month report

January 2021

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

January 2021 closed with 1,970 published CVEs. 202 criticals, oracle led volume, mostly via mysql. Top weakness class — CWE-79 (190 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,970

— MoM— YoY

Severity mix

202 / 695

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

4.6%

90 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1881.6

n=90

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

361

n=9

Detection gap

KEV pressure, no Nuclei coverage

January 2021 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3google77 CVE
KEV 3google inc46 CVE
KEV 2novell inc.43 CVE
KEV 1microsoft84 CVE
KEV 1microsoft corp84 CVE

Weakness × Vendor

What's spreading where in January 2021

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#20google inc46 CVE
#24crates.io34 CVE
#28ао «нтц ит роса»32 CVE
#32nvidia21 CVE
#36juniper networks19 CVE
#39hpe16 CVE
#47k7computing13 CVE
#48quest13 CVE
#49fasterxml12 CVE
#50fasterxml, llc12 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
169 CVE11 critCVSS 7.6
KEV 1Nuclei 8PoC 9
mysql (38) · vm virtualbox (17) · agile plm (14)
2cisco—
156 CVE10 critCVSS 7.0
PoC 155
cisco small business rv series router firmware (74) · rv130w firmware (73) · rv110w firmware (73)
3cisco systems inc.—
155 CVE10 critCVSS 7.0
PoC 155
cisco rv130 (74) · cisco rv110w (66) · cisco rv215w (66)
4oracle corp.—
144 CVE10 critCVSS 6.5
Nuclei 6PoC 1
mysql server (34) · vm virtualbox (17) · weblogic server (9)
5oracle corporation—
136 CVE9 critCVSS 6.5
Nuclei 6PoC 1
mysql server (38) · vm virtualbox (17) · weblogic server (9)
6сообщество свободного программного обеспечения—
120 CVE15 critCVSS 7.2
KEV 4Nuclei 1PoC 22
debian gnu/linux (108) · linux (7) · openjpeg (6)
7ао "нппкт"—
112 CVE14 critCVSS 7.5
KEV 4Nuclei 1PoC 27
осон основа оnyx (112)
8ао «концерн вниинс»—
99 CVE14 critCVSS 7.6
KEV 4Nuclei 1PoC 19
ос он «стрелец» (99)
9ооо «русбитех-астра»—
96 CVE14 critCVSS 6.8
KEV 4Nuclei 1PoC 15
astra linux special edition (91) · astra linux special edition для «эльбрус» (34) · astra linux common edition (22)
10ibm—
84 CVE4 critCVSS 5.6
rational engineering lifecycle manager (10) · rational collaborative lifecycle management (10) · collaborative lifecycle management (10)
11microsoft—
84 CVECVSS 7.5
KEV 1PoC 2
windows 10 (63) · windows 10 version 2004 (63) · windows 10 version 1909 (60)
12microsoft corp—
84 CVECVSS 7.5
KEV 1PoC 1
windows 10 2004 (62) · windows 10 20h2 (62) · windows 10 1909 (59)
13debian—
82 CVE9 critCVSS 7.4
KEV 2Nuclei 2PoC 15
debian linux (82)
14google—
77 CVE16 critCVSS 7.8
KEV 3PoC 9
chrome (46) · android (29) · secret manager provider for secret store csi driver (1)
15ао «ивк»—
76 CVE11 critCVSS 7.6
KEV 1Nuclei 1PoC 14
альт 8 сп (71) · альт 8 сп сервер (3) · альт сп 10 (2)
16fedoraproject—
72 CVE9 critCVSS 6.6
KEV 2Nuclei 1PoC 10
fedora (72) · extra packages for enterprise linux (1)
17netapp—
72 CVE4 critCVSS 5.8
KEV 1Nuclei 2PoC 7
