CVE Tools
Sign in
month report

October 2020

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

October 2020 closed with 1,621 published CVEs. 207 criticals, apple led volume, mostly via macos. Top weakness class — CWE-79 (147 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
1,621
— MoM— YoY
Severity mix
207 / 701
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
4.6%
75 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
1962.3
n=75
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
422
n=14
Detection gap

KEV pressure, no Nuclei coverage

October 2020 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in October 2020

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS787Out-of-bounds Write20Improper Input Validation125Out-of-bounds Read917Expression Language Injection120Buffer Overflow400Resource Consumption22Path Traversal416Use After Free78OS Command Injectionapple467192613327oracle11111oracle corp.11oracle corporation11microsoft corp66311microsoft66311сообщество свободного программного обеспечения4454215hp1258debian56317netapp4cisco1081124cisco systems inc.1091124

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1apple
    241 CVE21 critCVSS 7.3
    KEV 2PoC 2
    macos (166) · mac os x (164) · iphone os (154)
  • 2oracle
    173 CVE10 critCVSS 6.1
    KEV 4Nuclei 12PoC 5
    mysql (48) · jdk (8) · openjdk (8)
  • 3oracle corp.
    164 CVE9 critCVSS 6.0
    KEV 4Nuclei 12PoC 4
    mysql server (47) · database (13) · java se (8)
  • 4oracle corporation
    160 CVE9 critCVSS 5.9
    KEV 4Nuclei 12PoC 4
    mysql server (48) · java se jdk and jre (8) · peoplesoft enterprise pt peopletools (7)
  • 5microsoft corp
    91 CVECVSS 7.4
    Nuclei 2PoC 3
    windows 10 1909 (51) · windows 10 2004 (51) · windows 10 1903 (50)
  • 6microsoft
    90 CVECVSS 7.3
    Nuclei 2PoC 3
    windows 10 (55) · windows server 2016 (52) · windows 10 version 2004 (51)
  • 7сообщество свободного программного обеспечения
    73 CVE8 critCVSS 6.6
    Nuclei 10PoC 12
    debian gnu/linux (66) · linux (7) · cups (4)
  • 8hp
    67 CVE41 critCVSS 9.3
    Nuclei 1PoC 1
    intelligent management center (64) · ezmeral container platform (1) · universal cmbd foundation (1)
  • 9debian
    65 CVE8 critCVSS 6.5
    Nuclei 11PoC 9
    debian linux (65)
  • 10netapp
    58 CVE1 critCVSS 4.8
    PoC 3
    oncommand insight (51) · active iq unified manager (49) · oncommand workflow automation (42)
  • 11cisco
    56 CVECVSS 7.0
    KEV 1Nuclei 1PoC 54
    firepower threat defense (30) · cisco adaptive security appliance (asa) software (20) · adaptive security appliance software (19)
  • 12cisco systems inc.
    56 CVECVSS 6.9
    KEV 1Nuclei 1PoC 54
    firepower threat defense (30) · adaptive security appliance (20) · cisco firepower management center (9)
  • 13fedoraproject
    55 CVE6 critCVSS 6.6
    Nuclei 8PoC 7
    fedora (55)
  • 14ibm
    52 CVE2 critCVSS 6.5
    PoC 1
    curam spm (9) · curam social program management (9) · security access manager (6)
  • 15ао "нппкт"
    44 CVECVSS 6.0
    PoC 7
    осон основа оnyx (44)
  • 16ао «концерн вниинс»
    43 CVE3 critCVSS 6.3
    PoC 4
    ос он «стрелец» (43)
  • 17maven
    41 CVE4 critCVSS 6.7
    Nuclei 2PoC 1
    org.apache.nifi:nifi (3) · com.barchart.jenkins:maven-release-cascade (2) · org.biouno:uno-choice (2)
  • 18npm
    40 CVE4 critCVSS 7.0
    Nuclei 2PoC 8
    electron (2) · npm-user-validate (2) · hermes-engine (2)
  • 19google
    38 CVE6 critCVSS 6.9
    PoC 1
    android (35) · tensorflow (2) · tink java (1)
  • 20opensuse
    37 CVE3 critCVSS 6.5
    Nuclei 1PoC 4
    leap (37) · backports sle (7)
  • 21netgear
    36 CVE16 critCVSS 7.5
    NEWKEV 1Nuclei 1
    rbr850 firmware (13) · rbs850 firmware (13) · rbk852 firmware (13)
