month report
December 2021
Data as of Jun 11, 2026, 06:05 UTCSnapshot v1 Sources CVEList V5+NVD+GHSA+CSAF+FSTEC BDU+CISA KEV+EPSS+Nuclei templates Methodology →
December 2021 closed with 2,520 published CVEs. 358 criticals, 20 added to CISA KEV (3 ransomware-linked). netgear led volume, mostly via rbr850 firmware. Top weakness class — CWE-79 (237 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
2,520
— MoM— YoY
Severity mix
358 / 883
critical / high
KEV added
20
3 ransomware-linked
Nuclei coverage
6.7%
169 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
1544.4
n=169
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
503
n=13
Weakness × Vendor
What's spreading where in December 2021
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS787Out-of-bounds Write77Command Injection89SQL Injection125Out-of-bounds Read22Path Traversal78OS Command Injection416Use After Free352CSRF20Improper Input Validationnetgear1789712google261712211сообщество свободного программного обеспечения625171185debian621161815microsoft corp6372ао «нппкт»217131155fedoraproject415261154ооо «русбитех-астра»122141152ао «концерн вниинс»2131175huawei57418microsoft23packagist23431132
Most discussed CVEs — December 2021
No CVE mentions in the news this month yet.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1netgear201 CVE
- #2google197 CVE
- #3сообщество свободного программного обеспечения117 CVE
- #4debian108 CVE
- #5microsoft96 CVE
- #6ао "нппкт"93 CVE
- #7fedoraproject90 CVE
- #8ооо «русбитех-астра»77 CVE
- #9unknown74 CVE
- #10ао «концерн вниинс»73 CVE
Top vendors
Ranked by distinct CVE count this period.
- 201 CVE47 critCVSS 7.7NEWNuclei 1PoC 1rbr850 firmware (89) · rbk852 firmware (88) · rbs850 firmware (88)
- 197 CVE7 critCVSS 7.0NEWKEV 2PoC 3android (159) · google chrome (36) · chrome (36)
- 117 CVE15 critCVSS 7.5NEWKEV 4Nuclei 4PoC 23debian gnu/linux (95) · linux (9) · vim (8)
- 108 CVE10 critCVSS 7.5NEWKEV 3Nuclei 4PoC 19debian linux (108)
- 96 CVE9 critCVSS 7.5NEWKEV 3Nuclei 1PoC 6windows server 2016 (30) · windows 10 version 2004 (30) · windows 10 2004 (30)
- 93 CVE7 critCVSS 7.6NEWKEV 2Nuclei 4PoC 12осон основа оnyx (93)
- 90 CVE6 critCVSS 7.6NEWKEV 2Nuclei 4PoC 18fedora (90) · sssd (1) · extra packages for enterprise linux (1)
- 77 CVE10 critCVSS 7.7NEWKEV 1Nuclei 2PoC 13astra linux special edition (77) · astra linux special edition для «эльбрус» (20) · astra linux common edition (4)
- 74 CVE10 critCVSS 6.5NEWNuclei 74PoC 41user registration, login form, user profile & membership – profilepress (formerly wp user avatar) (2) · get custom field values (2) · clickbank affiliate ads (2)
- 73 CVE5 critCVSS 7.6NEWKEV 1Nuclei 3PoC 7ос он «стрелец» (73)
- 69 CVE20 critCVSS 7.8NEWharmonyos (60) · emui (28) · magic ui (27)
