CWE - Common Weakness Enumeration

CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

2023 CWE Top 25 Most Dangerous Software Weaknesses

This list demonstrates the currently most common and impactful software weaknesses. Often easy to find and exploit, these can lead to exploitable vulnerabilities that allow adversaries to completely take over a system, steal data, or prevent applications from working.

Top 25 List | Key Insights | Methodology

CWE List Quick Access
Search CWE View CWE Total Weaknesses: 933

Community Engagement
Hardware CWE Special Interest Group	Join HW CWE SIG
ICS/OT Special Interest Group	Join ICS/OT SIG
REST API Working Group	Join REST API WG
User Experience Working Group	Join UE WG
CWE/CAPEC Board	Read meeting minutes

Please see our Guidelines for New Content Suggestions
For other ways to get involved, contact us

CWE News
News Stubborn Weaknesses in the CWE Top 25 (Updated) News CWE Top 25 Weaknesses Trends from 2019 Through 2023 Now Available News 2023 CWE Top 25 Weaknesses “On the Cusp” List Now Available News 2023 “CWE Top 25” Now Available! News CWE Version 4.12 Now Available More >>


	Site Map \| Terms of Use \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2023, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.