Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')45,407BaseHigh
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')19,825BaseHigh
CWE-787Out-of-bounds Write14,313BaseHigh
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14,036ClassHigh
CWE-20Improper Input Validation12,659ClassHigh
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,259ClassHigh
CWE-352Cross-Site Request Forgery (CSRF)9,411CompoundMedium
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')9,398BaseHigh
CWE-125Out-of-bounds Read8,998Base-
CWE-862Missing Authorization8,582ClassHigh
CWE-416Use After Free7,812VariantHigh
CWE-94Improper Control of Generation of Code ('Code Injection')6,620BaseMedium
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')6,143BaseHigh
CWE-264CWE-2645,487--
CWE-284Improper Access Control5,418Pillar-
CWE-476NULL Pointer Dereference5,409BaseMedium
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')4,956ClassHigh
CWE-287Improper Authentication4,426ClassHigh
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')4,310BaseHigh
CWE-434Unrestricted Upload of File with Dangerous Type4,187BaseMedium
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')3,605ClassHigh
CWE-121Stack-based Buffer Overflow3,484VariantHigh
CWE-190Integer Overflow or Wraparound3,270BaseMedium
CWE-400Uncontrolled Resource Consumption3,217ClassHigh
CWE-863Incorrect Authorization3,215ClassHigh