CWE Lookup

Search Common Weakness Enumerations (CWE) by number.



MITRE 2023 Top 25 CWEs

List of top most critical software weaknesses. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-787Out-of-bounds Write1,068,147
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')5,147,238
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')31,430
CWE-416Use After Free1,322,274
CWE-20Improper Input Validation1,700,470
CWE-125Out-of-bounds Read1,233,189
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')153
CWE-352Cross-Site Request Forgery (CSRF)1,296,919
CWE-434Unrestricted Upload of File with Dangerous Type6,934
CWE-862Missing Authorization23,056
CWE-476NULL Pointer Dereference1,080,467
CWE-287Improper Authentication17,791
CWE-190Integer Overflow or Wraparound468
CWE-502Deserialization of Untrusted Data196,174
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer1,233,912
CWE-918Server-Side Request Forgery (SSRF)3,854,837
CWE-863Incorrect Authorization461,293

Most recently updated CWEs

CWE with mostly recently updated or discovered CVE vulnerabilities. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionUpdated
CWE-200Exposure of Sensitive Information to an Unauthorized ActorFeb 29, 2024
CWE-352Cross-Site Request Forgery (CSRF)Feb 29, 2024
CWE-862Missing AuthorizationFeb 29, 2024
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Feb 28, 2024
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Feb 28, 2024
CWE-284Improper Access ControlFeb 28, 2024
CWE-434Unrestricted Upload of File with Dangerous TypeFeb 26, 2024
CWE-285Improper AuthorizationFeb 21, 2024
CWE-269Improper Privilege ManagementFeb 21, 2024

Most prevalent CWEs

The list of most widespread CWEs. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')5,147,238
CWE-918Server-Side Request Forgery (SSRF)3,854,837
CWE-20Improper Input Validation1,700,470
CWE-200Exposure of Sensitive Information to an Unauthorized Actor1,325,124
CWE-416Use After Free1,322,274
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')1,317,413
CWE-352Cross-Site Request Forgery (CSRF)1,296,919
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer1,233,912
CWE-125Out-of-bounds Read1,233,189
CWE-131Incorrect Calculation of Buffer Size1,232,229