CVE Update Analysis Report

Analyzing update patterns and velocity across 318,228 CVE records

Key Statistics

Total CVEs 318,228
CVEs with Updates 301,901 94.87%
Never Updated 16,327 5.13%
Average Updates 1.77
Median Updates 1
Median Time to Update 1,268 days 3.5 years
Updated Within 30d 15.8% 47,625 CVEs
Max Updates 409

Update Distribution

Update Distribution

Distribution Table

Updates Count Percentage

Most Frequently Updated CVEs

The following CVEs have received the most updates since their initial publication:

Rank CVE ID CNA Updates Last Updated Update History
Top Updated CVEs

CVE Update Velocity Analysis

Analyzing time elapsed between CVE publication and metadata update (cveMetadata.dateUpdated) to understand response patterns and maintenance practices.

Update Velocity Statistics

CVEs with Time Data 301,671
Median Time to Update 1,268 days 3.5 years
Mean Time to Update 2,082 days 5.7 years
90th Percentile 5,966 days 16.3 years
Updated Within 24h 10.2% 30,642 CVEs
Updated Within 7d 14.1% 42,564 CVEs
Updated Within 30d 15.8% 47,625 CVEs
Updated Within 1y 26.4% 79,624 CVEs

Time-to-Update Distribution

Time to Update Distribution

Distribution of time elapsed from CVE publication to metadata update, showing response patterns across different time windows.

Longest Time to Metadata Update

These CVEs experienced the longest delays between publication and their most recent metadata update timestamp, providing insights into extended maintenance cycles:

Rank CVE ID CNA Published First Updated Time to Update Update History
1 CVE-1999-0035 mitre 1999-09-29 2025-10-20 26 years, 22 days View
2 CVE-1999-0159 mitre 1999-09-29 2025-08-27 25 years, 333 days View
3 CVE-1999-0468 mitre 1999-09-29 2025-08-25 25 years, 331 days View
4 CVE-1999-0012 mitre 1999-09-29 2025-04-09 25 years, 193 days View
5 CVE-1999-0011 mitre 1999-09-29 2025-04-09 25 years, 193 days View
6 CVE-1999-0472 mitre 1999-09-29 2025-03-17 25 years, 170 days View
7 CVE-1999-0103 mitre 1999-09-29 2025-03-17 25 years, 170 days View
8 CVE-1999-0016 mitre 1999-09-29 2025-03-17 25 years, 170 days View
9 CVE-1999-0532 mitre 2000-02-04 2025-03-17 25 years, 42 days View
10 CVE-1999-0524 mitre 2000-02-04 2025-03-17 25 years, 42 days View

Supporting Visualizations

Cumulative Distribution

Cumulative Distribution

Cumulative distribution showing the fraction of CVEs at or below each update count.

Commits Over Time

Commits Over Time

Monthly commit activity with 12-month rolling average.

Update Distribution (Log Scale)

Update Distribution Log Scale

Update frequency distribution on a logarithmic scale for better visibility of outliers.

Analysis Methodology

  • Analysis compares each CVE JSON file's internal cveMetadata.dateUpdated value with the latest Git commit timestamp for that file.
  • Default mode (FAST) uses an aggregated git log across the cves/ tree for speed; use --indepth for authoritative per-file history (slower).
  • A mismatch is only flagged when the internal dateUpdated is later than the latest Git commit by more than the configured tolerance (default 3600 seconds), or when an internal date exists but no Git history is found for a file.
  • Update frequency is defined as updates = max(0, totalGitCommits - 1), so 0 means the CVE JSON was created and never changed afterwards.

Technical Details

CVEs Analyzed
318,228
Scan Mode
FAST
Elapsed Time
61.92s
Date Tolerance
3600s
Date Mismatches
0