month report
September 2020
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
September 2020 closed with 2,258 published CVEs. 197 criticals, npm led volume, mostly via swagger-ui. Top weakness class — CWE-506 (322 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
2,258
— MoM— YoY
Severity mix
197 / 634
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
3.1%
69 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1999.2
n=69
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
424
n=8
Detection gap
KEV pressure, no Nuclei coverage
September 2020 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1microsoft130 CVE
- KEV 1microsoft corp130 CVE
- KEV 1cisco101 CVE
- KEV 1cisco systems inc.98 CVE
- KEV 1trend micro17 CVE
- KEV 1trendmicro17 CVE
Weakness × Vendor
What's spreading where in September 2020
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
506CWE-50679XSS787Out-of-bounds Write20Improper Input Validation89SQL Injection125Out-of-bounds Read22Path Traversal416Use After Free1321Prototype Pollution862Missing Authorizationnpm3227015631841google262242282625microsoft136211microsoft corp136211сообщество свободного программного обеспечения42723122debian52744120cisco3243132cisco systems inc.3243132fedoraproject8253217opensuse41910514maven202417ооо «русбитех-астра»22221115
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #30os4ed28 CVE
- #33tensorflow25 CVE
- #38observium20 CVE
- #42trend micro17 CVE
- #43trendmicro17 CVE
- #46hyland14 CVE
- #47philips13 CVE
- #50crates.io11 CVE
- #51gogogate11 CVE
- #52ozeki11 CVE
Top vendors
Ranked by distinct CVE count this period.
- 644 CVE19 critCVSS 8.6PoC 17swagger-ui (8) · handlebars (6) · serve (4)
- 230 CVE17 critCVSS 7.0PoC 15android (156) · chrome (47) · tensorflow (25)
- 130 CVE2 critCVSS 6.9KEV 1PoC 1windows server 2016 (77) · windows server version 2004 (75) · windows server, version 1903 (server core installation) (74)
- 130 CVE2 critCVSS 7.0KEV 1PoC 1windows server 2004 (server core installation) (75) · windows server 2019 (75) · windows server 1903 (server core installation) (74)
- 110 CVE9 critCVSS 6.9KEV 1Nuclei 3PoC 25debian gnu/linux (99) · linux (21) · mediawiki (4)
- 104 CVE7 critCVSS 6.9Nuclei 1PoC 21debian linux (103) · freedombox (1)
- 101 CVE2 critCVSS 6.5KEV 1PoC 101ios xe (45) · cisco ios xe software (33) · ios (8)
- 98 CVE2 critCVSS 7.0KEV 1PoC 98cisco ios xe (45) · cisco ios (10) · cisco ios xr (5)
- 95 CVE4 critCVSS 7.1Nuclei 3PoC 23fedora (95)
- 88 CVE7 critCVSS 6.9PoC 12leap (86) · backports sle (27) · opensuse leap 15.1 (1)
- 78 CVE3 critCVSS 6.2Nuclei 5PoC 5org.jenkins-ci.plugins:elastest (3) · org.jenkins-ci.plugins:database (3) · org.keycloak:keycloak-parent (3)
- 76 CVE4 critCVSS 7.0Nuclei 2PoC 14astra linux special edition (70) · astra linux common edition (49) · astra linux special edition для «эльбрус» (26)
- 67 CVE4 critCVSS 7.2PoC 16ос он «стрелец» (67)
- 67 CVE4 critCVSS 7.1Nuclei 2PoC 12осон основа оnyx (67)
- 59 CVE8 critCVSS 7.6sm7150 firmware (49) · sm6150 firmware (49) · sm8150 firmware (47)
