CWE - Common Weakness Enumeration

CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

CWE List Quick Access
View CWE Search CWE Total Weaknesses: 927

2022 CWE Top 25 Most Dangerous Software Weaknesses They are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. Software List \| Limitations \| Methodology \| More
Community Engagement
Hardware CWE Special Interest Group	Join HW CWE SIG
ICS/OT Special Interest Group	Join ICS/OT SIG
REST API Working Group	Join REST API WG
User Experience Working Group	Join UE WG
CWE/CAPEC Board	Read meeting minutes

CWE News
News 2022 “CWE Top 25” Now Available! News CWE Version 4.8 Now Available Blog “How to Effectively Utilize Hardware CWEs Across your Organization” Contributed by Jason Oberg of Tortuga Logic Blog “The Missing Piece in Vulnerability Management” Contributed by Fil Filiposki of AttackForge More >>

Please see our Guidelines for New Content Suggestions
For other ways to get involved, contact us


	Site Map \| Terms of Use \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

2022 CWE Top 25 Most Dangerous Software Weaknesses