month report

May 2021

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

May 2021 closed with 1,580 published CVEs. 196 criticals, сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Top weakness class — CWE-79 (203 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,580

— MoM— YoY

Severity mix

196 / 563

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

10.5%

166 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

1760.0

n=166

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

180

n=19

Detection gap

KEV pressure, no Nuclei coverage

May 2021 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2qualcomm20 CVE
KEV 2qualcomm, inc.20 CVE

Weakness × Vendor

What's spreading where in May 2021

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#6tensorflow108 CVE
#25foxit33 CVE
#28unknown28 CVE
#29ао «нтц ит роса»28 CVE
#30ffmpeg27 CVE
#32ffmpeg team26 CVE
#34gnu general public license22 CVE
#35exim21 CVE
#39ibm corp.19 CVE
#42wago18 CVE

Top vendors

Ranked by distinct CVE count this period.

1сообщество свободного программного обеспечения—
239 CVE26 critCVSS 7.0
Nuclei 21PoC 46
debian gnu/linux (205) · linux (36) · drupal (4)
2pypi—
138 CVE4 critCVSS 3.2
Nuclei 2PoC 40
tensorflow-gpu (108) · tensorflow (108) · tensorflow-cpu (108)
3ао "нппкт"—
127 CVE19 critCVSS 7.3
Nuclei 9PoC 26
осон основа оnyx (127)
4ооо «русбитех-астра»—
126 CVE21 critCVSS 7.5
Nuclei 9PoC 25
astra linux special edition (121) · astra linux special edition для «эльбрус» (71) · astra linux common edition (26)
5google—
109 CVECVSS 2.9
PoC 36
tensorflow (108) · cloud iot device sdk for embedded c (1)
6tensorflow—
108 CVECVSS 2.9
NEWPoC 36
tensorflow (108)
7debian—
100 CVE7 critCVSS 7.2
Nuclei 2PoC 24
debian linux (100)
8fedoraproject—
92 CVE7 critCVSS 6.7
Nuclei 2PoC 14
fedora (92)
9redhat—
80 CVE15 critCVSS 6.4
PoC 6
enterprise linux (38) · ansible tower (8) · certification (5)
10ао «концерн вниинс»—
76 CVE17 critCVSS 7.7
Nuclei 9PoC 11
ос он «стрелец» (76)
11ibm—
71 CVE7 critCVSS 6.6
PoC 1
qradar siem (12) · cognos analytics (10) · qradar security information and event manager (8)
12cisco systems inc.—
70 CVE7 critCVSS 5.1
KEV 2Nuclei 3PoC 61
cisco sd-wan (13) · small business wap125 (11) · small business wap131 (11)
13maven—
65 CVE8 critCVSS 6.5
Nuclei 1PoC 12
com.liferay.portal:release.portal.bom (11) · com.liferay.portal:release.dxp.bom (11) · org.opennms:opennms (5)
14cisco—
64 CVE7 critCVSS 5.3
KEV 2Nuclei 3PoC 60
sd-wan vmanage (12) · wap125 firmware (11) · cisco business wireless access point software (11)
15microsoft corp—
55 CVE2 critCVSS 7.0
KEV 2Nuclei 1PoC 10
windows 10 2004 (24) · windows 10 20h2 (23) · windows server 2004 (server core installation) (22)
16ооо «ред софт»—
55 CVE18 critCVSS 7.8
Nuclei 8PoC 5
