month report

March 2021

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

March 2021 closed with 1,619 published CVEs. 183 criticals, сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (187 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,619

— MoM— YoY

Severity mix

183 / 604

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

5.9%

96 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1814.2

n=96

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

270

n=22

Detection gap

KEV pressure, no Nuclei coverage

March 2021 · vendors with active exploitation listed by CISA but no public detection template.

KEV 5google inc56 CVE
KEV 5samsung mobile32 CVE
KEV 5samsung23 CVE
KEV 2ао "нппкт"118 CVE
KEV 2google96 CVE

Weakness × Vendor

What's spreading where in March 2021

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#12google inc56 CVE
#23netgear41 CVE
#27samsung mobile32 CVE
#28arubanetworks31 CVE
#33ао «нтц ит роса»28 CVE
#34unknown27 CVE
#36samsung23 CVE
#43crates.io17 CVE
#50facebook14 CVE
#51privoxy14 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
156 CVE9 critCVSS 6.8
KEV 2Nuclei 3PoC 27
debian gnu/linux (149) · linux (31) · cgal (4)
2fedoraproject—
146 CVE10 critCVSS 6.8
KEV 2Nuclei 3PoC 27
fedora (146)
3debian—
120 CVE6 critCVSS 6.7
KEV 2Nuclei 4PoC 23
debian linux (120) · courier-authlib (1) · shadow (1)
4ао "нппкт"—
118 CVE6 critCVSS 6.9
KEV 2PoC 20
осон основа оnyx (118)
5ооо «русбитех-астра»—
117 CVE7 critCVSS 6.9
KEV 2Nuclei 1PoC 23
astra linux special edition (112) · astra linux special edition для «эльбрус» (38) · astra linux common edition (14)
6microsoft corp—
108 CVE10 critCVSS 7.6
KEV 9Nuclei 1PoC 7
windows server 20h2 (server core installation) (46) · windows server 2004 (server core installation) (45) · windows server 1909 (server core installation) (43)
7google—
96 CVE2 critCVSS 6.8
KEV 2PoC 5
android (60) · chrome (35) · exposure notifications verification server (1)
8microsoft—
88 CVE10 critCVSS 7.7
KEV 7Nuclei 1PoC 4
windows server version 2004 (46) · windows server 2016 (46) · windows server version 20h2 (46)
9ао «концерн вниинс»—
80 CVECVSS 6.9
KEV 2Nuclei 2PoC 13
ос он «стрелец» (80)
10netapp—
61 CVE3 critCVSS 6.6
Nuclei 4PoC 11
oncommand insight (18) · ontap select deploy administration utility (15) · cloud backup (14)
11maven—
57 CVE2 critCVSS 6.2
Nuclei 5PoC 4
com.thoughtworks.xstream:xstream (11) · org.jenkins-ci.plugins:tfs (3) · org.apache.tomcat.embed:tomcat-embed-core (2)
12google inc—
56 CVECVSS 6.7
NEWKEV 5PoC 5
google chrome (35) · android (21)
13ао «ивк»—
55 CVE4 critCVSS 7.3
KEV 2Nuclei 1PoC 8
альт 8 сп (55)
14redhat—
54 CVE4 critCVSS 7.0
Nuclei 1PoC 5
enterprise linux (36) · openshift container platform (10) · enterprise linux workstation (7)
15red hat inc.—
54 CVE1 critCVSS 5.9
Nuclei 3PoC 12
red hat enterprise linux (52) · red hat jboss fuse (11) · red hat integration camel quarkus (10)
16fedora project—
48 CVE2 critCVSS 6.5
Nuclei 2PoC 9
fedora (47) · 389 directory server (1)
17npm—
