CVE Update Analysis Report

Analyzing update patterns and velocity across 318,368 CVE records

Key Statistics

Total CVEs 318,368
CVEs with Updates 302,096 94.89%
Never Updated 16,272 5.11%
Average Updates 1.77
Median Updates 1
Median Time to Update 1,265 days 3.5 years
Updated Within 30d 15.8% 47,815 CVEs
Max Updates 557

Update Distribution

Update Distribution

Distribution Table

Updates Count Percentage

Most Frequently Updated CVEs

The following CVEs have received the most updates since their initial publication:

Rank CVE ID CNA Updates Last Updated Update History
Top Updated CVEs

CVE Update Velocity Analysis

Analyzing time elapsed between CVE publication and metadata update (cveMetadata.dateUpdated) to understand response patterns and maintenance practices.

Update Velocity Statistics

CVEs with Time Data 301,866
Median Time to Update 1,265 days 3.5 years
Mean Time to Update 2,081 days 5.7 years
90th Percentile 5,965 days 16.3 years
Updated Within 24h 10.2% 30,712 CVEs
Updated Within 7d 14.2% 42,746 CVEs
Updated Within 30d 15.8% 47,815 CVEs
Updated Within 1y 26.4% 79,818 CVEs

Time-to-Update Distribution

Time to Update Distribution

Distribution of time elapsed from CVE publication to metadata update, showing response patterns across different time windows.

Longest Time to Metadata Update

These CVEs experienced the longest delays between publication and their most recent metadata update timestamp, providing insights into extended maintenance cycles:

Rank CVE ID CNA Published First Updated Time to Update Update History
1 CVE-1999-0035 mitre 1999-09-29 2025-10-20 26 years, 22 days View
2 CVE-1999-0159 mitre 1999-09-29 2025-08-27 25 years, 333 days View
3 CVE-1999-0468 mitre 1999-09-29 2025-08-25 25 years, 331 days View
4 CVE-1999-0012 mitre 1999-09-29 2025-04-09 25 years, 193 days View
5 CVE-1999-0011 mitre 1999-09-29 2025-04-09 25 years, 193 days View
6 CVE-1999-0472 mitre 1999-09-29 2025-03-17 25 years, 170 days View
7 CVE-1999-0103 mitre 1999-09-29 2025-03-17 25 years, 170 days View
8 CVE-1999-0016 mitre 1999-09-29 2025-03-17 25 years, 170 days View
9 CVE-1999-0532 mitre 2000-02-04 2025-03-17 25 years, 42 days View
10 CVE-1999-0524 mitre 2000-02-04 2025-03-17 25 years, 42 days View

Supporting Visualizations

Cumulative Distribution

Cumulative Distribution

Cumulative distribution showing the fraction of CVEs at or below each update count.

Commits Over Time

Commits Over Time

Monthly commit activity with 12-month rolling average.

Update Distribution (Log Scale)

Update Distribution Log Scale

Update frequency distribution on a logarithmic scale for better visibility of outliers.

Analysis Methodology

  • Analysis compares each CVE JSON file's internal cveMetadata.dateUpdated value with the latest Git commit timestamp for that file.
  • Default mode (FAST) uses an aggregated git log across the cves/ tree for speed; use --indepth for authoritative per-file history (slower).
  • A mismatch is only flagged when the internal dateUpdated is later than the latest Git commit by more than the configured tolerance (default 3600 seconds), or when an internal date exists but no Git history is found for a file.
  • Update frequency is defined as updates = max(0, totalGitCommits - 1), so 0 means the CVE JSON was created and never changed afterwards.

Technical Details

CVEs Analyzed
318,368
Scan Mode
FAST
Elapsed Time
61.25s
Date Tolerance
3600s
Date Mismatches
0