FWIW, Ubuntu is a flavor of Debian, so technically Linux owns 40% of the Top 5.
Windows is a closed source OS. This isn’t a surprise.
Overall comment: This is a grossly ignorant article. It is based on a demonstrably false premise, that all vulnerabilities are of equal importance. That premise is clearly inaccurate as hell.
I did not see a statement in the article acknowledging what you mention, that Ubuntu is Debian with tweaks. The substantial overlap between the two knocks a hole in your argument summing the Debian percentage and the Ubuntu percentage. How many of the vulnerabilities counted twice are common between Debian and Ubuntu? Those should only count once, not twice, so I don't agree with your 40% figure. The truth has to be something less, but the article is useless to try to determine how much less.
Apologist articles like this have to be very carefully researched, thought out, and written, to avoid being crap. Doesn't matter whether it's Windows apologist, Mac apologist, Linux apologist, or anything else. Stating "X is not as bad as you thought" has to address the high likelihood that "what you thought" was actually based on a lot of accumulated facts. Without facts clearly proving that "what you thought" is actually wrong, it's just crap.
This article, sorry to say, is crap, from premise to conclusion, because it doesn't provide support for its conclusion. Whether its claim is true or false is almost beside the point (after all, who bloody cares? Every OS has vulnerabilities).