48 CVE10 critCVSS 7.0
Nuclei 3PoC 17
matrix-react-sdk (1) · mongodb-query-parser (1) · msgpack5 (1)
18cisco—
47 CVE5 critCVSS 6.7
PoC 46
ios xe (33) · cisco ios xe software (30) · ios (5)
19cisco systems inc.—
46 CVE5 critCVSS 6.7
PoC 46
cisco ios xe (29) · cisco ios xe sd-wan (6) · jabber for windows (5)
20ibm—
44 CVECVSS 5.6
PoC 1
engineering lifecycle management (16) · engineering lifecycle optimization (16) · engineering requirements quality assistant on-premises (16)
21canonical ltd.—
43 CVE2 critCVSS 6.4
Nuclei 2PoC 7
ubuntu (43)
22siemens—
42 CVE4 critCVSS 7.0
Nuclei 1PoC 12
scalance w1750d firmware (19) · sinec infrastructure network services (5) · solid edge (4)
23netgear—
41 CVE12 critCVSS 8.7
NEW
rbr850 firmware (17) · rbs850 firmware (16) · rbk853 firmware (15)
24packagist—
39 CVE4 critCVSS 6.5
Nuclei 6PoC 18
typo3/cms-core (8) · typo3/cms (8) · moodle/moodle (5)
25oracle—
36 CVE1 critCVSS 6.3
Nuclei 4PoC 8
retail xstore point of service (13) · banking platform (12) · webcenter portal (12)
26novell inc.—
32 CVE1 critCVSS 6.7
KEV 2Nuclei 2PoC 5
opensuse leap (29) · suse linux enterprise server (14) · suse linux enterprise server for sap applications (11)
27samsung mobile—
32 CVECVSS 4.4
NEWKEV 5
samsung mobile devices (15) · samsung pay mini (3) · samsung internet (3)
28arubanetworks—
31 CVE3 critCVSS 7.1
NEWNuclei 1PoC 8
instant (19) · airwave (12)
29linux—
31 CVECVSS 6.2
PoC 7
linux kernel (31) · kernel (1)
30apache—
30 CVE2 critCVSS 6.3
Nuclei 5PoC 4
jmeter (11) · activemq (11) · tomcat (2)
31apache software foundation—
29 CVE2 critCVSS 6.7
Nuclei 4PoC 4
log4j (9) · apache ambari (2) · apache pdfbox (2)
32pypi—
28 CVE3 critCVSS 6.9
PoC 3
pillow (8) · matrix-synapse (2) · pygments (2)
33ао «нтц ит роса»—
28 CVE2 critCVSS 7.0
NEWNuclei 1PoC 6
роса хром (15) · rosa virtualization (11) · rosa virtualization 3.0 (6)
34unknown—
27 CVE2 critCVSS 6.9
NEWNuclei 27PoC 10
modern events calendar lite (4) · contact form submissions (1) · envira gallery lite (1)
35ооо «ред софт»—
27 CVE1 critCVSS 6.7
Nuclei 1PoC 4
ред ос (26) · ред база данных (1)
36samsung—
23 CVECVSS 4.2
NEWKEV 5
android (5) · internet (3) · pay mini (3)
37f5—
22 CVE6 critCVSS 7.7
KEV 2Nuclei 2PoC 2
big-ip application security manager (16) · big-ip advanced web application firewall (16) · big-ip access policy manager (16)
38qualcomm—
21 CVE9 critCVSS 8.1
wsa8815 firmware (21) · wsa8810 firmware (21) · pm8008 firmware (20)
39qualcomm, inc.—
21 CVE9 critCVSS 7.8
snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (8) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon industrial iot, snapdragon mobile (1)
40sap—
21 CVE1 critCVSS 6.3
PoC 1
3d visual enterprise viewer (14) · sap 3d visual enterprise viewer (3) · manufacturing integration and intelligence (1)
41sap se—
21 CVE1 critCVSS 6.7
PoC 1
sap 3d visual enterprise viewer (14) · sap enterprise financial services (bank customer accounts) (1) · sap hana (1)
42go—
20 CVE2 critCVSS 6.8
Nuclei 1PoC 3
github.com/ipfs/go-ipfs (2) · github.com/kongchuanhujiao/server (1) · github.com/liamg/gitjacker (1)
