2023 CWE Top 25 Key Insights
To create the 2023 CWE Top 25 list, the CWE Team leveraged Common Vulnerabilities and Exposures (CVE®) data found within the National Institute of Standards and Technology (NIST) U.S. National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) scores associated with each CVE Record, including a focus on CVE Records from the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. A formula was applied to the data to score each weakness based on prevalence and severity.
The dataset analyzed to calculate the 2023 Top 25 contained a total of 43,996 CVE Records across 2021 and 2022.
There are several notable shifts in ranked positions of weakness types from last year's list, including weaknesses dropping away or making their first appearance in a Top 25.
The biggest movers up the list are:
The biggest downward movers are:
New entries in the Top 25 are:
Entries that fell off the Top 25 are:
Also see Trends in Real-World CWEs: 2019 to 2023.