CWE Lookup

Search Common Weakness Enumerations (CWE) by number.



MITRE 2024 Top 25 CWEs

List of top most critical software weaknesses. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')16,158,475
CWE-787Out-of-bounds Write4,887,874
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2,426,828
CWE-352Cross-Site Request Forgery (CSRF)2,611,298
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3,002,815
CWE-125Out-of-bounds Read2,712,048
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')494,936
CWE-416Use After Free1,232,277
CWE-862Missing Authorization3,791,874
CWE-434Unrestricted Upload of File with Dangerous Type3,995,933
CWE-94Improper Control of Generation of Code ('Code Injection')1,661,256
CWE-20Improper Input Validation3,949,224
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')17,632
CWE-287Improper Authentication952,688
CWE-269Improper Privilege Management174,946
CWE-502Deserialization of Untrusted Data653,732
CWE-200Exposure of Sensitive Information to an Unauthorized Actor2,742,882
CWE-863Incorrect Authorization667,464
CWE-918Server-Side Request Forgery (SSRF)4,552,400
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer380,784
CWE-476NULL Pointer Dereference2,230,635
CWE-798Use of Hard-coded Credentials87
CWE-190Integer Overflow or Wraparound1,690,298
CWE-400Uncontrolled Resource Consumption1,167,105
CWE-306Missing Authentication for Critical Function6,592

Most recently updated CWEs

CWE with mostly recently updated or discovered CVE vulnerabilities. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionUpdated
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')May 18, 2025
CWE-862Missing AuthorizationMay 17, 2025
CWE-73External Control of File Name or PathMay 17, 2025
CWE-200Exposure of Sensitive Information to an Unauthorized ActorMay 17, 2025
CWE-434Unrestricted Upload of File with Dangerous TypeMay 17, 2025
CWE-863Incorrect AuthorizationMay 17, 2025
CWE-352Cross-Site Request Forgery (CSRF)May 17, 2025
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')May 16, 2025
CWE-94Improper Control of Generation of Code ('Code Injection')May 16, 2025
CWE-918Server-Side Request Forgery (SSRF)May 16, 2025

Most prevalent CWEs

The list of most widespread CWEs. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')16,158,475
CWE-787Out-of-bounds Write4,887,874
CWE-918Server-Side Request Forgery (SSRF)4,552,400
CWE-434Unrestricted Upload of File with Dangerous Type3,995,933
CWE-20Improper Input Validation3,949,224
CWE-354Improper Validation of Integrity Check Value3,802,155
CWE-862Missing Authorization3,791,874
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3,002,815
CWE-200Exposure of Sensitive Information to an Unauthorized Actor2,742,882
CWE-125Out-of-bounds Read2,712,048