CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List Version 2.11  
ID

CWE List Version 2.11
Total CWEs: 705

At its core, the Common Weakness Enumeration (CWE™) is a list of software weaknesses types. Creating the list is a community initiative aimed at creating specific and succinct definitions for each common weakness type. By leveraging the widest possible group of interests and talents, the hope is to ensure that item in the list is adequately described and differentiated. This is a living effort with ongoing work to capture the specific effects, behaviors, exploit mechanisms, and implementation details within the CWE List as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Navigate CWE

Use one of the hierarchical representation below to navigate the entire list according to your specific point of view. The Research Concepts representation facilitates research into weakness types and organizes items by behaviors. The Development Concepts representation organizes items by concepts that are frequently used or encountered during development.

Alternative Formats
Research Concepts View Booklet.html CSV.zip XML.zip
Development Concepts View Booklet.html CSV.zip XML.zip
Back to top

External Mappings

These views are used to represent mappings to external groupings such as a Top-N list, as well as to express subsets of entries that are related by some external factor.

Alternative Formats
2011 CWE/SANS Top 25 View Booklet.html CSV.zip XML.zip
2010 CWE/SANS Top 25 View Booklet.html CSV.zip XML.zip
2009 CWE/SANS Top 25 View Booklet.html CSV.zip XML.zip
OWASP Top Ten (2013) View Booklet.html CSV.zip XML.zip
OWASP Top 10 (2010) View Booklet.html CSV.zip XML.zip
OWASP Top 10 (2007) View Booklet.html CSV.zip XML.zip
OWASP Top 10 (2004) View Booklet.html CSV.zip XML.zip
Seven Pernicious Kingdoms View Booklet.html CSV.zip XML.zip
Software Fault Pattern Clusters View Booklet.html CSV.zip XML.zip
CERT C Secure Coding Standard View Booklet.html CSV.zip XML.zip
CERT Java Secure Coding Standard View Booklet.html CSV.zip XML.zip
CERT C++ Secure Coding Standard View Booklet.html CSV.zip XML.zip
Back to top

Helpful Views

A number of additional helpful views have been created. These are based on a specific criteria and hope to provide insight for a certain domain or use case.

Alternative Formats
Introduced During Design View Booklet.html CSV.zip XML.zip
Introduced During Implementation View Booklet.html CSV.zip XML.zip
Software Written in C View Booklet.html CSV.zip XML.zip
Software Written in C++ View Booklet.html CSV.zip XML.zip
Software Written in Java View Booklet.html CSV.zip XML.zip
Software Written in PHP View Booklet.html CSV.zip XML.zip
Weaknesses in Mobile Applications View Booklet.html CSV.zip XML.zip
CWE Composites View Booklet.html CSV.zip XML.zip
CWE Named Chains View Booklet.html CSV.zip XML.zip
CWE Cross-Section View Booklet.html CSV.zip XML.zip
CWE Simplified Mapping View Booklet.html CSV.zip XML.zip
CWE Deprecated Entries View Booklet.html CSV.zip XML.zip
CWE Comprehensive View View Booklet.html CSV.zip XML.zip
Weaknesses without Software Fault Patterns View Booklet.html CSV.zip XML.zip
Weaknesses Used by NVD View Booklet.html CSV.zip XML.zip
Weaknesses Examined by SAMATE View Booklet.html CSV.zip XML.zip
Weakness Base Elements View Booklet.html CSV.zip XML.zip
Chain Elements View Booklet.html CSV.zip XML.zip
Resource-specific Weaknesses View Booklet.html CSV.zip XML.zip
Back to top

Release Downloads

Includes previous release versions of the core content downloads, schemas, schema documentation, and difference reports.

Version XML Content Published Schema Documentation Difference Reports
Version 2.11 ZIP PDF XSD HTML Content
Version 2.10 ZIP PDF XSD HTML Content
Version 2.9 ZIP PDF XSD HTML Content
Version 2.8 ZIP PDF XSD HTML Content | Schema
Version 2.7 ZIP PDF XSD HTML Content
Version 2.6 ZIP PDF XSD HTML Content | Schema
Version 2.5 ZIP PDF XSD HTML Content
Version 2.4 ZIP PDF XSD HTML Content
Version 2.3 ZIP PDF XSD HTML Content
Version 2.2 ZIP PDF XSD HTML Content
Version 2.1 ZIP PDF XSD HTML Content
Version 2.0 ZIP PDF XSD HTML Content
Version 1.13 ZIP PDF XSD HTML Content
Version 1.12 ZIP PDF XSD HTML Content
Version 1.11 ZIP PDF XSD HTML Content
Version 1.10 ZIP PDF XSD HTML Content
Version 1.9 ZIP PDF XSD HTML Content
Version 1.8.1 ZIP PDF XSD HTML Content
Version 1.8 ZIP PDF XSD HTML Content | Schema
Version 1.7 ZIP PDF XSD HTML Content | Schema
Version 1.6 ZIP PDF XSD HTML Content
Version 1.5 ZIP PDF XSD HTML Content
Version 1.4 ZIP PDF XSD HTML Content
Version 1.3 ZIP PDF XSD HTML Content
Version 1.2 ZIP XSD HTML Content | Schema
Version 1.1 ZIP XSD HTML
Version 1.0.1 ZIP XSD HTML Content
Version 1.0 ZIP XSD HTML Content | Schema
Back to top

More information is available — Please select a different filter.
Page Last Updated: May 18, 2017 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
Privacy policy
Terms of use
Contact us