Vulnerability statistics

Live from the Stateward advisory database. Updated continuously.

Headline

Advisories tracked: 18,492
Indexed pages: 16,570
Exploited in the wild (CISA KEV): 401 (2.2%)
Tied to ransomware: 0
With EPSS score: 13,187
High exploit probability (EPSS ≥ 50%): 267
Curated deep-dives: 284

By ecosystem

npm: 2,505
Packagist: 2,500
crates.io: 2,497
Go: 2,496
Maven: 2,496
NuGet: 2,495
PyPI: 2,465
RubyGems: 792
Web3 · Ethereum: 42
Web app: 13
Web3 · CEX: 11
API: 7

Most common weakness types (CWE)

CWE-200 — 43
CWE-522 — 38
CWE-506 — 35
CWE-345 — 28
CWE-94 — 21
CWE-284 — 18
CWE-862 — 14
CWE-1390 — 14
CWE-682 — 13
CWE-306 — 13
CWE-829 — 12
CWE-20 — 11
CWE-1188 — 11
CWE-841 — 10
CWE-798 — 10

Most-vulnerable packages

npm/openclaw — 203
Packagist/wwbn/avideo — 128
NuGet/Magick.NET-Q16-AnyCPU — 121
NuGet/Magick.NET-Q16-HDRI-AnyCPU — 121
NuGet/Magick.NET-Q8-AnyCPU — 121
NuGet/Magick.NET-Q16-HDRI-x86 — 120
NuGet/Magick.NET-Q16-x86 — 119
NuGet/Magick.NET-Q8-x86 — 119
NuGet/Magick.NET-Q16-HDRI-OpenMP-arm64 — 118
NuGet/Magick.NET-Q16-HDRI-x64 — 118
NuGet/Magick.NET-Q16-OpenMP-arm64 — 118
NuGet/Magick.NET-Q16-OpenMP-x64 — 118
NuGet/Magick.NET-Q16-arm64 — 118
NuGet/Magick.NET-Q16-HDRI-arm64 — 117
NuGet/Magick.NET-Q8-OpenMP-arm64 — 117
NuGet/Magick.NET-Q8-arm64 — 117
NuGet/Magick.NET-Q8-OpenMP-x64 — 114
NuGet/Magick.NET-Q16-x64 — 113
NuGet/Magick.NET-Q8-x64 — 111
Go/github.com/mattermost/mattermost-server — 107

Highest exploit probability right now (EPSS)

CVE-2024-23897 — 100.0% · Maven/org.jenkins-ci.main:jenkins-core
CVE-2023-44487 — 100.0% · Maven/org.apache.tomcat:tomcat-coyote
CVE-2023-44487 — 100.0% · Maven/org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-44487 — 100.0% · Maven/org.eclipse.jetty.http2:http2-common
CVE-2023-44487 — 100.0% · Maven/org.eclipse.jetty.http2:http2-server
CVE-2023-44487 — 100.0% · Maven/org.eclipse.jetty.http2:jetty-http2-common
CVE-2023-44487 — 100.0% · Maven/org.eclipse.jetty.http2:jetty-http2-server
CVE-2023-44487 — 100.0% · Maven/com.typesafe.akka:akka-http-core
CVE-2023-44487 — 100.0% · Maven/com.typesafe.akka:akka-http-core_2.13
CVE-2023-44487 — 100.0% · Maven/com.typesafe.akka:akka-http-core_2.12
CVE-2023-44487 — 100.0% · Maven/com.typesafe.akka:akka-http-core_2.11
CVE-2023-44487 — 100.0% · Go/golang.org/x/net
CVE-2017-9841 — 100.0% · Packagist/phpunit/phpunit
CVE-2021-44228 — 100.0% · Maven/org.apache.logging.log4j:log4j-core
CVE-2021-44228 — 100.0% · Maven/com.guicedee.services:log4j-core

These numbers come from the same engine that reviews your code.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.