See a 10-minute overview of the platform.


Vulnerability Statistics Report

The 2023

Vulnerability Statistics

Report is our 8th edition. It provides a


model of the most common weaknesses faced by organizations worldwide, enabling data-driven decisions to manage risks and exposures more effectively.
Vulnerability Stats Report


Here’s a look at the top vulnerabilities found so far this year. 

2023 Vulnerability Statistics Report

This year’s report delves into Risk Density, Mean Time to Remediate (MTTR) critical vulnerabilities, and the convergence of
management and penetration testing output. The report outlines the importance of visibility in controlling risks, as well as the need for patching and maintenance in protecting against known exploitables. Additionally, the report emphasizes the importance of Risk Based Vulnerability Management, taking into account asset criticality to prioritize risks, and the difference between compliance and security. Finally, the report provides insight into the most common vulnerabilities in the web application, API, and Device/Host layers and how to prioritize them for remediation.

Interesting Findings Include:

New in this report is the way Edgescan looks at prioritization and risk scores. Since Edgescan employs several risk prioritization scoring mechanisms we take a deeper look at the most common risks faced by organizations and look at correlation of the various risk scoring methodologies.

risk density graph - 2023 vulnerability stats report

We are still not getting the basics right; In 2022 we’ve observed many very basic vulnerabilities, many of which are commonly leveraged by cybercrime. Continuous assessment, validation & prioritization will make a huge difference to any organization’s cybersecurity posture. All vulnerabilities are not created equal, and we must focus on what matters to protect our respective organizations and businesses…

– Eoin Keary, CEO & Founder

Overview of the Edgescan Vulnerability Stats Report

Since 2015 Edgescan has annually produced the

Vulnerability Statistics

Report to provide a global snapshot of the overall state of cybersecurity. The report presents a by-the-numbers insight into trends and statistics looking back across a 12-month


set from the previous year, including cyber threats, data breaches, and cyber attacks. Every year the report provides a statistical model, that is presented using infographics and charts, of the most common weaknesses faced by enterprises to enable data-driven decisions for managing risks and exposures more effectively.

This yearly report has become a reliable source for approximating the global state of vulnerability management. This is exemplified by our unique dataset being part of the Verizon Data Breach Report (DBIR), which is the de facto standard for insights into the common drivers for incidents and breaches today.

Methodology of Data Collection


vulnerability data

analyzed for the Edgescan

Vulnerability Statistics

Report was collected from thousands of security assessments and penetration tests performed on millions of assets; this growing collection of intelligence is stored in our data lake and shared amongst the solutions that comprise the Edgescan Platform.

Vulnerability data

was sourced from over 250 companies of various sizes, Fortune 500 to medium and small businesses, across 30 industry verticals.
Vulnerability Stats Report History: were you can find past and detailed information on cyber security trends, high risk vulnerabilities, ransomware attacks, and specific cyber security critical vulnerability details.