CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List Version 2.7  

CWE List Version 2.7

Total CWEs: 945

The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CWE dictionary as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Search CWE

Easily find a specific attack pattern by performing a search of the CWE List by keywords(s) or by CWE-ID Number. To search by multiple keywords, separate each by a space.

Review CWE List

A number of review methods have been produced to help navigate the list including: by hierarchical representation, by relationships to external factors, and by relationships to specific attributes. Each of these methods provides a unique view into the CWE List to help you find a specific attack pattern or to show the relationships amongst different patterns.


By Hierarchical Representation (Graph)

A "graph" is a hierarchical representation of weaknesses based on a specific vantage point.
Title Review Download
Research Concepts View XML.zip
Weaknesses in OWASP Top Ten (2007) View XML.zip
Resource-specific Weaknesses View XML.zip
Composites View XML.zip
Development Concepts View XML.zip
Seven Pernicious Kingdoms View XML.zip
Named Chains View XML.zip
Weaknesses in OWASP Top Ten (2004) View XML.zip
Weaknesses Addressed by the CERT C Secure Coding Standard View XML.zip
Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors View XML.zip
Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors View XML.zip
Weaknesses in OWASP Top Ten (2010) View XML.zip
Weaknesses Addressed by the CERT Java Secure Coding Standard View XML.zip
Weaknesses Addressed by the CERT C++ Secure Coding Standard View XML.zip
Software Fault Pattern (SFP) Clusters View XML.zip
Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors View XML.zip
Weaknesses in OWASP Top Ten (2013) View XML.zip

By Relationships to External Factors (Explicit Slice)

An "explicit slice" is a subset of weaknesses that are related through some external factor.
Title Review Download
Weaknesses Examined by SAMATE View XML.zip
Weaknesses Used by NVD View XML.zip
CWE Cross-section View XML.zip

By Relationships to Specific Attributes (Implicit Slice)

An "implicit slice" is a subset of weaknesses that are related through a specific attribute.
Title Review Download
Comprehensive CWE Dictionary View XML.zip
Deprecated Entries View XML.zip
Weaknesses in Software Written in C View XML.zip
Weaknesses in Software Written in C++ View XML.zip
Weaknesses in Software Written in Java View XML.zip
Weaknesses in Software Written in PHP View XML.zip
Weakness Base Elements View XML.zip
Chain Elements View XML.zip
Weaknesses Introduced During Design View XML.zip
Weaknesses Introduced During Implementation View XML.zip
Weaknesses in Mobile Applications View XML.zip

By Combined Weaknesses Resulting in a New Weakness (Composites)

A "composite" is a combination of two or more separate weaknesses that can create a vulnerability, but only if they all occur all the same time.
Title Review Download
Cross-Site Request Forgery (CSRF) View XML.zip
Session Fixation View XML.zip
Untrusted Search Path View XML.zip
UNIX Symbolic Link (Symlink) Following View XML.zip
Permission Race Condition During Resource Copy View XML.zip

By Most Commonly Combined Weaknesses (Named Chains)

A "chain" is a sequence of two or more separate weaknesses that when linked together can directly create the conditions that are necessary to cause another weakness.

"Named Chains" are those chains that occur most often.

Title Review Download
Integer Overflow to Buffer Overflow View XML.zip
Unchecked Return Value to NULL Pointer Dereference View XML.zip
Incomplete Blacklist to Cross-Site Scripting View XML.zip

Downloads

The download options below include all current CWE content as a PDF or in a single XML download file, and the latest CWE schema XSD file. See the Releases Archive below for previous versions.

CWE Content (All) Version 2.7 ZIP PDF  
CWE Schema Version 5.4     XSD

Schema Documentation

The document below contains descriptions of the various elements in the official CWE Schema. It provides a basic understanding of the CWE data structures and can be used as a useful guide for developing new CWE entries or adding content to existing entries.

Schema Documentation Version 5.4 HTML

Release Notes

Detailed descriptions of the changes between the previous versions of the CWE content and schema to the current versions.

Content Difference Report Version 2.6 to Version 2.7 HTML
Schema Difference Report Version 5.3 to Version 5.4 HTML

Release Archive

Includes previous release versions of the core content downloads, schemas, schema documentation, and difference reports.

Version XML Content Published Schema Documentation Difference Reports
Version 2.7 ZIP PDF XSD HTML Content
Version 2.6 ZIP PDF XSD HTML Content | Schema
Version 2.5 ZIP PDF XSD HTML Content
Version 2.4 ZIP PDF XSD HTML Content | Schema
Version 2.3 ZIP PDF XSD HTML Content
Version 2.2 ZIP PDF XSD HTML Content | Schema
Version 2.1 ZIP PDF XSD HTML Content | Schema
Version 2.0 ZIP PDF XSD HTML Content | Schema
Version 1.13 ZIP PDF XSD HTML Content | Schema
Version 1.12 ZIP PDF XSD HTML Content
Version 1.11 ZIP PDF XSD HTML Content
Version 1.10 ZIP PDF XSD HTML Content
Version 1.9 ZIP PDF XSD HTML Content
Version 1.8.1 ZIP PDF XSD HTML Content
Version 1.8 ZIP PDF XSD HTML Content | Schema
Version 1.7 ZIP PDF XSD HTML Content | Schema
Version 1.6 ZIP PDF XSD HTML Content
Version 1.5 ZIP PDF XSD HTML Content
Version 1.4 ZIP PDF XSD HTML Content
Version 1.3 ZIP PDF XSD HTML Content | Schema
Version 1.2 ZIP PDF XSD HTML Content | Schema
Version 1.1 ZIP PDF XSD HTML Content
Version 1.0.1 ZIP PDF XSD HTML Content
Version 1.0 ZIP PDF XSD HTML Content | Schema

Please contact cwe@mitre.org with suggestions for additional views.

Page Last Updated: June 25, 2014