CWE List Version 2.9
|
Total CWEs: 1004
|
The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the
effort, are creating specific and
succinct definitions for each of the elements in the CWE List. By leveraging
the widest possible group of interests and talents we hope to ensure that
the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors,
exploit mechanisms, and implementation details in the CWE dictionary
as well as to review and revise the presentation approaches to
provide those that best suit the community using this information.
Search CWE
Easily find a specific weakness by performing a search of the CWE List by keywords(s) or by CWE-ID Number. To search by multiple keywords, separate each by a space.
Review CWE List
A number of review methods have been produced to help navigate the list including: by hierarchical representation, by relationships to external factors, and by relationships to specific attributes. Each of these methods provides a unique view into the CWE List to help you find a specific weakness or to show the relationships amongst different patterns.
By Hierarchical Representation (Graph)
A "graph" is a hierarchical representation of weaknesses based on a specific vantage point.
Graphical PDF Depictions of CWE
|
By Relationships to External Factors (Explicit Slice)
| An "explicit slice" is a subset of weaknesses that are related through some external factor. |
By Relationships to Specific Attributes (Implicit Slice)
| An "implicit slice" is a subset of weaknesses that are related through a specific attribute. |
By Combined Weaknesses Resulting in a New Weakness (Composites)
| A "composite" is a combination of two or more separate weaknesses that can create a vulnerability, but only if they all occur all the same time. |
By Most Commonly Combined Weaknesses (Named Chains)
| A "chain" is a sequence of two or more separate weaknesses that when linked together can directly create the conditions that are necessary to cause another weakness.
"Named Chains" are those chains that occur most often.
|
| Title |
Review |
Download |
| Integer Overflow to Buffer Overflow |
View |
XML.zip |
| Unchecked Return Value to NULL Pointer Dereference |
View |
XML.zip |
| Incomplete Blacklist to Cross-Site Scripting |
View |
XML.zip |
Downloads
The download options below include all current CWE content as a PDF or in a single XML download file, and the latest CWE schema XSD file. See the Releases Archive below for previous versions.
| CWE Content (All) |
Version 2.9 |
ZIP |
PDF |
|
| CWE Schema |
Version 5.4.2 |
|
|
XSD
|
Schema Documentation
The document below contains descriptions of the various elements in the official CWE Schema. It provides a basic understanding of the CWE data structures and can be used as a useful guide for developing new CWE entries or adding content to existing entries.
| Schema Documentation |
Version 5.4.2 |
HTML |
Release Notes
Detailed descriptions of the changes between the previous versions of the CWE content and schema to the current versions.
| Content Difference Report |
Version 2.8 to Version 2.9 | HTML |
| Schema Difference Report |
Version 5.4 to Version 5.4.2 | HTML |
Release Archive
Includes previous release versions of the core content downloads, schemas, schema documentation, and difference reports.
Please contact cwe@mitre.org with suggestions for additional views.
|
| | | | | 