- 63 CVE10 critCVSS 6.8NEWNuclei 5PoC 21yetiforce/yetiforce-crm (6) · showdoc/showdoc (6) · snipe/snipe-it (5)
- 55 CVE28 critCVSS 8.7NEWPoC 2rusqlite (7) · messagepack-rs (4) · ckb (3)
- 49 CVE4 critCVSS 7.9NEWKEV 2Nuclei 2PoC 3jt utilities (23) · jt open toolkit (23) · jttk (21)
- 42 CVE4 critCVSS 6.7NEWcognos analytics (7) · spectrum copy data management (7) · db2 for linux, unix and windows (5)
- 41 CVE6 critCVSS 7.0NEWKEV 2Nuclei 4PoC 2ред ос (41)
- 39 CVE8 critCVSS 8.2NEWPoC 11r-seenet (26) · wise-4060 (13) · wise-4010 (13)
- 39 CVECVSS 6.7NEWfortiweb (17) · fortinet fortiweb (15) · fortios (8)
- 37 CVE4 critCVSS 7.5NEWKEV 3Nuclei 2PoC 4red hat enterprise linux (22) · enterprise linux (9) · openshift application runtimes (6)
- 31 CVE4 critCVSS 7.5NEWKEV 1Nuclei 3PoC 5macos (25) · mac os x (24) · ios (8)
- 31 CVE5 critCVSS 7.8NEWKEV 2Nuclei 3PoC 5io.atomix:atomix (7) · org.ops4j.pax.logging:pax-logging-log4j2 (5) · org.apache.logging.log4j:log4j-core (4)
- 29 CVECVSS 5.9NEWpremiere rush (16) · adobe premiere rush (16) · dimension (6)
- 28 CVE2 critCVSS 6.8NEWNuclei 1PoC 1firefox (25) · thunderbird (20) · firefox esr (19)
- 27 CVE4 critCVSS 7.7NEWKEV 1Nuclei 2PoC 5oncommand insight (12) · h500e firmware (6) · h500s firmware (6)
- 26 CVECVSS 6.7NEWPoC 11r-seenet (26)
- 26 CVE5 critCVSS 7.1NEWPoC 8jsx-slack (2) · @backstage/plugin-scaffolder-backend (1) · comb (1)
- 26 CVE2 critCVSS 7.1NEWNuclei 1PoC 5numpy (4) · pyo (2) · lxml (1)
- 24 CVE16 critCVSS 8.5NEWNuclei 1PoC 12premierwave 2050 firmware (23) · premierwave 2050 (1)
- 22 CVECVSS 4.4NEWKEV 1gitlab (22) · gitlab runner (1)
- 22 CVECVSS 5.6NEWPoC 6gpac (22)
- 22 CVECVSS 7.8NEWmt7613 (20) · mt7613 firmware (20) · mt7615 (20)
- 20 CVE2 critCVSS 6.6NEWNuclei 2PoC 7http server (9) · zfs storage appliance kit (8) · communications cloud native core policy (6)
- 19 CVECVSS 7.6NEWPoC 2fedora (19)
- 19 CVE7 critCVSS 7.7NEWharmonyos (12) · emui (7) · magic ui (7)
- 18 CVECVSS 4.7NEWsamsung mobile devices (10) · samsung internet (2) · samsung pay (2)
- 18 CVE2 critCVSS 7.6NEWальт 8 сп (15) · альт сп 10 (4)
- 17 CVE6 critCVSS 8.1NEWKEV 3Nuclei 6PoC 4log4j (5) · http server (3) · apache log4j2 (3)
- 17 CVE4 critCVSS 7.5NEWNuclei 9PoC 2tew-827dru firmware (17)
- 15 CVE1 critCVSS 6.9NEWKEV 3Nuclei 2PoC 2opensuse leap (12) · opensuse tumbleweed (7) · suse package hub (4)
- 14 CVE5 critCVSS 8.0NEWKEV 2Nuclei 5PoC 2log4j (5) · http server (2) · sling commons messaging mail (1)
- 14 CVE5 critCVSS 8.4NEWKEV 3Nuclei 3PoC 3sma 400 firmware (10) · sma 410 firmware (10) · sonicwall sma100 (10)
- 13 CVECVSS 7.6NEWedwrc-2533gst2 firmware (6) · wrc-1167gst2a firmware (6) · wrc-1167gst2 firmware (6)
- 13 CVECVSS 6.8NEWelecom lan routers (8) · elecom routers (3) · elecom lan router (2)
- 13 CVECVSS 7.6NEWfortios (6) · fortiweb (3) · fortios-6k7k (3)
