CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List (2.5)  

CWE List (Version 2.5)
CWE List (Version 2.5)

The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CWE dictionary as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Download CWE
Download CWE
CWE XML 2.5 ZIP (2013-07-17) CWE XSD schema V5.3 (2013-02-21) Printable CWE 2.5 PDF (13.31 MB)
Back to top
Useful Overviews
Useful Overviews
Development Concepts (699) Research Concepts (1000)
Comprehensive CWE Dictionary (2000) PDFs with Graphical Depictions of CWE
Back to top
Graphs
Graphs
(1000) Research Concepts Graph List Slice XML.zip
(629) Weaknesses in OWASP Top Ten (2007) Graph List Slice XML.zip
(631) Resource-specific Weaknesses Graph List Slice XML.zip
(678) Composites Graph List Slice XML.zip
(699) Development Concepts Graph List Slice XML.zip
(700) Seven Pernicious Kingdoms Graph List Slice XML.zip
(709) Named Chains Graph List Slice XML.zip
(711) Weaknesses in OWASP Top Ten (2004) Graph List Slice XML.zip
(734) Weaknesses Addressed by the CERT C Secure Coding Standard Graph List Slice XML.zip
(750) Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors Graph List Slice XML.zip
(800) Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Graph List Slice XML.zip
(809) Weaknesses in OWASP Top Ten (2010) Graph List Slice XML.zip
(844) Weaknesses Addressed by the CERT Java Secure Coding Standard Graph List Slice XML.zip
(868) Weaknesses Addressed by the CERT C++ Secure Coding Standard Graph List Slice XML.zip
(888) Software Fault Pattern (SFP) Clusters Graph List Slice XML.zip
(900) Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors Graph List Slice XML.zip
(928) Weaknesses in OWASP Top Ten (2013) Graph List Slice XML.zip
Back to top
Explicit Slices
Explicit Slices
(630) Weaknesses Examined by SAMATE   List Slice XML.zip
(635) Weaknesses Used by NVD   List Slice XML.zip
(884) CWE Cross-section   List Slice XML.zip
Back to top
Implicit Slices
Implicit Slices
(2000) Comprehensive CWE Dictionary   List Slice XML.zip
(604) Deprecated Entries   List Slice XML.zip
(658) Weaknesses in Software Written in C   List Slice XML.zip
(659) Weaknesses in Software Written in C++   List Slice XML.zip
(660) Weaknesses in Software Written in Java   List Slice XML.zip
(661) Weaknesses in Software Written in PHP   List Slice XML.zip
(677) Weakness Base Elements   List Slice XML.zip
(679) Chain Elements   List Slice XML.zip
(701) Weaknesses Introduced During Design   List Slice XML.zip
(702) Weaknesses Introduced During Implementation   List Slice XML.zip
(919) Weaknesses in Mobile Applications   List Slice XML.zip
Back to top
Composites
Composites
(352) Cross-Site Request Forgery (CSRF)   List Slice XML.zip
(384) Session Fixation   List Slice XML.zip
(426) Untrusted Search Path   List Slice XML.zip
(61) UNIX Symbolic Link (Symlink) Following   List Slice XML.zip
(689) Permission Race Condition During Resource Copy   List Slice XML.zip
Back to top
Named Chains
Named Chains
(680) Integer Overflow to Buffer Overflow Graph List Slice XML.zip
(690) Unchecked Return Value to NULL Pointer Dereference Graph List Slice XML.zip
(692) Incomplete Blacklist to Cross-Site Scripting Graph List Slice XML.zip
Back to top

Please contact cwe@mitre.org with suggestions for additional views.
Page Last Updated: July 17, 2013
 

CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us