In 2023, 28,981 CVEs were published throughout the year. This marked a 15% year-over-year increase from 2022, averaging approximately 80 vulnerabilities daily.
Our most visited CVE page for the year was cve.id/CVE-2023-5072, a Denial of Service vulnerability in JSON-Java. This flaw, discovered by ClusterFuzz, exploited a parser bug, allowing a small input string to trigger extensive memory usage. The severity remains high due to its potential impact on unpatched binaries. The issue has been fixed via this PR.
Top Vulnerability Types in 2023:
In 2023, the cybersecurity landscape witnessed a range of reported vulnerabilities, with the top five types identified by the number of CVEs. Cross-Site Scripting (XSS) led with 5,177 reported CVEs, followed by Memory Corruption with 2,794 instances. Execute Code vulnerabilities accounted for 2,578 CVEs, while Denial of Service (DoS) and SQL Injection vulnerabilities tallied 2,557 and 2,158 CVEs, respectively.
![Most popular vulnerability types in 2023](https://images.ctfassets.net/d7xw4w884tz2/5R9VJ1RuFwA4C6TIu6Kmo8/e47b5727f3780753b95645700d53952e/Group_384.png?w=1032&h=774&fit=fill)
Vendors with Most CVEs:
Google led with 1,749 CVEs, followed by Microsoft with 1,019 reported vulnerabilities. Adobe accounted for 669 CVEs, while Fedora and Apple recorded 502 and 477 CVEs, respectively.
![Vendors with the most CVEs 2023](https://images.ctfassets.net/d7xw4w884tz2/2q4qew2z0AEU9QBBWV5t17/ca9c03467a7a635c8e857ca2328189df/Group_383.png?w=1024&h=768&fit=fill)
Microsoft Software CVE Counts:
Microsoft Windows Server were all in the top spots for Microsoft software with the most CVE's published.
![Micorsoft software with the most CVEs](https://images.ctfassets.net/d7xw4w884tz2/2CH6DOIocXZKEW2eX1pgmF/15db83379c5c4c7a533fa4e005bbc5fd/Group_385.png?w=1032&h=774&fit=fill)
Apple Software CVE Counts:
MacOS (all versions) took out the top spot for Apple's top 5, with tvOS coming in 5th.
![Apple software with the most CVEs 2023](https://images.ctfassets.net/d7xw4w884tz2/1rSQoWQK1kIUZIpZxYtXyy/b2eefbc949a8770a2ceb971bd3f47a53/Group_386.png?w=1032&h=774&fit=fill)
Notable Data Breaches in 2023:
Darkbeam Breach:
Exposed 3.8 billion records.
Indian Council of Medical Research Breach:
Compromised 815 million records.
Twitter Breach:
Affected 220 million records.
MOVEit Breach:
Involved hundreds of millions of records.
As the number and impact of vulnerabilities and breaches continue to escalate, the importance of proactive defense mechanisms, collaboration across industries, and persistent vigilance against evolving threats cannot be overstated. As the world moves into 2024, these insights serve as crucial lessons in fortifying digital defenses to safeguard against ever-evolving cyber risks.