CWE Lookup

Search Common Weakness Enumerations (CWE) by number.



MITRE 2023 Top 25 CWEs

List of top most critical software weaknesses. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-787Out-of-bounds Write1,010,879
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4,656,267
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')30,500
CWE-416Use After Free1,260,414
CWE-20Improper Input Validation1,610,187
CWE-125Out-of-bounds Read1,174,817
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')4,097
CWE-352Cross-Site Request Forgery (CSRF)1,244,664
CWE-434Unrestricted Upload of File with Dangerous Type5,338
CWE-862Missing Authorization23,972
CWE-476NULL Pointer Dereference1,029,692
CWE-287Improper Authentication26,133
CWE-190Integer Overflow or Wraparound442
CWE-502Deserialization of Untrusted Data164,341
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer1,089,606
CWE-918Server-Side Request Forgery (SSRF)3,570,304
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')1,593
CWE-863Incorrect Authorization435,632

Most recently updated CWEs

CWE with mostly recently updated or discovered CVE vulnerabilities. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionUpdated
CWE-200Exposure of Sensitive Information to an Unauthorized ActorFeb 29, 2024
CWE-352Cross-Site Request Forgery (CSRF)Feb 29, 2024
CWE-862Missing AuthorizationFeb 29, 2024
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Feb 28, 2024
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Feb 28, 2024
CWE-284Improper Access ControlFeb 28, 2024
CWE-434Unrestricted Upload of File with Dangerous TypeFeb 26, 2024
CWE-285Improper AuthorizationFeb 21, 2024
CWE-269Improper Privilege ManagementFeb 21, 2024

Most prevalent CWEs

The list of most widespread CWEs. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4,656,267
CWE-918Server-Side Request Forgery (SSRF)3,570,304
CWE-20Improper Input Validation1,610,187
CWE-416Use After Free1,260,414
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')1,254,886
CWE-352Cross-Site Request Forgery (CSRF)1,244,664
CWE-125Out-of-bounds Read1,174,817
CWE-131Incorrect Calculation of Buffer Size1,165,221
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer1,089,606
CWE-400Uncontrolled Resource Consumption1,088,949