CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE Top 25 > 2023  
ID

2023 CWE Top 25 Most Dangerous Software Weaknesses


NOTICE: This is a previous version of the Top 25. For the most recent version go here.


Share via:
  1. Out-of-bounds Write
    CWE-787 CVEs in KEV: 70 Rank Last Year: 1
  2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    CWE-79 CVEs in KEV: 4 Rank Last Year: 2
  3. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    CWE-89 CVEs in KEV: 6 Rank Last Year: 3
  4. Use After Free
    CWE-416 CVEs in KEV: 44 Rank Last Year: 7 (up 3) upward trend
  5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    CWE-78 CVEs in KEV: 23 Rank Last Year: 6 (up 1) upward trend
  6. Improper Input Validation
    CWE-20 CVEs in KEV: 35 Rank Last Year: 4 (down 2) downward trend
  7. Out-of-bounds Read
    CWE-125 CVEs in KEV: 2 Rank Last Year: 5 (down 2) downward trend
  8. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    CWE-22 CVEs in KEV: 16 Rank Last Year: 8
  9. Cross-Site Request Forgery (CSRF)
    CWE-352 CVEs in KEV: 0 Rank Last Year: 9
  10. Unrestricted Upload of File with Dangerous Type
    CWE-434 CVEs in KEV: 5 Rank Last Year: 10
  11. Missing Authorization
    CWE-862 CVEs in KEV: 0 Rank Last Year: 16 (up 5) upward trend
  12. NULL Pointer Dereference
    CWE-476 CVEs in KEV: 0 Rank Last Year: 11 (down 1) downward trend
  13. Improper Authentication
    CWE-287 CVEs in KEV: 10 Rank Last Year: 14 (up 1) upward trend
  14. Integer Overflow or Wraparound
    CWE-190 CVEs in KEV: 4 Rank Last Year: 13 (down 1) downward trend
  15. Deserialization of Untrusted Data
    CWE-502 CVEs in KEV: 14 Rank Last Year: 12 (down 3) downward trend
  16. Improper Neutralization of Special Elements used in a Command ('Command Injection')
    CWE-77 CVEs in KEV: 4 Rank Last Year: 17 (up 1) upward trend
  17. Improper Restriction of Operations within the Bounds of a Memory Buffer
    CWE-119 CVEs in KEV: 7 Rank Last Year: 19 (up 2) upward trend
  18. Use of Hard-coded Credentials
    CWE-798 CVEs in KEV: 2 Rank Last Year: 15 (down 3) downward trend
  19. Server-Side Request Forgery (SSRF)
    CWE-918 CVEs in KEV: 16 Rank Last Year: 21 (up 2) upward trend
  20. Missing Authentication for Critical Function
    CWE-306 CVEs in KEV: 8 Rank Last Year: 18 (down 2) downward trend
  21. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    CWE-362 CVEs in KEV: 8 Rank Last Year: 22 (up 1) upward trend
  22. Improper Privilege Management
    CWE-269 CVEs in KEV: 5 Rank Last Year: 29 (up 7) upward trend
  23. Improper Control of Generation of Code ('Code Injection')
    CWE-94 CVEs in KEV: 6 Rank Last Year: 25 (up 2) upward trend
  24. Incorrect Authorization
    CWE-863 CVEs in KEV: 0 Rank Last Year: 28 (up 4) upward trend
  25. Incorrect Default Permissions
    CWE-276 CVEs in KEV: 0 Rank Last Year: 20 (down 5) downward trend
Page Last Updated: November 11, 2024