Search Common Weakness Enumerations (CWE) by number.
CWE | Description | Websites |
---|---|---|
CWE-787 | Out-of-bounds Write | 1,010,879 |
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 4,656,267 |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 30,500 |
CWE-416 | Use After Free | 1,260,414 |
CWE-20 | Improper Input Validation | 1,610,187 |
CWE-125 | Out-of-bounds Read | 1,174,817 |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4,097 |
CWE-352 | Cross-Site Request Forgery (CSRF) | 1,244,664 |
CWE-434 | Unrestricted Upload of File with Dangerous Type | 5,338 |
CWE-862 | Missing Authorization | 23,972 |
CWE-476 | NULL Pointer Dereference | 1,029,692 |
CWE-287 | Improper Authentication | 26,133 |
CWE-190 | Integer Overflow or Wraparound | 442 |
CWE-502 | Deserialization of Untrusted Data | 164,341 |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | 1,089,606 |
CWE-918 | Server-Side Request Forgery (SSRF) | 3,570,304 |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | 1,593 |
CWE-863 | Incorrect Authorization | 435,632 |
CWE | Description | Updated |
---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | Feb 29, 2024 |
CWE-352 | Cross-Site Request Forgery (CSRF) | Feb 29, 2024 |
CWE-862 | Missing Authorization | Feb 29, 2024 |
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Feb 28, 2024 |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Feb 28, 2024 |
CWE-284 | Improper Access Control | Feb 28, 2024 |
CWE-434 | Unrestricted Upload of File with Dangerous Type | Feb 26, 2024 |
CWE-285 | Improper Authorization | Feb 21, 2024 |
CWE-269 | Improper Privilege Management | Feb 21, 2024 |
CWE | Description | Websites |
---|---|---|
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 4,656,267 |
CWE-918 | Server-Side Request Forgery (SSRF) | 3,570,304 |
CWE-20 | Improper Input Validation | 1,610,187 |
CWE-416 | Use After Free | 1,260,414 |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | 1,254,886 |
CWE-352 | Cross-Site Request Forgery (CSRF) | 1,244,664 |
CWE-125 | Out-of-bounds Read | 1,174,817 |
CWE-131 | Incorrect Calculation of Buffer Size | 1,165,221 |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | 1,089,606 |
CWE-400 | Uncontrolled Resource Consumption | 1,088,949 |