There were 16,738 newly-disclosed vulnerabilities during the first three quarters of 2019.
According to the RiskBased Security Vulnerability QuickView Report 2019 Q3 trends, there were 5,970 more vulnerabilities than CVE/NVD during the same period. In addition, 15 percent of 2019 vulnerabilities with a CVE ID were in "RESERVED" status at the end of September, which means details about the vulnerabilities had not been disclosed yet.
Forty-eight percent of all vulnerabilities identified by the end of September had a CVSSv2 (vulnerability metric) score of 6.0 and above and 39 percent of all vulnerabilities identified by end of September had available exploit code or a proof of concept (PoC).
| New Rank | Old Rank | 2019 Totals | 2018 Totals | |
| Oracle | 1 | 3 | 969 | 1247 |
| 2 | 4 | 945 | 977 | |
| SUSE | 3 | 1 | 812 | 1259 |
| SITPI | 4 | 2 | 805 | 1254 |
| Red Hat | 5 | 6 | 757 | 951 |
| IBM | 6 | 9 | 736 | 626 |
| Canonical | 7 | 7 | 655 | 903 |
| Samsung | 8 | 5 | 614 | 972 |
| Microsoft | 9 | 10 | 485 | 434 |
| Cisco | 10 | 10+ | 390 | 405 |
