Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-131Incorrect Calculation of Buffer Size205BaseHigh
CWE-917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')204Base-
CWE-822Untrusted Pointer Dereference203Base-
CWE-457Use of Uninitialized Variable202VariantHigh
CWE-338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)196BaseMedium
CWE-259Use of Hard-coded Password194VariantHigh
CWE-359Exposure of Private Personal Information to an Unauthorized Actor193Base-
CWE-459Incomplete Cleanup191Base-
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')187Base-
CWE-1336Improper Neutralization of Special Elements Used in a Template Engine186Base-
CWE-789Memory Allocation with Excessive Size Value177Variant-
CWE-749Exposed Dangerous Method or Function175BaseLow
CWE-252Unchecked Return Value173BaseLow
CWE-35Path Traversal: '.../...//'172Variant-
CWE-354Improper Validation of Integrity Check Value168BaseMedium
CWE-17CWE-17166--
CWE-204Observable Response Discrepancy164Base-
CWE-697Incorrect Comparison158Pillar-
CWE-208Observable Timing Discrepancy154Base-
CWE-280Improper Handling of Insufficient Permissions or Privileges154Base-
CWE-61UNIX Symbolic Link (Symlink) Following153CompoundHigh
CWE-305Authentication Bypass by Primary Weakness153Base-
CWE-184Incomplete List of Disallowed Inputs152Base-
CWE-703Improper Check or Handling of Exceptional Conditions151Pillar-
CWE-788Access of Memory Location After End of Buffer147Base-