在进行程序分析时可能会想要知道哪些软件的漏洞更多,从而对已有的方法进行“回测”。本文提供了一个漏洞排行列表以供使用。
数据来源
CVE提供了非常多的软件漏洞列表,但是它非常难以进行检索,即使通过其在github仓库中开源的形式化列表,也会因为命名、编码等问题难以分类。
在网站CVEdetails中有一个页面可以按漏洞数量对Product进行排序,十分好用。这里对其进行收集,以供参考。
排行
总体排行
| Product Name | Vulnerabilities | Risk Score | C/C++ |
|---|---|---|---|
| Windows | 10k+ | F | - |
| Linux Kernel | 8102 | F | T |
| Android | 7570 | F | - |
| Chrome | 3632 | F | T |
| Firefox | 2804 | F | - |
| Thunderbird | 1505 | F | T |
| Mysql | 1297 | B | - |
| Gitlab | 1169 | F | - |
| JRE | 769 | F | F |
| Edge | 766 | F | - |
| JDK | 757 | F | F |
| Opensolaris | 659 | - | - |
| Imagemagick | 647 | F | T |
| Freebsd | 512 | F | T |
| Ffmpeg | 465 | F | T |
| Tensorflow | 431 | F | T |
| Qemu | 415 | F | T |
| Mariadb | 408 | F | T |
| Vm Virtualbox | 378 | C | T |
| Excel | 348 | F | - |
| Gpac | 346 | F | T |
| Http Server | 292 | F | T |
| Mysql Server | 268 | B | T |
| Drupal | 266 | C | F |
| Webkit | 258 | - | T |
| Openssl | 256 | F | T |
| Libtiff | 252 | D | T |
| Jenkins | 246 | F | F |
| Binutils | 243 | D | T |
| Tomcat | 223 | F | F |
| Magento | 222 | C | F |
| Exchange Server | 216 | F | - |
| Samba | 209 | F | T |
| VIM | 206 | C | T |
| Openbsd | 194 | B | T |
| Apq8098 Firmware | 193 | A | - |
| Liferay Portal | 184 | F | F |
| Bind | 180 | D | - |
| Node.js | 176 | D | F |
| Tcpdump | 172 | B | T |
| Netbsd | 168 | C | T |
| Glpi | 165 | F | F |
| Postgresql | 161 | F | T |
| Auto CAD | 158 | D | - |
| Dedecms | 154 | F | F |
| Discourse | 148 | F | F |
| Glibc | 145 | F | T |
| Openemr | 138 | F | F |
| Kerberos 5 | 137 | D | T |
| GO | 133 | F | F |
| Ghostscript | 126 | F | - |
| Graphicsmagick | 121 | C | - |
| Django | 120 | D | F |
| Openssh | 119 | F | T |
| Keycloak | 117 | F | F |
| Curl | 111 | C | T |
| Ethereal | 105 | - | T |
| Libming | 105 | F | T |
| Freerdp | 103 | D | T |
| Element Software | 98 | C | F |
| Libxml2 | 97 | F | T |
| Clamav | 92 | D | T |
| Libredwg | 87 | D | T |
| Gtkwave | 82 | B | T |
| Openjpeg | 82 | B | T |
| Checkmk | 81 | F | F |
| Misp | 78 | C | F |
| Openwrt | 75 | F | T |
| Libvirt | 74 | B | T |
| Libreoffice | 69 | C | T |
| Gnutls | 66 | C | T |
| Mupdf | 61 | D | T |
| Dotcms | 57 | F | F |
| Mongodb | 57 | B | T |
| Dovecot | 54 | B | T |
| Freeimage | 51 | D | T |
| Bitcoin Core | 51 | C | T |
| Xorg-server | 48 | C | T |
| U-boot | 43 | C | T |
| Nginx | 42 | F | T |
| Busybox | 41 | C | T |
| Grub2 | 39 | C | T |
| Bluez | 37 | C | T |
| Docker | 37 | - | F |
| Git | 36 | F | T |
C/C++软件
| Product Name | Vulnerabilities | Risk Score | C/C++ |
|---|---|---|---|
| Linux Kernel | 8102 | F | T |
| Chrome | 3632 | F | T |
| Thunderbird | 1505 | F | T |
| Imagemagick | 647 | F | T |
| Freebsd | 512 | F | T |
| Ffmpeg | 465 | F | T |
| Tensorflow | 431 | F | T |
| Qemu | 415 | F | T |
| Mariadb | 408 | F | T |
| Vm Virtualbox | 378 | C | T |
| Gpac | 346 | F | T |
| Http Server | 292 | F | T |
| Mysql Server | 268 | B | T |
| Webkit | 258 | - | T |
| Openssl | 256 | F | T |
| Libtiff | 252 | D | T |
| Binutils | 243 | D | T |
| Samba | 209 | F | T |
| VIM | 206 | C | T |
| Openbsd | 194 | B | T |
| Tcpdump | 172 | B | T |
| Netbsd | 168 | C | T |
| Postgresql | 161 | F | T |
| Glibc | 145 | F | T |
| Kerberos 5 | 137 | D | T |
| Openssh | 119 | F | T |
| Curl | 111 | C | T |
| Ethereal | 105 | - | T |
| Libming | 105 | F | T |
| Freerdp | 103 | D | T |
| Libxml2 | 97 | F | T |
| Clamav | 92 | D | T |
| Libredwg | 87 | D | T |
| Gtkwave | 82 | B | T |
| Openjpeg | 82 | B | T |
| Openwrt | 75 | F | T |
| Libvirt | 74 | B | T |
| Libreoffice | 69 | C | T |
| Gnutls | 66 | C | T |
| Mupdf | 61 | D | T |
| Mongodb | 57 | B | T |
| Dovecot | 54 | B | T |
| Freeimage | 51 | D | T |
| Bitcoin Core | 51 | C | T |
| Xorg-server | 48 | C | T |
| U-boot | 43 | C | T |
| Nginx | 42 | F | T |
| Busybox | 41 | C | T |
| Grub2 | 39 | C | T |
| Bluez | 37 | C | T |
| Git | 36 | F | T |