Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-471 Modification of Assumed-Immutable Data (MAID) Allowed 33
CWE-353 Missing Support for Integrity Check Allowed 33
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data Allowed 33
CWE-304 Missing Critical Step in Authentication Allowed 33
CWE-289 Authentication Bypass by Alternate Name Allowed 33
CWE-690 Unchecked Return Value to NULL Pointer Dereference Discouraged 32
CWE-664 Improper Control of a Resource Through its Lifetime Discouraged 32
CWE-565 Reliance on Cookies without Validation and Integrity Checking Allowed 32
CWE-226 Sensitive Information in Resource Not Removed Before Reuse Allowed 32
CWE-202 Exposure of Sensitive Information Through Data Queries Allowed 31
CWE-176 Improper Handling of Unicode Encoding Allowed 31
CWE-313 Cleartext Storage in a File or on Disk Allowed 30
CWE-241 Improper Handling of Unexpected Data Type Allowed 30
CWE-213 Exposure of Sensitive Information Due to Incompatible Policies Allowed 30
CWE-834 Excessive Iteration Discouraged 29
CWE-540 Inclusion of Sensitive Information in Source Code Allowed 29
CWE-316 Cleartext Storage of Sensitive Information in Memory Allowed 29
CWE-185 Incorrect Regular Expression Allowed-with-Review 29
CWE-1385 Missing Origin Validation in WebSockets Allowed 29
CWE-782 Exposed IOCTL with Insufficient Access Control Allowed 28
CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') Allowed 28
CWE-684 Incorrect Provision of Specified Functionality Allowed-with-Review 28
CWE-525 Use of Web Browser Cache Containing Sensitive Information Allowed 28
CWE-488 Exposure of Data Element to Wrong Session Allowed 28
CWE-356 Product UI does not Warn User of Unsafe Actions Allowed 28
CWE-322 Key Exchange without Entity Authentication Allowed 28
CWE-282 Improper Ownership Management Allowed-with-Review 28
CWE-691 Insufficient Control Flow Management Discouraged 27
CWE-606 Unchecked Input for Loop Condition Allowed 27
CWE-501 Trust Boundary Violation Allowed 27
CWE-357 Insufficient UI Warning of Dangerous Operations Allowed 27
CWE-763 Release of Invalid Pointer or Reference Allowed 26
CWE-41 Improper Resolution of Path Equivalence Allowed 26
CWE-270 Privilege Context Switching Error Allowed 26
CWE-115 Misinterpretation of Input Allowed 26
CWE-233 Improper Handling of Parameters Allowed 25
CWE-158 Improper Neutralization of Null Byte or NUL Character Allowed 25
CWE-1289 Improper Validation of Unsafe Equivalence in Input Allowed 25
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior Allowed-with-Review 24
CWE-523 Unprotected Transport of Credentials Allowed 24
CWE-391 Unchecked Error Condition Prohibited 24
CWE-286 Incorrect User Management Allowed-with-Review 24
CWE-279 Incorrect Execution-Assigned Permissions Allowed 24
CWE-1275 Sensitive Cookie with Improper SameSite Attribute Allowed 24
CWE-1230 Exposure of Sensitive Information Through Metadata Allowed 24
CWE-83 Improper Neutralization of Script in Attributes in a Web Page Allowed 23
CWE-778 Insufficient Logging Allowed 23
CWE-260 Password in Configuration File Allowed 23
CWE-1288 Improper Validation of Consistency within Input Allowed 23