- 58 CVE8 critCVSS 7.6snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (10) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (7) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (6)
- 53 CVE1 critCVSS 6.3data risk manager (12) · infosphere guardium (5) · maximo asset management (4)
- 48 CVE4 critCVSS 7.6PoC 9google chrome (38) · android (9) · android studio (1)
- 48 CVE1 critCVSS 5.8PoC 3database (3) · elastest (3) · liquibase runner (3)
- 48 CVE1 critCVSS 5.9PoC 3jenkins elastest plugin (3) · jenkins liquibase runner plugin (3) · jenkins database plugin (3)
- 48 CVECVSS 4.8PoC 13d visual enterprise viewer (38) · businessobjects business intelligence platform (2) · marketing (1)
- 48 CVECVSS 4.8PoC 1sap 3d visual enterprise viewer (38) · banking services from sap 9.0(bank analyzer) (1) · s/4hana fin prod subldgr (1)
- 45 CVE3 critCVSS 6.4PoC 7opensuse leap (39) · suse linux enterprise server (11) · suse linux enterprise server for sap applications (11)
- 44 CVE3 critCVSS 7.5PoC 13fedora (44)
- 41 CVE4 critCVSS 6.7Nuclei 2PoC 6tensorflow (25) · tensorflow-cpu (25) · tensorflow-gpu (25)
- 39 CVECVSS 5.5PoC 4gitlab (39)
- 35 CVE2 critCVSS 6.5Nuclei 3PoC 5ubuntu linux (33) · add-apt-repository (1) · ubuntu-ui-toolkit (1)
- 31 CVE1 critCVSS 6.4Nuclei 1PoC 2red hat enterprise linux (22) · ansible (3) · openshift application runtimes (2)
- 29 CVECVSS 6.6PoC 1enterprise linux (11) · single sign-on (4) · keycloak (3)
- 28 CVE8 critCVSS 9.1NEWNuclei 8PoC 14opensis (28)
- 26 CVE1 critCVSS 7.2Nuclei 1PoC 4альт 8 сп (25) · альт 8 сп сервер (1)
- 25 CVE1 critCVSS 6.8Nuclei 4PoC 13mediawiki/core (6) · mantisbt/mantisbt (3) · shopware/platform (2)
- 25 CVE3 critCVSS 6.6NEWPoC 5tensorflow (25)
- 21 CVE5 critCVSS 7.5experience manager (11) · indesign (5) · media encoder (3)
- 21 CVE5 critCVSS 7.4adobe experience manager (8) · adobe indesign (5) · adobe experience manager forms add-on (3)
- 20 CVE2 critCVSS 6.6Nuclei 3PoC 3ubuntu (19) · add-apt-repository (1)
- 20 CVECVSS 5.9PoC 2linux kernel (20)
- 20 CVE2 critCVSS 7.5NEWPoC 5observium (20)
- 18 CVE5 critCVSS 7.8Nuclei 13cpanel (18)
- 17 CVE1 critCVSS 5.8PoC 3helm.sh/helm (4) · helm.sh/helm/v3 (4) · github.com/u-root/u-root (2)
- 17 CVE1 critCVSS 6.0web gateway (5) · mcafee web gateway (mwg) (5) · mcafee agent (4)
- 17 CVE1 critCVSS 7.2NEWKEV 1trend micro apex one (12) · trend micro worry-free business security (4) · trend micro officescan (3)
- 17 CVE1 critCVSS 7.1NEWKEV 1apex one (12) · worry-free business security (4) · worry-free business security services (3)
- 16 CVE2 critCVSS 7.1Nuclei 5PoC 4zfs storage appliance kit (4) · communications cloud native core network function cloud native environment (4) · communications diameter signaling router (3)
- 15 CVE3 critCVSS 7.5Nuclei 4PoC 3activemq (2) · superset (2) · struts (2)
- 14 CVE8 critCVSS 8.7NEWonbase (14)
- 13 CVECVSS 6.1NEWpatient information center ix (8) · patient information center ix (picix) (7) · clinical collaboration platform (5)
- 12 CVE2 critCVSS 7.5simatic rtls locating manager (3) · spectrum power 4 (2) · polarion subversion webclient (2)
