CWE - Common Weakness Enumeration

Knowing the weaknesses that result in vulnerabilities means software developers, hardware designers, and security architects can eliminate them before deployment, when it is much easier and cheaper to do so

Learn About CWE
Overview – Learn what CWE is and how to use the information available on this website Basics FAQs Glossary	Root Cause Mapping – Learn about identifying the underlying cause(s) of a vulnerability Guidance Quick Tips Examples

Access Content
All Weaknesses (943 total) Top-N Lists Search CWE View CWEs by CWE REST API

Latest News and Updates
Podcast “Root Cause Mapping and the CWE Top 25” News CWE Version 4.17 Now Available! News “2024 CWE Top 10 KEV Weaknesses” List Now Available Community View and Comment on Community Submissions in the “CWE Content Development Repository (CDR)” Community CWE Is Focus of Four Talks at VulnCon 2025 News Follow the CWE Program on Bluesky See More >>

Page Last Updated: April 14, 2025


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.