ред ос (55)
17microsoft—
54 CVE2 critCVSS 7.4
KEV 2Nuclei 1PoC 10
windows 10 (23) · windows 10 version 2004 (21) · windows 10 version 20h2 (20)
18netapp—
49 CVE6 critCVSS 7.6
Nuclei 1PoC 8
cloud backup (18) · h300s firmware (16) · h410s firmware (16)
19red hat inc.—
45 CVE1 critCVSS 6.3
Nuclei 1PoC 6
red hat enterprise linux (30) · libvirt (3) · ansible (3)
20canonical ltd.—
44 CVE7 critCVSS 7.5
Nuclei 8PoC 3
ubuntu (44)
21ао «ивк»—
41 CVE2 critCVSS 6.5
PoC 11
альт 8 сп (39) · альт сп 10 (5) · альт 8 сп рабочая станция (1)
22npm—
39 CVE8 critCVSS 7.5
Nuclei 2PoC 7
mixme (2) · tinymce (2) · matrix-react-sdk (2)
23foxitsoftware—
34 CVECVSS 6.4
PoC 1
phantompdf (22) · foxit reader (16) · 3d (11)
24linux—
34 CVECVSS 6.2
PoC 6
linux kernel (34) · mac80211 (3) · kernel (1)
25foxit—
33 CVECVSS 6.2
NEW
reader (33)
26siemens—
29 CVE2 critCVSS 7.3
PoC 2
simatic hmi ktp mobile panels ktp400f firmware (7) · simatic hmi ktp mobile panels ktp700 firmware (7) · simatic hmi ktp mobile panels ktp700f firmware (7)
27jetbrains—
28 CVE4 critCVSS 7.1
Nuclei 10
teamcity (14) · youtrack (4) · intellij idea (3)
28unknown—
28 CVE1 critCVSS 5.8
NEWNuclei 28PoC 12
404 seo redirection (2) · all 404 redirect to homepage (1) · all-in-one addons for elementor – widgetkit (1)
29ао «нтц ит роса»—
28 CVE12 critCVSS 8.5
NEWPoC 6
rosa virtualization (18) · rosa virtualization 3.0 (13) · роса кобальт (6)
30ffmpeg—
27 CVECVSS 7.7
NEWPoC 10
ffmpeg (27)
31gnu—
27 CVE1 critCVSS 8.0
PoC 10
libredwg (23) · binutils (1) · cflow (1)
32ffmpeg team—
26 CVECVSS 7.7
NEWPoC 10
ffmpeg (26)
33go—
25 CVE3 critCVSS 7.5
PoC 3
github.com/nats-io/nats-server/v2 (4) · github.com/dutchcoders/transfer.sh (2) · golang.org/x/net (2)
34gnu general public license—
22 CVE6 critCVSS 8.2
NEWNuclei 8
exim (21) · gnu binutils (1)
35exim—
21 CVE6 critCVSS 8.2
NEWNuclei 8
exim (21)
36packagist—
21 CVE2 critCVSS 6.5
Nuclei 2PoC 7
drupal/core (5) · drupal/drupal (5) · shopware/shopware (2)
37qualcomm—
20 CVECVSS 7.4
KEV 2
qbt2000 firmware (18) · pm6150l firmware (18) · qtm525 firmware (18)
38qualcomm, inc.—
20 CVECVSS 7.3
KEV 2
snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon mobile (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)
39ibm corp.—
19 CVE2 critCVSS 7.0
NEW
cognos analytics (10) · security guardium (6) · ibm security verify access docker (3)
40schneider-electric—
19 CVE3 critCVSS 7.4
spacelynk firmware (9) · homelynk firmware (9) · tcm 4351b firmware (6)
41fedora project—
18 CVECVSS 6.7
PoC 1
fedora (17) · 389 directory server (1)
42wago—
18 CVE8 critCVSS 8.1
NEW
750-829 firmware (12) · 750-831 firmware (12) · 750-832 firmware (12)
43mikrotik—
16 CVECVSS 6.5
NEWPoC 13
routeros (16)
44codesys—
15 CVE6 critCVSS 7.7
NEWPoC 1
v2 web server (6) · development system (3) · runtime toolkit (3)
