1	×4.9Nuclei 1PoC 13	альт 8 сп (72) · альт сп 10 (1)	—
10	google	72	14	·	·	×5.1PoC 6	chrome (35) · android (34) · chrome-launcher (1)	—
11	canonical	71	4	·	2	Nuclei 2PoC 14	ubuntu linux (69) · subiquity (1) · pulseaudio (1)	—
12	ао «концерн вниинс»	65	10	·	2	Nuclei 2PoC 15	ос он «стрелец» (65)	—
13	red hat inc.	61	10	·	1	Nuclei 1PoC 10	red hat enterprise linux (55) · red hat jboss fuse (4) · red hat enterprise mrg (3)	—
14	ibm	59	3	3	2	KEV 3Nuclei 2	i2 analysts notebook (15) · spectrum scale (9) · security identity governance and intelligence (8)	—
15	fedora project	55	5	·	1	Nuclei 1PoC 12	fedora (55)	—
16	cisco	43	4	1	1	KEV 1Nuclei 1PoC 41	firepower threat defense (21) · cisco firepower threat defense software (13) · asa 5540 firmware (12)	—
17	maven	42	8	1	3	KEV 1Nuclei 3PoC 3	org.keycloak:keycloak-core (5) · org.jenkins-ci.plugins:ec2 (4) · org.jenkins-ci.plugins:credentials-binding (2)	—
18	cisco systems inc.	41	4	1	2	KEV 1Nuclei 2PoC 41	firepower threat defense (22) · adaptive security appliance (12) · cisco firepower management center (8)	—
19	canonical ltd.	38	3	·	1	Nuclei 1PoC 10	ubuntu (38)	—
20	google inc	36	9	·	·	PoC 4	google chrome (34) · android studio (1) · chrome-launcher (1)	—
21	packagist	32	2	·	2	Nuclei 2PoC 15	typo3/cms (6) · typo3/cms-core (6) · dolibarr/dolibarr (4)	—
22	freerdp	30	·	·	·	PoC 3	freerdp (30)	—
23	ао "нппкт"	25	2	·	1	Nuclei 1PoC 7	осон основа оnyx (25)	—
24	palo alto networks	24	1	·	·	NEWPoC 1	pan-os (23) · globalprotect app (1)	—
25	paloaltonetworks	24	1	·	·	NEW×4.8PoC 1	pan-os (23) · globalprotect (1)	—
26	oracle	23	5	·	4	Nuclei 4PoC 4	communications diameter signaling router (7) · flexcube private banking (5) · enterprise manager base platform (4)	—
27	oracle corp.	23	4	·	4	Nuclei 4PoC 3	oracle flexcube private banking (5) · enterprise communications broker (5) · communications diameter signaling router (4)	—
28	redhat	23	·	·	·	PoC 2	keycloak (8) · openshift application runtimes (5) · openstack (3)	—
29	linux	20	·	·	·	PoC 5	linux kernel (20)	—
30	sap	19	1	·	·		businessobjects business intelligence platform (5) · adaptive server enterprise (5) · adaptive server enterprise cockpit (1)	—
31	sap se	19	1	·	·		sap adaptive server enterprise (3) · sap business objects business intelligence platform (2) · sap adaptive server enterprise (cockpit) (1)	—
32	netapp	18	2	·	·	PoC 3	cloud backup (12) · active iq unified manager (10) · steelstore cloud integrated storage (8)	—
33	apache	17	9	1	3	KEV 1Nuclei 3PoC 3	camel (3) · syncope (3) · ant (1)	—
34	pypi	16	3	·	1	Nuclei 1PoC 1	keystone (4) · ansible (3) · qutebrowser (1)	—
35	red hat	16	·	·	·		keycloak (5) · ansible (3) · kernel (2)	—
36	free software foundation, inc.	15	·	·	·	PoC 1	freerdp (15)	—
37	npm	15	4	·	·	PoC 3	snyk-broker (6) · chrome-launcher (1) · curlrequest (1)	—
38	mozilla	13	6	·	·	PoC 2	firefox (12) · firefox esr (7) · thunderbird (6)	—
39	mcafee	12	·	·	1	Nuclei 1PoC 1	active response (3) · endpoint detection and response (3) · endpoint security (2)	—
40	ооо «ред софт»	12	·	·	·		ред ос (12)	—
41	dell	11	·	·	·		rsa archer (7) · isilon onefs (2) · emc isilon onefs (2)	—
42	huawei	11	·	·	·	×3.7	e6878-370 firmware (3) · e6878-370 (2) · huawei mate 20 (2)	—
43	mcafee,llc	11	·	·	·	NEW	mcafee exploit detection and response (edr) for mac (1) · mcafee exploit detection and response (edr) for windows (1) · mcafee mvision endpoint (1)	—
44	zephyrproject	11	1	·	·	NEW	zephyr (11)	—
45	zephyrproject-rtos	11	1	·	·	NEW	zephyr (11)	—
46	rubygems	10	1	·	·	PoC 8	puma (2) · doorkeeper (1) · em-http-request (1)	—
47	blaauwproducts	9	2	·	·	NEWPoC 4	remote kiln control (9)	—
48	ibm corp.	9	2	3	1	KEV 3Nuclei 1	ibm i2 analysts notebook (6) · ibm data risk manager (3)	—
49	jenkins	9	·	·	·		amazon ec2 (4) · credentials binding (2) · copy artifact (1)	—
50	jenkins project	9	·	·	·		jenkins amazon ec2 plugin (4) · jenkins credentials binding plugin (2) · jenkins scm filter jervis plugin (1)	—