oncommand workflow automation (40) · oncommand insight (39) · snapcenter (35)
18maven—
52 CVE6 critCVSS 7.3
KEV 1Nuclei 5PoC 9
com.fasterxml.jackson.core:jackson-databind (12) · org.jenkins-ci.main:jenkins-core (11) · com.mikesamuel:json-sanitizer (2)
19red hat inc.—
48 CVE8 critCVSS 6.9
KEV 3Nuclei 1PoC 7
red hat enterprise linux (47) · red hat software collections (11) · red hat openstack platform (3)
20google inc—
46 CVE13 critCVSS 8.2
NEWKEV 3PoC 6
google chrome (45) · android (1)
21novell inc.—
43 CVE8 critCVSS 8.1
KEV 2PoC 6
opensuse leap (43) · suse linux enterprise server (5) · suse linux enterprise server for sap applications (5)
22npm—
36 CVE4 critCVSS 7.0
Nuclei 2PoC 4
jointjs (2) · asciitable.js (1) · async-git (1)
23siemens—
36 CVE2 critCVSS 8.0
teamcenter visualization (24) · jt2go (24) · solid edge se2021 (6)
24crates.io—
34 CVE4 critCVSS 7.0
NEWPoC 9
raw-cpuid (2) · abi_stable (2) · late-static (1)
25qualcomm—
34 CVE15 critCVSS 8.7
qet5100 (31) · wcd9341 (31) · wcn3980 (30)
26qualcomm, inc.—
34 CVE15 critCVSS 8.3
snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (9) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (7) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3)
27canonical ltd.—
32 CVE7 critCVSS 8.0
KEV 3Nuclei 1PoC 8
ubuntu (32)
28ао «нтц ит роса»—
32 CVE1 critCVSS 7.7
NEWKEV 1Nuclei 1PoC 7
rosa virtualization (13) · роса хром (13) · роса кобальт (11)
29packagist—
30 CVE6 critCVSS 7.0
KEV 2Nuclei 4PoC 10
moodle/moodle (5) · mautic/core (4) · wp-premium/gravityforms (3)
30sap—
27 CVE1 critCVSS 7.8
PoC 3
3d visual enterprise viewer (16) · business warehouse (3) · bw\/4hana (1)
31sap se—
27 CVE1 critCVSS 7.7
PoC 3
sap 3d visual enterprise viewer (16) · sap business warehouse (3) · sap businessobjects business intelligence platform (web intelligence html interface) (1)
32nvidia—
21 CVECVSS 6.8
NEW
virtual gpu manager (10) · nvidia virtual gpu manager (8) · nvidia gpu display driver (6)
33ооо «ред софт»—
20 CVE1 critCVSS 7.0
KEV 1Nuclei 1PoC 1
ред ос (20)
34apache—
19 CVE3 critCVSS 7.7
KEV 1Nuclei 4PoC 2
activemq artemis (2) · traffic server (2) · flink (2)
35juniper—
19 CVE1 critCVSS 7.5
PoC 18
junos (16) · junos os evolved (3) · junos space (1)
36juniper networks—
19 CVE1 critCVSS 7.5
NEWPoC 18
junos os (16) · junos os evolved (3) · junos space (1)
37dell—
18 CVE4 critCVSS 7.4
emc powerstore firmware (3) · emc unity operating environment (3) · emc unity vsa operating environment (3)
38juniper networks inc.—
18 CVE1 critCVSS 7.3
PoC 17
junos (16) · contrail networking (1) · junos os evolved (1)
39hpe—
16 CVECVSS 7.8
NEW
cloudline cl4100 gen10 server firmware (16) · cloudline cl3100 gen10 server firmware (16) · cloudline cl5200 gen9 server firmware (16)
40pypi—
15 CVE2 critCVSS 7.2
PoC 2
pillow (3) · pysaml2 (2) · crmsh (1)
41jenkins—
14 CVECVSS 6.0
jenkins (11) · tracetronic ecu-test (1) · bumblebee hp alm (1)
42jenkins project—
14 CVECVSS 6.0
jenkins (11) · jenkins bumblebee hp alm plugin (1) · jenkins tics plugin (1)
43mozilla—
14 CVE1 critCVSS 7.6
PoC 2