- 11 CVE4 critCVSS 8.0fabric operating system (9) · brocade sannav (2)
- 11 CVE3 critCVSS 7.9NEWNuclei 1sized-chunks (6) · failure (1) · http (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | npm | 644 | 19 | · | · | PoC 17 | swagger-ui (8) · handlebars (6) · serve (4) | — | |
| 2 | 230 | 17 | · | · | PoC 15 | android (156) · chrome (47) · tensorflow (25) | — | ||
| 3 | microsoft | 130 | 2 | 1 | · | KEV 1PoC 1 | windows server 2016 (77) · windows server version 2004 (75) · windows server, version 1903 (server core installation) (74) | — | |
| 4 | microsoft corp | 130 | 2 | 1 | · | KEV 1PoC 1 | windows server 2004 (server core installation) (75) · windows server 2019 (75) · windows server 1903 (server core installation) (74) | — | |
| 5 | сообщество свободного программного обеспечения | 110 | 9 | 1 | 3 | KEV 1Nuclei 3PoC 25 | debian gnu/linux (99) · linux (21) · mediawiki (4) | — | |
| 6 | debian | 104 | 7 | · | 1 | Nuclei 1PoC 21 | debian linux (103) · freedombox (1) | — | |
| 7 | cisco | 101 | 2 | 1 | · | KEV 1PoC 101 | ios xe (45) · cisco ios xe software (33) · ios (8) | — | |
| 8 | cisco systems inc. | 98 | 2 | 1 | · | KEV 1PoC 98 | cisco ios xe (45) · cisco ios (10) · cisco ios xr (5) | — | |
| 9 | fedoraproject | 95 | 4 | · | 3 | Nuclei 3PoC 23 | fedora (95) | — | |
| 10 | opensuse | 88 | 7 | · | · | PoC 12 | leap (86) · backports sle (27) · opensuse leap 15.1 (1) | — | |
| 11 | maven | 78 | 3 | · | 5 | Nuclei 5PoC 5 | org.jenkins-ci.plugins:elastest (3) · org.jenkins-ci.plugins:database (3) · org.keycloak:keycloak-parent (3) | — | |
| 12 | ооо «русбитех-астра» | 76 | 4 | · | 2 | Nuclei 2PoC 14 | astra linux special edition (70) · astra linux common edition (49) · astra linux special edition для «эльбрус» (26) | — | |
| 13 | ао «концерн вниинс» | 67 | 4 | · | · | PoC 16 | ос он «стрелец» (67) | — | |
| 14 | ао "нппкт" | 67 | 4 | · | 2 | Nuclei 2PoC 12 | осон основа оnyx (67) | — | |
| 15 | qualcomm | 59 | 8 | · | · | sm7150 firmware (49) · sm6150 firmware (49) · sm8150 firmware (47) | — | ||
| 16 | qualcomm, inc. | 58 | 8 | · | · | snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (10) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (7) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (6) | — | ||
| 17 | ibm | 53 | 1 | · | · | data risk manager (12) · infosphere guardium (5) · maximo asset management (4) | — | ||
| 18 | google inc | 48 | 4 | · | · | PoC 9 | google chrome (38) · android (9) · android studio (1) | — | |
| 19 | jenkins | 48 | 1 | · | · | PoC 3 | database (3) · elastest (3) · liquibase runner (3) | — | |
| 20 | jenkins project | 48 | 1 | · | · | PoC 3 | jenkins elastest plugin (3) · jenkins liquibase runner plugin (3) · jenkins database plugin (3) | — | |
| 21 | sap | 48 | · | · | · | PoC 1 | 3d visual enterprise viewer (38) · businessobjects business intelligence platform (2) · marketing (1) | — | |
| 22 | sap se | 48 | · | · | · | PoC 1 | sap 3d visual enterprise viewer (38) · banking services from sap 9.0(bank analyzer) (1) · s/4hana fin prod subldgr (1) | — | |