- 13 CVECVSS 7.1NEWKEV 1Nuclei 1PoC 1github.com/grafana/grafana (2) · github.com/opencontainers/runc (2) · github.com/foxcpp/maddy (1)
- 13 CVE4 critCVSS 9.2NEWKEV 1Nuclei 1PoC 2avalanche (10) · endpoint manager cloud services appliance (1) · ivanti cloud services appliance (1)
- 13 CVE3 critCVSS 6.8NEWNuclei 1PoC 23d visual enterprise viewer (3) · netweaver application server abap (2) · businessobjects business intelligence platform (1)
- 12 CVE5 critCVSS 8.7NEWPoC 8unitrends backup (12)
- 12 CVE2 critCVSS 6.5NEWNuclei 1PoC 1sap 3d visual enterprise viewer (3) · saf-t framework (1) · kyma (1)
- 11 CVE8 critCVSS 9.5NEWPoC 9dir-809 (8) · dir-809 firmware (8) · dir-2640-us firmware (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | netgear | 201 | 47 | · | 1 | NEWNuclei 1PoC 1 | rbr850 firmware (89) · rbk852 firmware (88) · rbs850 firmware (88) | — | |
| 2 | 197 | 7 | 2 | · | NEWKEV 2PoC 3 | android (159) · google chrome (36) · chrome (36) | — | ||
| 3 | сообщество свободного программного обеспечения | 117 | 15 | 4 | 4 | NEWKEV 4Nuclei 4PoC 23 | debian gnu/linux (95) · linux (9) · vim (8) | — | |
| 4 | debian | 108 | 10 | 3 | 4 | NEWKEV 3Nuclei 4PoC 19 | debian linux (108) | — | |
| 5 | microsoft | 96 | 9 | 3 | 1 | NEWKEV 3Nuclei 1PoC 6 | windows server 2016 (30) · windows 10 version 2004 (30) · windows 10 2004 (30) | — | |
| 6 | ао "нппкт" | 93 | 7 | 2 | 4 | NEWKEV 2Nuclei 4PoC 12 | осон основа оnyx (93) | — | |
| 7 | fedoraproject | 90 | 6 | 2 | 4 | NEWKEV 2Nuclei 4PoC 18 | fedora (90) · sssd (1) · extra packages for enterprise linux (1) | — | |
| 8 | ооо «русбитех-астра» | 77 | 10 | 1 | 2 | NEWKEV 1Nuclei 2PoC 13 | astra linux special edition (77) · astra linux special edition для «эльбрус» (20) · astra linux common edition (4) | — | |
| 9 | unknown | 74 | 10 | · | 74 | NEWNuclei 74PoC 41 | user registration, login form, user profile & membership – profilepress (formerly wp user avatar) (2) · get custom field values (2) · clickbank affiliate ads (2) | — | |
| 10 | ао «концерн вниинс» | 73 | 5 | 1 | 3 | NEWKEV 1Nuclei 3PoC 7 | ос он «стрелец» (73) | — | |
| 11 | huawei | 69 | 20 | · | · | NEW | harmonyos (60) · emui (28) · magic ui (27) | — | |
| 12 | packagist | 63 | 10 | · | 5 | NEWNuclei 5PoC 21 | yetiforce/yetiforce-crm (6) · showdoc/showdoc (6) · snipe/snipe-it (5) | — | |
| 13 | crates.io | 55 | 28 | · | · | NEWPoC 2 | rusqlite (7) · messagepack-rs (4) · ckb (3) | — | |
| 14 | siemens | 49 | 4 | 2 | 2 | NEWKEV 2Nuclei 2PoC 3 | jt utilities (23) · jt open toolkit (23) · jttk (21) | — | |
| 15 | ibm | 42 | 4 | · | · | NEW | cognos analytics (7) · spectrum copy data management (7) · db2 for linux, unix and windows (5) | — | |
| 16 | ооо «ред софт» | 41 | 6 | 2 | 4 | NEWKEV 2Nuclei 4PoC 2 | ред ос (41) | — | |