firefox (14) · firefox esr (7) · thunderbird (7)
44apache software foundation—
13 CVE3 critCVSS 8.0
KEV 1Nuclei 4PoC 2
traffic server (2) · apache flink (2) · apache dolphinscheduler (1)
45fedora project—
13 CVE1 critCVSS 7.7
KEV 1Nuclei 1PoC 5
fedora (13)
46go—
13 CVECVSS 6.3
PoC 2
github.com/tidwall/gjson (2) · github.com/deislabs/oras (1) · github.com/gin-gonic/gin (1)
47k7computing—
13 CVECVSS 7.1
NEW
total security (13) · antivrius (13) · enterprise security (13)
48quest—
13 CVE1 critCVSS 6.1
NEWPoC 8
policy authority for unified communications (13)
49fasterxml—
12 CVECVSS 8.1
NEWPoC 5
jackson-databind (12)
50fasterxml, llc—
12 CVECVSS 8.1
NEWPoC 5
jackson-databind (12)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	169	11	1	8	KEV 1Nuclei 8PoC 9	mysql (38) · vm virtualbox (17) · agile plm (14)	—
2	cisco	156	10	·	·	PoC 155	cisco small business rv series router firmware (74) · rv130w firmware (73) · rv110w firmware (73)	—
3	cisco systems inc.	155	10	·	·	PoC 155	cisco rv130 (74) · cisco rv110w (66) · cisco rv215w (66)	—
4	oracle corp.	144	10	·	6	Nuclei 6PoC 1	mysql server (34) · vm virtualbox (17) · weblogic server (9)	—
5	oracle corporation	136	9	·	6	Nuclei 6PoC 1	mysql server (38) · vm virtualbox (17) · weblogic server (9)	—
6	сообщество свободного программного обеспечения	120	15	4	1	KEV 4Nuclei 1PoC 22	debian gnu/linux (108) · linux (7) · openjpeg (6)	—
7	ао "нппкт"	112	14	4	1	KEV 4Nuclei 1PoC 27	осон основа оnyx (112)	—
8	ао «концерн вниинс»	99	14	4	1	KEV 4Nuclei 1PoC 19	ос он «стрелец» (99)	—
9	ооо «русбитех-астра»	96	14	4	1	KEV 4Nuclei 1PoC 15	astra linux special edition (91) · astra linux special edition для «эльбрус» (34) · astra linux common edition (22)	—
10	ibm	84	4	·	·		rational engineering lifecycle manager (10) · rational collaborative lifecycle management (10) · collaborative lifecycle management (10)	—
11	microsoft	84	·	1	·	KEV 1PoC 2	windows 10 (63) · windows 10 version 2004 (63) · windows 10 version 1909 (60)	—
12	microsoft corp	84	·	1	·	KEV 1PoC 1	windows 10 2004 (62) · windows 10 20h2 (62) · windows 10 1909 (59)	—
13	debian	82	9	2	2	KEV 2Nuclei 2PoC 15	debian linux (82)	—
14	google	77	16	3	·	KEV 3PoC 9	chrome (46) · android (29) · secret manager provider for secret store csi driver (1)	—
15	ао «ивк»	76	11	1	1	KEV 1Nuclei 1PoC 14	альт 8 сп (71) · альт 8 сп сервер (3) · альт сп 10 (2)	—
16	fedoraproject	72	9	2	1	KEV 2Nuclei 1PoC 10	fedora (72) · extra packages for enterprise linux (1)	—
17	netapp	72	4	1	2	KEV 1Nuclei 2PoC 7	oncommand workflow automation (40) · oncommand insight (39) · snapcenter (35)	—
18	maven	52	6	1	5	KEV 1Nuclei 5PoC 9	com.fasterxml.jackson.core:jackson-databind (12) · org.jenkins-ci.main:jenkins-core (11) · com.mikesamuel:json-sanitizer (2)	—
19	red hat inc.	48	8	3	1	KEV 3Nuclei 1PoC 7	red hat enterprise linux (47) · red hat software collections (11) · red hat openstack platform (3)	—
20	google inc	46	13	3	·	NEWKEV 3PoC 6	google chrome (45) · android (1)	—
21	novell inc.	43	8	2	·	KEV 2PoC 6	opensuse leap (43) · suse linux enterprise server (5) · suse linux enterprise server for sap applications (5)	—