45moxa inc.—
14 CVE8 critCVSS 7.7
nport iaw5250a-6i/o (10) · nport ia5450a (4) · nport ia5250a (4)
46hp—
13 CVE2 critCVSS 7.1
Nuclei 1
integrated lights-out 5 (10) · integrated lights-out 4 (10) · laserjet mfp m436 w7u01a (1)
47jenkins—
13 CVE1 critCVSS 6.3
PoC 4
xray - test management for jira (2) · s3 publisher (2) · p4 (2)
48jenkins project—
13 CVE1 critCVSS 6.3
PoC 4
jenkins xray - test management for jira plugin (2) · jenkins p4 plugin (2) · jenkins s3 publisher plugin (2)
49liferay—
12 CVECVSS 6.2
NEW
liferay portal (11) · dxp (10) · digital experience platform (5)
50nagios—
12 CVE7 critCVSS 9.0
NEWNuclei 1PoC 12
fusion (11) · nagios xi (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	сообщество свободного программного обеспечения	239	26	·	21	Nuclei 21PoC 46	debian gnu/linux (205) · linux (36) · drupal (4)	—
2	pypi	138	4	·	2	Nuclei 2PoC 40	tensorflow-gpu (108) · tensorflow (108) · tensorflow-cpu (108)	—
3	ао "нппкт"	127	19	·	9	Nuclei 9PoC 26	осон основа оnyx (127)	—
4	ооо «русбитех-астра»	126	21	·	9	Nuclei 9PoC 25	astra linux special edition (121) · astra linux special edition для «эльбрус» (71) · astra linux common edition (26)	—
5	google	109	·	·	·	PoC 36	tensorflow (108) · cloud iot device sdk for embedded c (1)	—
6	tensorflow	108	·	·	·	NEWPoC 36	tensorflow (108)	—
7	debian	100	7	·	2	Nuclei 2PoC 24	debian linux (100)	—
8	fedoraproject	92	7	·	2	Nuclei 2PoC 14	fedora (92)	—
9	redhat	80	15	·	·	PoC 6	enterprise linux (38) · ansible tower (8) · certification (5)	—
10	ао «концерн вниинс»	76	17	·	9	Nuclei 9PoC 11	ос он «стрелец» (76)	—
11	ibm	71	7	·	·	PoC 1	qradar siem (12) · cognos analytics (10) · qradar security information and event manager (8)	—
12	cisco systems inc.	70	7	2	3	KEV 2Nuclei 3PoC 61	cisco sd-wan (13) · small business wap125 (11) · small business wap131 (11)	—
13	maven	65	8	·	1	Nuclei 1PoC 12	com.liferay.portal:release.portal.bom (11) · com.liferay.portal:release.dxp.bom (11) · org.opennms:opennms (5)	—
14	cisco	64	7	2	3	KEV 2Nuclei 3PoC 60	sd-wan vmanage (12) · wap125 firmware (11) · cisco business wireless access point software (11)	—
15	microsoft corp	55	2	2	1	KEV 2Nuclei 1PoC 10	windows 10 2004 (24) · windows 10 20h2 (23) · windows server 2004 (server core installation) (22)	—
16	ооо «ред софт»	55	18	·	8	Nuclei 8PoC 5	ред ос (55)	—
17	microsoft	54	2	2	1	KEV 2Nuclei 1PoC 10	windows 10 (23) · windows 10 version 2004 (21) · windows 10 version 20h2 (20)	—
18	netapp	49	6	·	1	Nuclei 1PoC 8	cloud backup (18) · h300s firmware (16) · h410s firmware (16)	—
19	red hat inc.	45	1	·	1	Nuclei 1PoC 6	red hat enterprise linux (30) · libvirt (3) · ansible (3)	—
20	canonical ltd.	44	7	·	8	Nuclei 8PoC 3	ubuntu (44)	—
21	ао «ивк»	41	2	·	·	PoC 11	альт 8 сп (39) · альт сп 10 (5) · альт 8 сп рабочая станция (1)	—
