In 2012, there were 5,291 vulnerabilities documented by security researchers and software firms. In reality, the exact number of vulnerabilities reported in different databases each year varies widely — by as much as 75 percent in 2012. Two security professionals plan to outline problems with vulnerability data at Black Hat in Las Vegas later this summer. The impact of the uncertainty in vulnerability statistics goes beyond just the cybercliques of bug hunters, security researchers, and data scientists. The most popular method of assigning a severity to each vulnerability has major issues of its own.”]
Source: https://www.darkreading.com/application-security/don-t-take-vulnerability-counts-at-face-value