The security advisory, called a critical patch update, was issued Thursday. It lists the versions of affected software and recommends, in no uncertain terms, that customers using them get started on the fixes because unpatched software can leave companies vulnerable to hackers.
This massive update almost breaks the record for the number of vulnerabilities the company has addressed at one time. That distinction belongs to Oracle’s July 2015 update that listed 276 fixes, according to security site Threatpost.
In the update, Oracle issued a stern call to action, saying it still hears about malicious attempts to exploit vulnerabilities that should have been patched already by companies. In addition to it database software, the company said there are vulnerabilities in its to Weblogic Server software and Oracle Fusion middleware, which is basically software glue that connects different systems together.
Vulnerabilities can range in severity. Really bad flaws, if found and exploited, can lead to data loss or tampering. Obviously not a good thing and which is why software companies need to continually update their products.
From the Oracle (ORCL) statement:
In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.”
Earlier this week, during a press event announcing new Oracle cloud products and services, company co-chief executive Mark Hurd noted that most Oracle customers are 13 months behind in patching their software. Oracle issues the quarterly patch updates in January, April, July, and October.
Get Data Sheet, Fortune’s daily tech newsletter.
Hurd, like other tech executives, now maintain that moving key business applications—like databases—to a cloud deployment model actually boosts security.
For more on cybersecurity, watch this video:
“We see all sorts of attacks, we patch all the time. All of our security is in our cloud,” he noted.
The thinking is that cloud providers, which focus on running and maintaining computing infrastructure for customers, will handle software updates and fixes better than individual companies do on their own. Google enterprise vice president Diane Greene and others have made the same argument.