CWE
Home > CWE List (1.4)  

CWE List (1.4)
CWE List (1.4)

The Common Weakness Enumeration (CWE™) is a list of software weaknesses. Creating the list is a community initiative. Together, these organizations and any others that wish to join the effort, are creating specific and succinct definitions for each of the elements in the CWE List. By leveraging the widest possible group of interests and talents we hope to ensure that the CWE elements are adequately described and differentiated. We continually will work to capture the specific effects, behaviors, exploit mechanisms, and implementation details in the CWE dictionary as well as to review and revise the presentation approaches to provide those that best suit the community using this information.

Download CWE
Download CWE
CWE XML 1.4 ZIP (2009-05-27) Printable CWE 1.4 PDF (7985 KB)
CWE XML 1.3 ZIP (2009-03-10) CWE XSD schema V4.2.1 (2009-03-10) Printable CWE 1.3 PDF (5828 KB)
CWE XML 1.2 ZIP (2009-01-12) CWE XSD schema V4.2 (2009-01-12)
CWE XML 1.1 ZIP (2008-11-25) CWE XSD schema V4.0.1 (2008-11-25)
CWE XML 1.0.1 ZIP (2008-10-14) CWE XSD schema V4.0 (2008-09-09)
CWE XML 1.0 ZIP (2008-09-09)
Back to top
Useful Overviews
Useful Overviews
Development Concepts (699) Research Concepts (1000)
Comprehensive CWE Dictionary (2000) PDFs with Graphical Depictions of CWE
Back to top
Graphs
Graphs
(1000) Research Concepts Graph List Slice XML.zip
(629) Weaknesses in OWASP Top Ten (2007) Graph List Slice XML.zip
(631) Resource-specific Weaknesses Graph List Slice XML.zip
(678) Composites Graph List Slice XML.zip
(699) Development Concepts Graph List Slice XML.zip
(700) Seven Pernicious Kingdoms Graph List Slice XML.zip
(709) Named Chains Graph List Slice XML.zip
(711) Weaknesses in OWASP Top Ten (2004) Graph List Slice XML.zip
(734) Weaknesses Addressed by the CERT C Secure Coding Standard Graph List Slice XML.zip
(750) Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors Graph List Slice XML.zip
Back to top
Explicit Slices
Explicit Slices
(604) Deprecated Entries   List Slice XML.zip
(630) Weaknesses Examined by SAMATE   List Slice XML.zip
(635) Weaknesses Used by NVD   List Slice XML.zip
Back to top
Implicit Slices
Implicit Slices
(2000) Comprehensive CWE Dictionary   List Slice XML.zip
(658) Weaknesses in Software Written in C   List Slice XML.zip
(659) Weaknesses in Software Written in C++   List Slice XML.zip
(660) Weaknesses in Software Written in Java   List Slice XML.zip
(661) Weaknesses in Software Written in PHP   List Slice XML.zip
(677) Weakness Base Elements   List Slice XML.zip
(679) Chain Elements   List Slice XML.zip
(701) Weaknesses Introduced During Design   List Slice XML.zip
(702) Weaknesses Introduced During Implementation   List Slice XML.zip
Back to top
Composites
Composites
(120) Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')   List Slice XML.zip
(291) Trusting Self-reported IP Address   List Slice XML.zip
(352) Cross-Site Request Forgery (CSRF)   List Slice XML.zip
(384) Session Fixation   List Slice XML.zip
(426) Untrusted Search Path   List Slice XML.zip
(434) Unrestricted File Upload   List Slice XML.zip
(61) UNIX Symbolic Link (Symlink) Following   List Slice XML.zip
(689) Permission Race Condition During Resource Copy   List Slice XML.zip
(98) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')   List Slice XML.zip
Back to top
Named Chains
Named Chains
(680) Integer Overflow to Buffer Overflow Graph List Slice XML.zip
(690) Unchecked Return Value to NULL Pointer Dereference Graph List Slice XML.zip
(692) Incomplete Blacklist to Cross-Site Scripting Graph List Slice XML.zip
Back to top

Please contact cwe@mitre.org with suggestions for additional views.
Page Last Updated: May 26, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us