| 17 | advantech co., ltd | 39 | 8 | · | · | NEWPoC 11 | r-seenet (26) · wise-4060 (13) · wise-4010 (13) | — | |
| 18 | fortinet | 39 | · | · | · | NEW | fortiweb (17) · fortinet fortiweb (15) · fortios (8) | — | |
| 19 | redhat | 37 | 4 | 3 | 2 | NEWKEV 3Nuclei 2PoC 4 | red hat enterprise linux (22) · enterprise linux (9) · openshift application runtimes (6) | — | |
| 20 | apple | 31 | 4 | 1 | 3 | NEWKEV 1Nuclei 3PoC 5 | macos (25) · mac os x (24) · ios (8) | — | |
| 21 | maven | 31 | 5 | 2 | 3 | NEWKEV 2Nuclei 3PoC 5 | io.atomix:atomix (7) · org.ops4j.pax.logging:pax-logging-log4j2 (5) · org.apache.logging.log4j:log4j-core (4) | — | |
| 22 | adobe | 29 | · | · | · | NEW | premiere rush (16) · adobe premiere rush (16) · dimension (6) | — | |
| 23 | mozilla | 28 | 2 | · | 1 | NEWNuclei 1PoC 1 | firefox (25) · thunderbird (20) · firefox esr (19) | — | |
| 24 | netapp | 27 | 4 | 1 | 2 | NEWKEV 1Nuclei 2PoC 5 | oncommand insight (12) · h500e firmware (6) · h500s firmware (6) | — | |
| 25 | advantech | 26 | · | · | · | NEWPoC 11 | r-seenet (26) | — | |
| 26 | npm | 26 | 5 | · | · | NEWPoC 8 | jsx-slack (2) · @backstage/plugin-scaffolder-backend (1) · comb (1) | — | |
| 27 | pypi | 26 | 2 | · | 1 | NEWNuclei 1PoC 5 | numpy (4) · pyo (2) · lxml (1) | — | |
| 28 | lantronix | 24 | 16 | · | 1 | NEWNuclei 1PoC 12 | premierwave 2050 firmware (23) · premierwave 2050 (1) | — | |
| 29 | gitlab | 22 | · | 1 | · | NEWKEV 1 | gitlab (22) · gitlab runner (1) | — | |
| 30 | gpac | 22 | · | · | · | NEWPoC 6 | gpac (22) | — | |
| 31 | mediatek inc. | 22 | · | · | · | NEW | mt7613 (20) · mt7613 firmware (20) · mt7615 (20) | — | |
| 32 | oracle | 20 | 2 | · | 2 | NEWNuclei 2PoC 7 | http server (9) · zfs storage appliance kit (8) · communications cloud native core policy (6) | — | |
| 33 | fedora project | 19 | · | · | · | NEWPoC 2 | fedora (19) | — | |
| 34 | huawei technologies co., ltd. | 19 | 7 | · | · | NEW | harmonyos (12) · emui (7) · magic ui (7) | — | |
| 35 | samsung mobile | 18 | · | · | · | NEW | samsung mobile devices (10) · samsung internet (2) · samsung pay (2) | — | |
| 36 | ао «ивк» | 18 | 2 | · | · | NEW | альт 8 сп (15) · альт сп 10 (4) | — | |
| 37 | apache software foundation | 17 | 6 | 3 | 6 | NEWKEV 3Nuclei 6PoC 4 | log4j (5) · http server (3) · apache log4j2 (3) | — | |
| 38 | trendnet | 17 | 4 | · | 9 | NEWNuclei 9PoC 2 | tew-827dru firmware (17) | — | |
| 39 | novell inc. | 15 | 1 | 3 | 2 | NEWKEV 3Nuclei 2PoC 2 | opensuse leap (12) · opensuse tumbleweed (7) · suse package hub (4) | — | |
| 40 | apache | 14 | 5 | 2 | 5 | NEWKEV 2Nuclei 5PoC 2 | log4j (5) · http server (2) · sling commons messaging mail (1) | — | |
| 41 | sonicwall | 14 | 5 | 3 | 3 | NEWKEV 3Nuclei 3PoC 3 | sma 400 firmware (10) · sma 410 firmware (10) · sonicwall sma100 (10) | — | |
