Weakness Catalog
VULNERABILITIES BY
CWE TYPE
Browse vulnerabilities organized by Common Weakness Enumeration (CWE) type. Click on a CWE to see all associated CVEs.
| CWE ID | Weakness Name | Total CVEs | Critical | In KEV | |
|---|---|---|---|---|---|
| CWE-79 | Cross-site Scripting (XSS) | 241 | 4 | — | |
| CWE-89 | SQL Injection | 163 | 9 | — | |
| CWE-862 | — | 153 | 8 | — | |
| CWE-74 | Injection | 117 | — | — | |
| CWE-94 | Code Injection | 91 | 13 | — | |
| CWE-78 | OS Command Injection | 85 | 38 | — | |
| CWE-22 | Path Traversal | 73 | 7 | — | |
| CWE-787 | Out-of-bounds Write | 72 | 8 | — | |
| CWE-77 | Command Injection | 68 | 30 | — | |
| CWE-119 | Buffer Overflow | 63 | 3 | — | |
| CWE-918 | Server-Side Request Forgery (SSRF) | 62 | 6 | — | |
| CWE-284 | Improper Access Control | 52 | 5 | — | |
| CWE-121 | — | 43 | 3 | — | |
| CWE-416 | Use After Free | 41 | 2 | — | |
| CWE-190 | Integer Overflow | 40 | 1 | — | |
| CWE-122 | — | 40 | 3 | — | |
| CWE-352 | Cross-Site Request Forgery (CSRF) | 36 | — | — | |
| CWE-125 | Out-of-bounds Read | 35 | 1 | — | |
| CWE-120 | — | 33 | 1 | — | |
| CWE-639 | — | 33 | — | — | |
| CWE-863 | — | 32 | 2 | — | |
| CWE-306 | Missing Authentication | 31 | 6 | — | |
| CWE-200 | Information Exposure | 29 | — | — | |
| CWE-434 | Unrestricted File Upload | 27 | 8 | — | |
| CWE-502 | Deserialization of Untrusted Data | 25 | 3 | — | |
| CWE-20 | Improper Input Validation | 23 | 5 | — | |
| CWE-287 | Improper Authentication | 22 | 3 | — | |
| CWE-770 | — | 20 | 1 | — | |
| CWE-400 | Resource Exhaustion | 17 | — | — | |
| CWE-285 | — | 17 | — | — | |
| CWE-321 | — | 16 | — | — | |
| CWE-73 | — | 14 | 2 | — | |
| CWE-98 | — | 13 | 1 | — | |
| CWE-362 | Race Condition | 13 | — | — | |
| CWE-320 | — | 12 | — | — | |
| CWE-266 | — | 11 | 1 | — | |
| CWE-269 | Improper Privilege Management | 11 | 2 | — | |
| CWE-601 | Open Redirect | 11 | — | — | |
| CWE-427 | — | 10 | 1 | — | |
| CWE-295 | — | 10 | 1 | — | |
| CWE-201 | — | 10 | — | — | |
| CWE-428 | — | 9 | — | — | |
| CWE-80 | — | 9 | — | — | |
| CWE-522 | — | 8 | — | — | |
| CWE-340 | — | 8 | — | — | |
| CWE-497 | — | 8 | — | — | |
| CWE-843 | — | 8 | — | — | |
| CWE-674 | — | 7 | — | — | |
| CWE-669 | — | 7 | — | — | |
| CWE-191 | — | 7 | — | — | |
| CWE-829 | — | 7 | 2 | — | |
| CWE-693 | — | 7 | 1 | — | |
| CWE-319 | — | 7 | — | — | |
| CWE-532 | — | 7 | — | — | |
| CWE-367 | — | 7 | — | — | |
| CWE-476 | NULL Pointer Dereference | 6 | — | — | |
| CWE-288 | — | 6 | — | — | |
| CWE-338 | — | 6 | — | — | |
| CWE-93 | — | 6 | — | — | |
| CWE-184 | — | 6 | 2 | — | |
| CWE-347 | — | 6 | — | — | |
| CWE-327 | Broken Cryptography | 5 | — | — | |
| CWE-193 | — | 5 | — | — | |
| CWE-307 | — | 5 | 1 | — | |
| CWE-1336 | — | 5 | — | — | |
| CWE-346 | — | 5 | — | — | |
| CWE-1333 | — | 5 | 1 | — | |
| CWE-670 | — | 5 | — | — | |
| CWE-835 | — | 5 | — | — | |
| CWE-668 | — | 5 | — | — | |
| CWE-798 | Hard-coded Credentials | 5 | — | — | |
| CWE-538 | — | 4 | — | — | |
| CWE-59 | — | 4 | — | — | |
| CWE-116 | — | 4 | — | — | |
| CWE-915 | — | 4 | 1 | — | |
| CWE-61 | — | 4 | — | — | |
| CWE-942 | — | 4 | — | — | |
| CWE-23 | — | 4 | — | — | |
| CWE-88 | — | 4 | — | — | |
| CWE-611 | XXE (XML External Entity) | 4 | 1 | — | |
| CWE-415 | — | 4 | 1 | — | |
| CWE-494 | — | 3 | — | — | |
| CWE-472 | — | 3 | — | — | |
| CWE-131 | — | 3 | 2 | — | |
| CWE-1289 | — | 3 | 1 | — | |
| CWE-129 | — | 3 | 1 | — | |
| CWE-209 | — | 3 | — | — | |
| CWE-1188 | — | 3 | 1 | — | |
| CWE-732 | Incorrect Permission Assignment | 3 | — | — | |
| CWE-1284 | — | 3 | — | — | |
| CWE-312 | — | 3 | — | — | |
| CWE-807 | — | 3 | 1 | — | |
| CWE-226 | — | 3 | — | — | |
| CWE-256 | — | 3 | — | — | |
| CWE-1321 | — | 3 | — | — | |
| CWE-345 | — | 3 | 1 | — | |
| CWE-426 | — | 3 | — | — | |
| CWE-95 | — | 3 | — | — | |
| CWE-204 | — | 3 | — | — | |
| CWE-552 | — | 3 | 1 | — |