22	npm	39	8	·	2	Nuclei 2PoC 7	mixme (2) · tinymce (2) · matrix-react-sdk (2)	—
23	foxitsoftware	34	·	·	·	PoC 1	phantompdf (22) · foxit reader (16) · 3d (11)	—
24	linux	34	·	·	·	PoC 6	linux kernel (34) · mac80211 (3) · kernel (1)	—
25	foxit	33	·	·	·	NEW	reader (33)	—
26	siemens	29	2	·	·	PoC 2	simatic hmi ktp mobile panels ktp400f firmware (7) · simatic hmi ktp mobile panels ktp700 firmware (7) · simatic hmi ktp mobile panels ktp700f firmware (7)	—
27	jetbrains	28	4	·	10	Nuclei 10	teamcity (14) · youtrack (4) · intellij idea (3)	—
28	unknown	28	1	·	28	NEWNuclei 28PoC 12	404 seo redirection (2) · all 404 redirect to homepage (1) · all-in-one addons for elementor – widgetkit (1)	—
29	ао «нтц ит роса»	28	12	·	·	NEWPoC 6	rosa virtualization (18) · rosa virtualization 3.0 (13) · роса кобальт (6)	—
30	ffmpeg	27	·	·	·	NEWPoC 10	ffmpeg (27)	—
31	gnu	27	1	·	·	PoC 10	libredwg (23) · binutils (1) · cflow (1)	—
32	ffmpeg team	26	·	·	·	NEWPoC 10	ffmpeg (26)	—
33	go	25	3	·	·	PoC 3	github.com/nats-io/nats-server/v2 (4) · github.com/dutchcoders/transfer.sh (2) · golang.org/x/net (2)	—
34	gnu general public license	22	6	·	8	NEWNuclei 8	exim (21) · gnu binutils (1)	—
35	exim	21	6	·	8	NEWNuclei 8	exim (21)	—
36	packagist	21	2	·	2	Nuclei 2PoC 7	drupal/core (5) · drupal/drupal (5) · shopware/shopware (2)	—
37	qualcomm	20	·	2	·	KEV 2	qbt2000 firmware (18) · pm6150l firmware (18) · qtm525 firmware (18)	—
38	qualcomm, inc.	20	·	2	·	KEV 2	snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (3) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon mobile (2) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (2)	—
39	ibm corp.	19	2	·	·	NEW	cognos analytics (10) · security guardium (6) · ibm security verify access docker (3)	—
40	schneider-electric	19	3	·	·		spacelynk firmware (9) · homelynk firmware (9) · tcm 4351b firmware (6)	—
41	fedora project	18	·	·	·	PoC 1	fedora (17) · 389 directory server (1)	—
42	wago	18	8	·	·	NEW	750-829 firmware (12) · 750-831 firmware (12) · 750-832 firmware (12)	—
43	mikrotik	16	·	·	·	NEWPoC 13	routeros (16)	—
44	codesys	15	6	·	·	NEWPoC 1	v2 web server (6) · development system (3) · runtime toolkit (3)	—
45	moxa inc.	14	8	·	·		nport iaw5250a-6i/o (10) · nport ia5450a (4) · nport ia5250a (4)	—
46	hp	13	2	·	1	Nuclei 1	integrated lights-out 5 (10) · integrated lights-out 4 (10) · laserjet mfp m436 w7u01a (1)	—
47	jenkins	13	1	·	·	PoC 4	xray - test management for jira (2) · s3 publisher (2) · p4 (2)	—
48	jenkins project	13	1	·	·	PoC 4	jenkins xray - test management for jira plugin (2) · jenkins p4 plugin (2) · jenkins s3 publisher plugin (2)	—
49	liferay	12	·	·	·	NEW	liferay portal (11) · dxp (10) · digital experience platform (5)	—
50	nagios	12	7	·	1	NEWNuclei 1PoC 12	fusion (11) · nagios xi (3)	—