| 42 | elecom | 13 | · | · | · | NEW | edwrc-2533gst2 firmware (6) · wrc-1167gst2a firmware (6) · wrc-1167gst2 firmware (6) | — | |
| 43 | elecom co.,ltd. | 13 | · | · | · | NEW | elecom lan routers (8) · elecom routers (3) · elecom lan router (2) | — | |
| 44 | fortinet inc. | 13 | · | · | · | NEW | fortios (6) · fortiweb (3) · fortios-6k7k (3) | — | |
| 45 | go | 13 | · | 1 | 1 | NEWKEV 1Nuclei 1PoC 1 | github.com/grafana/grafana (2) · github.com/opencontainers/runc (2) · github.com/foxcpp/maddy (1) | — | |
| 46 | ivanti | 13 | 4 | 1 | 1 | NEWKEV 1Nuclei 1PoC 2 | avalanche (10) · endpoint manager cloud services appliance (1) · ivanti cloud services appliance (1) | — | |
| 47 | sap | 13 | 3 | · | 1 | NEWNuclei 1PoC 2 | 3d visual enterprise viewer (3) · netweaver application server abap (2) · businessobjects business intelligence platform (1) | — | |
| 48 | kaseya | 12 | 5 | · | · | NEWPoC 8 | unitrends backup (12) | — | |
| 49 | sap se | 12 | 2 | · | 1 | NEWNuclei 1PoC 1 | sap 3d visual enterprise viewer (3) · saf-t framework (1) · kyma (1) | — | |
| 50 | dlink | 11 | 8 | · | · | NEWPoC 9 | dir-809 (8) · dir-809 firmware (8) · dir-2640-us firmware (3) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- OSS Libraries364 CVE80 crit8 KEV95 vendorsCVSS 8.8gpac (22) · rusqlite (7) · wolfmqtt (7)
- Operating Systems361 CVE206 crit135 KEV36 vendorsCVSS 7.8fedora (109) · debian linux (108) · debian gnu/linux (95)
- Networking Infrastructure350 CVE1,509 crit131 KEV44 vendorsCVSS 9.8rbr850 firmware (89) · rbk852 firmware (88) · rbr850 (88)
- Mobile Apps309 CVE53 crit5 KEV9 vendorsCVSS 7.4android (167) · harmonyos (60) · chrome (36)
- Enterprise Software295 CVE194 crit131 KEV90 vendorsCVSS 8.2oncommand insight (12) · unitrends backup (12) · cognos analytics (7)
- Web & CMS Plugins226 CVE63 crit7 KEV127 vendorsCVSS 7.5crafter cms (16) · log4j (10) · ifme (8)
- ICS / OT / IoT166 CVE118 crit50 vendorsCVSS 9.1r-seenet (26) · wise-4010 (13) · wise-4050 (13)
- Security Products120 CVE12 crit2 KEV38 vendorsCVSS 8.3fortiweb (17) · fortinet fortiweb (15) · avalanche (10)
- Consumer Software101 CVE12 crit27 vendorsCVSS 7.8adobe premiere rush (16) · premiere rush (16) · dimension (12)
- DevTools & CI55 CVE6 crit2 KEV20 vendorsCVSS 8.6gitlab (23) · tuleap (2) · git-it (1)
- Communications54 CVE15 crit37 vendorsCVSS 7.6live helper chat (10) · livehelperchat/livehelperchat (10) · mattermost (3)
- Cloud & SaaS50 CVE13 crit2 KEV30 vendorsCVSS 9.2thinfinity virtualui (3) · visa tokenisation service (vts) (3) · elabftw (2)
- Databases37 CVE12 crit12 vendorsCVSS 7.4http server (9) · zfs storage appliance kit (8) · communications cloud native core binding support function (6)
- Hardware Firmware27 CVE35 crit25 KEV24 vendorsCVSS 8.8surveillance station (3) · cloud manager (2) · nova 360 cabinet firmware (2)
