About this Visualization

This visualization displays information on software platforms with former or still existing security vulnerabilities that are described in the Exploit Database. The listed exploits were collected between March 23, 2003 and September 17, 2014.

Top exploited platforms

Platform counts


Exploit type counts

The Exploit Database categorizes exploits based on the targeted software/hardware into different types like dos, local, remote and webapps.

Exploit file counts

Exploits are either programs or textual descriptions on how to perform the exploit and are broken down into languages or file types of exploit files.


Circle size indicates the number of exploits for that platform.

  • Click on a circle to show bar charts for types and source files.
  • Zoom the spiral with the mousewheel while the mouse is over a node.
  • Click and hold while over a node to drag the spiral with the mouse.

Which Software Platforms are Exploited the Most

The Exploit Database is an archive of exploits of vulnerable software, that collects data from user submissions and mailing lists and offers an interface to search and browse exploits by platforms, types and authors.

This visualization focuses on the platforms being exploited. Each circle in the spiral on the left represents one platform, the bigger the circle the more exploits exist for that platform. The number of exploits for the most affected platforms is also displayed in the bar chart on the right.

You can click on a circle in the spiral to show bar charts for exploit types and source files for the corresponding platform on the right side.

A few thoughts on PHP

PHP is clearly the most favoured platform by hackers, almost all PHP exploits target the webapp type and most of them are described in plain text files for the rest Perl followed by PHP are the top languages used for scripting PHP exploits.

Among the reasons for that popularity are certainly PHP's wide spread support by hosting providers and the existence of many free and easy to install systems for building and running dynamic web applications. Moreover, these numbers are consistent with PHP's bad reputation considering code quality and developer experience, which doesn't imply causation.


The raw exploit counts show past hacker preferences for exploiting different platforms, but taken by themselves we can just guess why some platform are targeted more often than others.

To get further insights one could correlate these data with actual platform usage statistics and display the distribution of platforms over time.


This visualization was created with the JavaScript library D3 using a pack layout based on the D3 bubble example. Other articles/tutorials I found helpful include Building a Bubble Cloud by Jim Vallandingham, A Bar Chart, Part 1 by Mike Bostock and Making a bar chart by Scott Murray.

The Python script I wrote to preprocess the data and generate a JSON document well-suited for D3 is available in this repository on GitHub.