  • 22ао «ивк»
    34 CVE1 critCVSS 6.5
    PoC 5
    альт 8 сп (34)
  • 23juniper
    30 CVECVSS 7.0
    Nuclei 1PoC 27
    junos (25) · junos os evolved (3) · mist cloud ui (3)
  • 24juniper networks
    30 CVECVSS 7.0
    NEWNuclei 1PoC 27
    junos os (25) · junos os evolved (4) · mist cloud ui (3)
  • 25ооо «русбитех-астра»
    30 CVE1 critCVSS 6.8
    PoC 5
    astra linux special edition (28) · astra linux special edition для «эльбрус» (12) · astra linux common edition (10)
  • 26mozilla
    28 CVE3 critCVSS 7.3
    PoC 2
    firefox (22) · thunderbird (10) · firefox esr (9)
  • 27netapp inc.
    28 CVECVSS 5.2
    NEW
    snapcenter (28) · oncommand insight (28) · oncommand workflow automation (28)
  • 28red hat inc.
    28 CVE2 critCVSS 6.3
    PoC 4
    red hat enterprise linux (23) · openshift container platform (4) · openshift service mesh (1)
  • 29canonical ltd.
    27 CVE2 critCVSS 6.5
    PoC 3
    ubuntu (27)
  • 30fedora project
    26 CVE6 critCVSS 6.5
    Nuclei 10PoC 5
    fedora (26)
  • 31novell inc.
    25 CVE3 critCVSS 8.2
    Nuclei 1PoC 4
    opensuse leap (22) · suse linux enterprise server for sap applications (9) · suse linux enterprise server (9)
  • 32nvidia
    24 CVE2 critCVSS 7.3
    NEW
    virtual gpu manager (11) · nvidia dgx servers (9) · nvidia vgpu software (7)
  • 33adobe
    22 CVECVSS 7.3
    illustrator (7) · animate (4) · after effects (2)
  • 34adobe systems inc.
    21 CVECVSS 7.3
    illustrator 2020 (7) · animate (4) · adobe after effects (2)
  • 35packagist
    21 CVE1 critCVSS 6.3
    Nuclei 2PoC 7
    baserproject/basercms (3) · shopware/core (2) · pyrocms/pyrocms (2)
  • 36sap
    21 CVE1 critCVSS 6.1
    Nuclei 1PoC 2
    3d visual enterprise viewer (6) · commerce cloud (2) · netweaver application server java (2)
  • 37sap se
    20 CVE1 critCVSS 6.2
    Nuclei 1PoC 2
    sap 3d visual enterprise viewer (6) · sap netweaver application server java (2) · sap commerce cloud (2)
  • 38huawei
    19 CVECVSS 5.9
    taurus-an00b firmware (6) · p30 pro firmware (5) · mate 20 firmware (3)
  • 39mozilla corp.
    17 CVE2 critCVSS 7.7
    PoC 1
    firefox (10) · network security services (6) · firefox esr (5)
  • 40redhat
    16 CVECVSS 6.9
    PoC 1
    enterprise linux (5) · enterprise linux workstation (4) · enterprise linux desktop (4)
  • 41bigbluebutton
    15 CVE2 critCVSS 6.7
    NEWPoC 6
    bigbluebutton (14) · greenlight (1)
  • 42foxitsoftware
    15 CVE4 critCVSS 8.0
    foxit reader (12) · phantompdf (12) · 3d (3)
  • 43gitlab
    15 CVE1 critCVSS 5.9
    PoC 2
    gitlab (14) · gitlab runner (2) · runner (1)
  • 44intel
    15 CVE2 critCVSS 7.1
    bmc firmware (9) · bios (5) · driver \& support assistant (1)
  • 45juniper networks inc.
    15 CVECVSS 7.2
    Nuclei 1PoC 15
    junos (15) · junos os evolved (1)
  • 46pulsesecure
    14 CVE1 critCVSS 6.7
    NEWKEV 1PoC 1
    pulse secure desktop client (10) · pulse connect secure (4) · pulse policy secure (4)
  • 47pypi
    14 CVE3 critCVSS 6.2
    PoC 3
    tensorflow (2) · tensorflow-cpu (2) · tensorflow-gpu (2)
  • 48apache
    13 CVE1 critCVSS 6.8
    Nuclei 2PoC 1
    nifi (4) · calcite (1) · ant (1)
  • 49jenkins project
    13 CVECVSS 5.6
    jenkins active choices plugin (2) · jenkins maven cascade release plugin (2) · jenkins audit trail plugin (2)
  • 50sonicwall
    13 CVE1 critCVSS 7.3
    NEWKEV 1
    sonicosv (11) · sonicos (11) · global vpn client (2)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-79147
2CWE-787136
3CWE-2075
4CWE-12563
5CWE-91758
6CWE-12036
7CWE-40033
8CWE-2232
9CWE-41626
10CWE-7825
11CWE-8925
12CWE-28722
13CWE-35222
14CWE-30618
15CWE-42716
16CWE-47616
17CWE-73216
18CWE-86216
19CWE-26915
20CWE-7715