43crates.io—
17 CVE10 critCVSS 8.7
NEWPoC 1
fltk (3) · stack_dst (2) · toodee (2)
44gitlab—
17 CVE1 critCVSS 5.1
PoC 1
gitlab (17)
45adobe—
16 CVECVSS 7.2
animate (7) · creative cloud desktop application (3) · connect (3)
46jenkins—
16 CVECVSS 6.2
team foundation server (3) · owasp dependency-track (2) · build with parameters (2)
47jenkins project—
16 CVECVSS 6.2
jenkins team foundation server plugin (3) · jenkins owasp dependency-track plugin (2) · jenkins build with parameters plugin (2)
48freebsd—
15 CVE2 critCVSS 7.0
PoC 1
freebsd (15)
49gnu—
15 CVE3 critCVSS 7.2
PoC 2
grub2 (8) · binutils (2) · gnutls (2)
50facebook—
14 CVE5 critCVSS 7.8
NEWPoC 2
hhvm (9) · zstandard (2) · gameroom (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	156	9	2	3	KEV 2Nuclei 3PoC 27	debian gnu/linux (149) · linux (31) · cgal (4)	—
2	fedoraproject	146	10	2	3	KEV 2Nuclei 3PoC 27	fedora (146)	—
3	debian	120	6	2	4	KEV 2Nuclei 4PoC 23	debian linux (120) · courier-authlib (1) · shadow (1)	—
4	ао "нппкт"	118	6	2	·	KEV 2PoC 20	осон основа оnyx (118)	—
5	ооо «русбитех-астра»	117	7	2	1	KEV 2Nuclei 1PoC 23	astra linux special edition (112) · astra linux special edition для «эльбрус» (38) · astra linux common edition (14)	—
6	microsoft corp	108	10	9	1	KEV 9Nuclei 1PoC 7	windows server 20h2 (server core installation) (46) · windows server 2004 (server core installation) (45) · windows server 1909 (server core installation) (43)	—
7	google	96	2	2	·	KEV 2PoC 5	android (60) · chrome (35) · exposure notifications verification server (1)	—
8	microsoft	88	10	7	1	KEV 7Nuclei 1PoC 4	windows server version 2004 (46) · windows server 2016 (46) · windows server version 20h2 (46)	—
9	ао «концерн вниинс»	80	·	2	2	KEV 2Nuclei 2PoC 13	ос он «стрелец» (80)	—
10	netapp	61	3	·	4	Nuclei 4PoC 11	oncommand insight (18) · ontap select deploy administration utility (15) · cloud backup (14)	—
11	maven	57	2	·	5	Nuclei 5PoC 4	com.thoughtworks.xstream:xstream (11) · org.jenkins-ci.plugins:tfs (3) · org.apache.tomcat.embed:tomcat-embed-core (2)	—
12	google inc	56	·	5	·	NEWKEV 5PoC 5	google chrome (35) · android (21)	—
13	ао «ивк»	55	4	2	1	KEV 2Nuclei 1PoC 8	альт 8 сп (55)	—
14	redhat	54	4	·	1	Nuclei 1PoC 5	enterprise linux (36) · openshift container platform (10) · enterprise linux workstation (7)	—
15	red hat inc.	54	1	·	3	Nuclei 3PoC 12	red hat enterprise linux (52) · red hat jboss fuse (11) · red hat integration camel quarkus (10)	—
16	fedora project	48	2	·	2	Nuclei 2PoC 9	fedora (47) · 389 directory server (1)	—
17	npm	48	10	·	3	Nuclei 3PoC 17	matrix-react-sdk (1) · mongodb-query-parser (1) · msgpack5 (1)	—
18	cisco	47	5	·	·	PoC 46	ios xe (33) · cisco ios xe software (30) · ios (5)	—
19	cisco systems inc.	46	5	·	·	PoC 46	cisco ios xe (29) · cisco ios xe sd-wan (6) · jabber for windows (5)	—
20	ibm	44	·	·	·	PoC 1	engineering lifecycle management (16) · engineering lifecycle optimization (16) · engineering requirements quality assistant on-premises (16)	—