| 23 | novell inc. | 45 | 3 | · | · | PoC 7 | opensuse leap (39) · suse linux enterprise server (11) · suse linux enterprise server for sap applications (11) | — | |
| 24 | fedora project | 44 | 3 | · | · | PoC 13 | fedora (44) | — | |
| 25 | pypi | 41 | 4 | · | 2 | Nuclei 2PoC 6 | tensorflow (25) · tensorflow-cpu (25) · tensorflow-gpu (25) | — | |
| 26 | gitlab | 39 | · | · | · | PoC 4 | gitlab (39) | — | |
| 27 | canonical | 35 | 2 | · | 3 | Nuclei 3PoC 5 | ubuntu linux (33) · add-apt-repository (1) · ubuntu-ui-toolkit (1) | — | |
| 28 | red hat inc. | 31 | 1 | · | 1 | Nuclei 1PoC 2 | red hat enterprise linux (22) · ansible (3) · openshift application runtimes (2) | — | |
| 29 | redhat | 29 | · | · | · | PoC 1 | enterprise linux (11) · single sign-on (4) · keycloak (3) | — | |
| 30 | os4ed | 28 | 8 | · | 8 | NEWNuclei 8PoC 14 | opensis (28) | — | |
| 31 | ао «ивк» | 26 | 1 | · | 1 | Nuclei 1PoC 4 | альт 8 сп (25) · альт 8 сп сервер (1) | — | |
| 32 | packagist | 25 | 1 | · | 4 | Nuclei 4PoC 13 | mediawiki/core (6) · mantisbt/mantisbt (3) · shopware/platform (2) | — | |
| 33 | tensorflow | 25 | 3 | · | · | NEWPoC 5 | tensorflow (25) | — | |
| 34 | adobe | 21 | 5 | · | · | experience manager (11) · indesign (5) · media encoder (3) | — | ||
| 35 | adobe systems inc. | 21 | 5 | · | · | adobe experience manager (8) · adobe indesign (5) · adobe experience manager forms add-on (3) | — | ||
| 36 | canonical ltd. | 20 | 2 | · | 3 | Nuclei 3PoC 3 | ubuntu (19) · add-apt-repository (1) | — | |
| 37 | linux | 20 | · | · | · | PoC 2 | linux kernel (20) | — | |
| 38 | observium | 20 | 2 | · | · | NEWPoC 5 | observium (20) | — | |
| 39 | cpanel | 18 | 5 | · | 13 | Nuclei 13 | cpanel (18) | — | |
| 40 | go | 17 | 1 | · | · | PoC 3 | helm.sh/helm (4) · helm.sh/helm/v3 (4) · github.com/u-root/u-root (2) | — | |
| 41 | mcafee | 17 | 1 | · | · | web gateway (5) · mcafee web gateway (mwg) (5) · mcafee agent (4) | — | ||
| 42 | trend micro | 17 | 1 | 1 | · | NEWKEV 1 | trend micro apex one (12) · trend micro worry-free business security (4) · trend micro officescan (3) | — | |
| 43 | trendmicro | 17 | 1 | 1 | · | NEWKEV 1 | apex one (12) · worry-free business security (4) · worry-free business security services (3) | — | |
| 44 | oracle | 16 | 2 | · | 5 | Nuclei 5PoC 4 | zfs storage appliance kit (4) · communications cloud native core network function cloud native environment (4) · communications diameter signaling router (3) | — | |
| 45 | apache | 15 | 3 | · | 4 | Nuclei 4PoC 3 | activemq (2) · superset (2) · struts (2) | — | |
| 46 | hyland | 14 | 8 | · | · | NEW | onbase (14) | — | |
| 47 | philips | 13 | · | · | · | NEW | patient information center ix (8) · patient information center ix (picix) (7) · clinical collaboration platform (5) | — | |
| 48 | siemens | 12 | 2 | · | · | simatic rtls locating manager (3) · spectrum power 4 (2) · polarion subversion webclient (2) | — | ||
| 49 | broadcom | 11 | 4 | · | · | fabric operating system (9) · brocade sannav (2) | — | ||
| 50 | crates.io | 11 | 3 | · | 1 | NEWNuclei 1 | sized-chunks (6) · failure (1) · http (1) | — |