Common Weakness Enumeration (CWE)

1,006 CWEs

CWENameCVEsAbstractionLikelihoodDetails
CWE-209Generation of Error Message Containing Sensitive Information571BaseHigh
CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)560VariantHigh
CWE-613Insufficient Session Expiration560Base-
CWE-1321Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')525Variant-
CWE-311Missing Encryption of Sensitive Data511ClassHigh
CWE-73External Control of File Name or Path499BaseHigh
CWE-191Integer Underflow (Wrap or Wraparound)485Base-
CWE-552Files or Directories Accessible to External Parties479Base-
CWE-116Improper Encoding or Escaping of Output468ClassHigh
CWE-772Missing Release of Resource after Effective Lifetime467BaseHigh
CWE-126Buffer Over-read460Variant-
CWE-369Divide By Zero455BaseMedium
CWE-674Uncontrolled Recursion452Class-
CWE-326Inadequate Encryption Strength451Class-
CWE-428Unquoted Search Path or Element450Base-
CWE-23Relative Path Traversal448Base-
CWE-1333Inefficient Regular Expression Complexity444BaseHigh
CWE-254CWE-254413--
CWE-384Session Fixation412Compound-
CWE-1021Improper Restriction of Rendered UI Layers or Frames398Base-
CWE-134Use of Externally-Controlled Format String392BaseHigh
CWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')382Base-
CWE-330Use of Insufficiently Random Values379ClassHigh
CWE-922Insecure Storage of Sensitive Information373Class-
CWE-201Insertion of Sensitive Information Into Sent Data357Base-