CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List (2.6)  

CWE List (Version 2.6)
CWE List (Version 2.6)

The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CWE dictionary as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Download CWE
Download CWE
CWE XML 2.6 ZIP (2014-02-19) CWE XSD schema V5.4 (2014-02-19) Printable CWE 2.6 PDF (13.2 MB)
Useful Overviews
Useful Overviews
Development Concepts (699) Research Concepts (1000)
Comprehensive CWE Dictionary (2000) PDFs with Graphical Depictions of CWE
Graphs
Graphs
(1000) Research Concepts Graph List Slice XML.zip
(629) Weaknesses in OWASP Top Ten (2007) Graph List Slice XML.zip
(631) Resource-specific Weaknesses Graph List Slice XML.zip
(678) Composites Graph List Slice XML.zip
(699) Development Concepts Graph List Slice XML.zip
(700) Seven Pernicious Kingdoms Graph List Slice XML.zip
(709) Named Chains Graph List Slice XML.zip
(711) Weaknesses in OWASP Top Ten (2004) Graph List Slice XML.zip
(734) Weaknesses Addressed by the CERT C Secure Coding Standard Graph List Slice XML.zip
(750) Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors Graph List Slice XML.zip
(800) Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Graph List Slice XML.zip
(809) Weaknesses in OWASP Top Ten (2010) Graph List Slice XML.zip
(844) Weaknesses Addressed by the CERT Java Secure Coding Standard Graph List Slice XML.zip
(868) Weaknesses Addressed by the CERT C++ Secure Coding Standard Graph List Slice XML.zip
(888) Software Fault Pattern (SFP) Clusters Graph List Slice XML.zip
(900) Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors Graph List Slice XML.zip
(928) Weaknesses in OWASP Top Ten (2013) Graph List Slice XML.zip
Explicit Slices
Explicit Slices
(630) Weaknesses Examined by SAMATE   List Slice XML.zip
(635) Weaknesses Used by NVD   List Slice XML.zip
(884) CWE Cross-section   List Slice XML.zip
Implicit Slices
Implicit Slices
(2000) Comprehensive CWE Dictionary   List Slice XML.zip
(604) Deprecated Entries   List Slice XML.zip
(658) Weaknesses in Software Written in C   List Slice XML.zip
(659) Weaknesses in Software Written in C++   List Slice XML.zip
(660) Weaknesses in Software Written in Java   List Slice XML.zip
(661) Weaknesses in Software Written in PHP   List Slice XML.zip
(677) Weakness Base Elements   List Slice XML.zip
(679) Chain Elements   List Slice XML.zip
(701) Weaknesses Introduced During Design   List Slice XML.zip
(702) Weaknesses Introduced During Implementation   List Slice XML.zip
(919) Weaknesses in Mobile Applications   List Slice XML.zip
Composites
Composites
(352) Cross-Site Request Forgery (CSRF)   List Slice XML.zip
(384) Session Fixation   List Slice XML.zip
(426) Untrusted Search Path   List Slice XML.zip
(61) UNIX Symbolic Link (Symlink) Following   List Slice XML.zip
(689) Permission Race Condition During Resource Copy   List Slice XML.zip
Named Chains
Named Chains
(680) Integer Overflow to Buffer Overflow Graph List Slice XML.zip
(690) Unchecked Return Value to NULL Pointer Dereference Graph List Slice XML.zip
(692) Incomplete Blacklist to Cross-Site Scripting Graph List Slice XML.zip

Please contact cwe@mitre.org with suggestions for additional views.

Page Last Updated: February 19, 2014