Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-419 Unprotected Primary Channel Allowed 11
CWE-299 Improper Check for Certificate Revocation Allowed 11
CWE-242 Use of Inherently Dangerous Function Allowed 11
CWE-232 Improper Handling of Undefined Values Allowed 11
CWE-230 Improper Handling of Missing Values Allowed 11
CWE-1427 Improper Neutralization of Input Used for LLM Prompting Allowed 11
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface Allowed 11
CWE-1050 Excessive Platform Resource Consumption within a Loop Allowed 11
CWE-842 Placement of User into Incorrect Group Allowed 10
CWE-830 Inclusion of Web Functionality from an Untrusted Source Allowed 10
CWE-826 Premature Release of Resource During Expected Lifetime Allowed 10
CWE-656 Reliance on Security Through Obscurity Allowed-with-Review 10
CWE-646 Reliance on File Name or Extension of Externally-Supplied File Allowed 10
CWE-466 Return of Pointer Value Outside of Expected Range Allowed 10
CWE-363 Race Condition Enabling Link Following Allowed 10
CWE-341 Predictable from Observable State Allowed 10
CWE-308 Use of Single-factor Authentication Allowed 10
CWE-14 Compiler Removal of Code to Clear Buffers Allowed 10
CWE-1329 Reliance on Component That is Not Updateable Allowed 10
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information Allowed 10
CWE-921 Storage of Sensitive Data in a Mechanism without Access Control Allowed 9
CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages Allowed 9
CWE-760 Use of a One-Way Hash with a Predictable Salt Allowed 9
CWE-645 Overly Restrictive Account Lockout Mechanism Allowed 9
CWE-64 Windows Shortcut Following (.LNK) Allowed 9
CWE-626 Null Byte Interaction Error (Poison Null Byte) Allowed 9
CWE-573 Improper Following of Specification by Caller Allowed-with-Review 9
CWE-564 SQL Injection: Hibernate Allowed 9
CWE-561 Dead Code Allowed 9
CWE-480 Use of Incorrect Operator Allowed 9
CWE-291 Reliance on IP Address for Authentication Allowed 9
CWE-258 Empty Password in Configuration File Allowed 9
CWE-172 Encoding Error Allowed-with-Review 9
CWE-146 Improper Neutralization of Expression/Command Delimiters Allowed 9
CWE-141 Improper Neutralization of Parameter/Argument Delimiters Allowed 9
CWE-1326 Missing Immutable Root of Trust in Hardware Allowed 9
CWE-127 Buffer Under-read Allowed 9
CWE-81 Improper Neutralization of Script in an Error Message Web Page Allowed 8
CWE-676 Use of Potentially Dangerous Function Allowed 8
CWE-625 Permissive Regular Expression Allowed 8
CWE-456 Missing Initialization of a Variable Allowed 8
CWE-372 Incomplete Internal State Distinction Discouraged 8
CWE-223 Omission of Security-relevant Information Allowed 8
CWE-196 Unsigned to Signed Conversion Error Allowed 8
CWE-1419 Incorrect Initialization of Resource Allowed-with-Review 8
CWE-1282 Assumed-Immutable Data is Stored in Writable Memory Allowed 8
CWE-1263 Improper Physical Access Control Allowed-with-Review 8