21	canonical ltd.	43	2	·	2	Nuclei 2PoC 7	ubuntu (43)	—
22	siemens	42	4	·	1	Nuclei 1PoC 12	scalance w1750d firmware (19) · sinec infrastructure network services (5) · solid edge (4)	—
23	netgear	41	12	·	·	NEW	rbr850 firmware (17) · rbs850 firmware (16) · rbk853 firmware (15)	—
24	packagist	39	4	·	6	Nuclei 6PoC 18	typo3/cms-core (8) · typo3/cms (8) · moodle/moodle (5)	—
25	oracle	36	1	·	4	Nuclei 4PoC 8	retail xstore point of service (13) · banking platform (12) · webcenter portal (12)	—
26	novell inc.	32	1	2	2	KEV 2Nuclei 2PoC 5	opensuse leap (29) · suse linux enterprise server (14) · suse linux enterprise server for sap applications (11)	—
27	samsung mobile	32	·	5	·	NEWKEV 5	samsung mobile devices (15) · samsung pay mini (3) · samsung internet (3)	—
28	arubanetworks	31	3	·	1	NEWNuclei 1PoC 8	instant (19) · airwave (12)	—
29	linux	31	·	·	·	PoC 7	linux kernel (31) · kernel (1)	—
30	apache	30	2	·	5	Nuclei 5PoC 4	jmeter (11) · activemq (11) · tomcat (2)	—
31	apache software foundation	29	2	·	4	Nuclei 4PoC 4	log4j (9) · apache ambari (2) · apache pdfbox (2)	—
32	pypi	28	3	·	·	PoC 3	pillow (8) · matrix-synapse (2) · pygments (2)	—
33	ао «нтц ит роса»	28	2	·	1	NEWNuclei 1PoC 6	роса хром (15) · rosa virtualization (11) · rosa virtualization 3.0 (6)	—
34	unknown	27	2	·	27	NEWNuclei 27PoC 10	modern events calendar lite (4) · contact form submissions (1) · envira gallery lite (1)	—
35	ооо «ред софт»	27	1	·	1	Nuclei 1PoC 4	ред ос (26) · ред база данных (1)	—
36	samsung	23	·	5	·	NEWKEV 5	android (5) · internet (3) · pay mini (3)	—
37	f5	22	6	2	2	KEV 2Nuclei 2PoC 2	big-ip application security manager (16) · big-ip advanced web application firewall (16) · big-ip access policy manager (16)	—
38	qualcomm	21	9	·	·		wsa8815 firmware (21) · wsa8810 firmware (21) · pm8008 firmware (20)	—
39	qualcomm, inc.	21	9	·	·		snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (8) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon industrial iot, snapdragon mobile (1)	—
40	sap	21	1	·	·	PoC 1	3d visual enterprise viewer (14) · sap 3d visual enterprise viewer (3) · manufacturing integration and intelligence (1)	—
41	sap se	21	1	·	·	PoC 1	sap 3d visual enterprise viewer (14) · sap enterprise financial services (bank customer accounts) (1) · sap hana (1)	—
42	go	20	2	·	1	Nuclei 1PoC 3	github.com/ipfs/go-ipfs (2) · github.com/kongchuanhujiao/server (1) · github.com/liamg/gitjacker (1)	—
43	crates.io	17	10	·	·	NEWPoC 1	fltk (3) · stack_dst (2) · toodee (2)	—
44	gitlab	17	1	·	·	PoC 1	gitlab (17)	—
45	adobe	16	·	·	·		animate (7) · creative cloud desktop application (3) · connect (3)	—
46	jenkins	16	·	·	·		team foundation server (3) · owasp dependency-track (2) · build with parameters (2)	—
47	jenkins project	16	·	·	·		jenkins team foundation server plugin (3) · jenkins owasp dependency-track plugin (2) · jenkins build with parameters plugin (2)	—
48	freebsd	15	2	·	·	PoC 1	freebsd (15)	—
49	gnu	15	3	·	·	PoC 2	grub2 (8) · binutils (2) · gnutls (2)	—
50	facebook	14	5	·	·	NEWPoC 2	hhvm (9) · zstandard (2) · gameroom (1)	—