CWE Lookup

Search Common Weakness Enumerations (CWE) by number.



MITRE 2024 Top 25 CWEs

List of top most critical software weaknesses. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')15,196,816
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2,740,642
CWE-20Improper Input Validation2,751,763
CWE-125Out-of-bounds Read5,946,357
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')259,648
CWE-416Use After Free681,047
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3,534,416
CWE-352Cross-Site Request Forgery (CSRF)2,353,144
CWE-434Unrestricted Upload of File with Dangerous Type3,567,171
CWE-862Missing Authorization5,357,357
CWE-476NULL Pointer Dereference5,656,897
CWE-287Improper Authentication2,309,544
CWE-190Integer Overflow or Wraparound4,959,595
CWE-502Deserialization of Untrusted Data540,100
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')5,398
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer154,809
CWE-798Use of Hard-coded Credentials90
CWE-918Server-Side Request Forgery (SSRF)4,300,042
CWE-306Missing Authentication for Critical Function141,273
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')31,256
CWE-269Improper Privilege Management225,019
CWE-94Improper Control of Generation of Code ('Code Injection')2,062,949
CWE-863Incorrect Authorization1,606,566
CWE-276Incorrect Default Permissions5,011
CWE-200Exposure of Sensitive Information to an Unauthorized Actor3,406,169

Most recently updated CWEs

CWE with mostly recently updated or discovered CVE vulnerabilities. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionUpdated
CWE-532Insertion of Sensitive Information into Log FileApr 13, 2026
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Apr 13, 2026
CWE-502Deserialization of Untrusted DataApr 13, 2026
CWE-670Always-Incorrect Control Flow ImplementationApr 12, 2026
CWE-639Authorization Bypass Through User-Controlled KeyApr 11, 2026
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Apr 11, 2026
CWE-918Server-Side Request Forgery (SSRF)Apr 11, 2026
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Apr 11, 2026
CWE-269Improper Privilege ManagementApr 11, 2026

Most prevalent CWEs

The list of most widespread CWEs. Only Common Weakness Enumerations (CWEs) that are detectable from client-side software packages and libraries are included.
CWEDescriptionWebsites
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')15,196,816
CWE-125Out-of-bounds Read5,946,357
CWE-476NULL Pointer Dereference5,656,897
CWE-862Missing Authorization5,357,357
CWE-190Integer Overflow or Wraparound4,959,595
CWE-918Server-Side Request Forgery (SSRF)4,300,042
CWE-434Unrestricted Upload of File with Dangerous Type3,567,171
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')3,534,416
CWE-200Exposure of Sensitive Information to an Unauthorized Actor3,406,169
CWE-639Authorization Bypass Through User-Controlled Key3,327,117