Red Hat has published their newest security risk report in which they present the vulnerabilties reported in 2018 using a four-point scale. The report is available as a PDF file: https://www.redhat.com/cms/managed-files/rh-2018-risk-report-overview-f16049wg-201902-en.pdf The trend in the reported CVEs since 2011 is shown in this graph:
I don't like graphs that don't start at zero in order to emphasize relatively tiny and insignificant differences. For all practical reasons, 1000 or 1200 vulnerabilities is the same thing. Mrk