- AI / ML11 CVE3 crit1 KEV7 vendorsCVSS 8.1longhorn (2) · tremor-script (2) · besu (1)
- Unclassified126 CVE30 crit2 KEV78 vendorsCVSS 7.6atomix (7) · ос тд аис фссп россии (6) · reprise license manager (5)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| OSS Libraries▸ 10 | 364 | 80 | 8 | 95 | 252 | 8.8 | gpac (22) · rusqlite (7) · wolfmqtt (7) |
| Operating Systems▸ 5 | 361 | 206 | 135 | 36 | 369 | 7.8 | fedora (109) · debian linux (108) · debian gnu/linux (95) |
| Networking Infrastructure▸ 6 | 350 | 1,509 | 131 | 44 | 612 | 9.8 | rbr850 firmware (89) · rbk852 firmware (88) · rbr850 (88) |
| Mobile Apps▸ 3 | 309 | 53 | 5 | 9 | 47 | 7.4 | android (167) · harmonyos (60) · chrome (36) |
| Enterprise Software▸ 7 | 295 | 194 | 131 | 90 | 309 | 8.2 | oncommand insight (12) · unitrends backup (12) · cognos analytics (7) |
| Web & CMS Plugins▸ 6 | 226 | 63 | 7 | 127 | 159 | 7.5 | crafter cms (16) · log4j (10) · ifme (8) |
| ICS / OT / IoT▸ 6 | 166 | 118 | · | 50 | 307 | 9.1 | r-seenet (26) · wise-4010 (13) · wise-4050 (13) |
| Security Products▸ 6 | 120 | 12 | 2 | 38 | 121 | 8.3 | fortiweb (17) · fortinet fortiweb (15) · avalanche (10) |
| Consumer Software▸ 5 | 101 | 12 | · | 27 | 53 | 7.8 | adobe premiere rush (16) · premiere rush (16) · dimension (12) |
| DevTools & CI▸ 5 | 55 | 6 | 2 | 20 | 21 | 8.6 | gitlab (23) · tuleap (2) · git-it (1) |
| Communications▸ 4 | 54 | 15 | · | 37 | 65 | 7.6 | live helper chat (10) · livehelperchat/livehelperchat (10) · mattermost (3) |
| Cloud & SaaS▸ 5 | 50 | 13 | 2 | 30 | 50 | 9.2 | thinfinity virtualui (3) · visa tokenisation service (vts) (3) · elabftw (2) |
| Databases▸ 4 | 37 | 12 | · | 12 | 170 | 7.4 | http server (9) · zfs storage appliance kit (8) · communications cloud native core binding support function (6) |
| Hardware Firmware▸ 5 | 27 | 35 | 25 | 24 | 166 | 8.8 | surveillance station (3) · cloud manager (2) · nova 360 cabinet firmware (2) |
| AI / ML▸ 2 | 11 | 3 | 1 | 7 | 10 | 8.1 | longhorn (2) · tremor-script (2) · besu (1) |
| Unclassified | 126 | 30 | 2 | 78 | 84 | 7.6 | atomix (7) · ос тд аис фссп россии (6) · reprise license manager (5) |
Weakness × Sector
Which weaknesses hit which solution categories in December 2021
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.
79XSS787Out-of-bounds Write77Command Injection89SQL Injection125Out-of-bounds Read22Path Traversal78OS Command Injection416Use After Free352CSRF20Improper Input ValidationOperating Systems14653367233124Networking Infrastructure25329812122833OSS Libraries3848447116231815Web & CMS Plugins10113728293Enterprise Software487221251129ICS / OT / IoT10261261691535Consumer Software93121121816Security Products992722413Communications1741224353Hardware Firmware6151121213