22	npm	36	4	·	2	Nuclei 2PoC 4	jointjs (2) · asciitable.js (1) · async-git (1)	—
23	siemens	36	2	·	·		teamcenter visualization (24) · jt2go (24) · solid edge se2021 (6)	—
24	crates.io	34	4	·	·	NEWPoC 9	raw-cpuid (2) · abi_stable (2) · late-static (1)	—
25	qualcomm	34	15	·	·		qet5100 (31) · wcd9341 (31) · wcn3980 (30)	—
26	qualcomm, inc.	34	15	·	·		snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables, snapdragon wired infrastructure and networking (9) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (7) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer electronics connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3)	—
27	canonical ltd.	32	7	3	1	KEV 3Nuclei 1PoC 8	ubuntu (32)	—
28	ао «нтц ит роса»	32	1	1	1	NEWKEV 1Nuclei 1PoC 7	rosa virtualization (13) · роса хром (13) · роса кобальт (11)	—
29	packagist	30	6	2	4	KEV 2Nuclei 4PoC 10	moodle/moodle (5) · mautic/core (4) · wp-premium/gravityforms (3)	—
30	sap	27	1	·	·	PoC 3	3d visual enterprise viewer (16) · business warehouse (3) · bw\/4hana (1)	—
31	sap se	27	1	·	·	PoC 3	sap 3d visual enterprise viewer (16) · sap business warehouse (3) · sap businessobjects business intelligence platform (web intelligence html interface) (1)	—
32	nvidia	21	·	·	·	NEW	virtual gpu manager (10) · nvidia virtual gpu manager (8) · nvidia gpu display driver (6)	—
33	ооо «ред софт»	20	1	1	1	KEV 1Nuclei 1PoC 1	ред ос (20)	—
34	apache	19	3	1	4	KEV 1Nuclei 4PoC 2	activemq artemis (2) · traffic server (2) · flink (2)	—
35	juniper	19	1	·	·	PoC 18	junos (16) · junos os evolved (3) · junos space (1)	—
36	juniper networks	19	1	·	·	NEWPoC 18	junos os (16) · junos os evolved (3) · junos space (1)	—
37	dell	18	4	·	·		emc powerstore firmware (3) · emc unity operating environment (3) · emc unity vsa operating environment (3)	—
38	juniper networks inc.	18	1	·	·	PoC 17	junos (16) · contrail networking (1) · junos os evolved (1)	—
39	hpe	16	·	·	·	NEW	cloudline cl4100 gen10 server firmware (16) · cloudline cl3100 gen10 server firmware (16) · cloudline cl5200 gen9 server firmware (16)	—
40	pypi	15	2	·	·	PoC 2	pillow (3) · pysaml2 (2) · crmsh (1)	—
41	jenkins	14	·	·	·		jenkins (11) · tracetronic ecu-test (1) · bumblebee hp alm (1)	—
42	jenkins project	14	·	·	·		jenkins (11) · jenkins bumblebee hp alm plugin (1) · jenkins tics plugin (1)	—
43	mozilla	14	1	·	·	PoC 2	firefox (14) · firefox esr (7) · thunderbird (7)	—
44	apache software foundation	13	3	1	4	KEV 1Nuclei 4PoC 2	traffic server (2) · apache flink (2) · apache dolphinscheduler (1)	—
45	fedora project	13	1	1	1	KEV 1Nuclei 1PoC 5	fedora (13)	—
46	go	13	·	·	·	PoC 2	github.com/tidwall/gjson (2) · github.com/deislabs/oras (1) · github.com/gin-gonic/gin (1)	—
47	k7computing	13	·	·	·	NEW	total security (13) · antivrius (13) · enterprise security (13)	—
48	quest	13	1	·	·	NEWPoC 8	policy authority for unified communications (13)	—
49	fasterxml	12	·	·	·	NEWPoC 5	jackson-databind (12)	—
50	fasterxml, llc	12	·	·	·	NEWPoC 5	jackson-databind (12)	—