CWE - Common Weakness Enumeration

CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.

CWE List Quick Access
View CWE Search CWE Total Weaknesses: 926

2021 CWE Most Important Hardware Weaknesses A first of its kind, community-developed list of hardware weaknesses with detailed descriptions and authoritative guidance for mitigating and avoiding them. Hardware List \| Limitations \| Methodology \| More
Community Engagement
Hardware CWE Special Interest Group	Join HW CWE SIG
ICS/OT Special Interest Group	Join ICS/OT SIG
REST API Working Group	Join REST API WG
User Experience Working Group	Join UE WG
CWE/CAPEC Board	Read meeting minutes

CWE News
Blog “How to Effectively Utilize Hardware CWEs Across your Organization” Contributed by Jason Oberg of Tortuga Logic Blog “The Missing Piece in Vulnerability Management” Contributed by Fil Filiposki of AttackForge News New CWE/CAPEC Board Member from Red Hat News CWE Version 4.7 Now Available More >>

Please see our Guidelines for New Content Suggestions
For other ways to get involved, contact us


	Site Map \| Terms of Use \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

2021 CWE Most Important Hardware Weaknesses