CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
20918
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11907
|
20 |
Improper Input Validation |
9256
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
8953
|
200 |
Information Exposure |
7554
|
787 |
Out-of-bounds Write |
7046
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
4860
|
125 |
Out-of-bounds Read |
4554
|
416 |
Use After Free |
3144
|
287 |
Improper Authentication |
2919
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2902
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
2272
|
269 |
Improper Privilege Management |
2224
|
476 |
NULL Pointer Dereference |
1992
|
190 |
Integer Overflow or Wraparound |
1777
|
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
1518
|
434 |
Unrestricted Upload of File with Dangerous Type |
1451
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
1260
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
1240
|
362 |
Race Condition |
1178
|
284 |
Access Control (Authorization) Issues |
981
|
732 |
Incorrect Permission Assignment for Critical Resource |
971
|
798 |
Use of Hard-coded Credentials |
924
|
502 |
Deserialization of Untrusted Data |
866
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
864
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
846
|
522 |
Insufficiently Protected Credentials |
805
|
611 |
Information Leak Through XML External Entity File Disclosure |
799
|
276 |
Incorrect Default Permissions |
762
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
691
|
668 |
Exposure of Resource to Wrong Sphere |
646
|
306 |
Missing Authentication for Critical Function |
638
|
770 |
Allocation of Resources Without Limits or Throttling |
480
|
532 |
Information Leak Through Log Files |
451
|
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
427
|
427 |
Uncontrolled Search Path Element |
409
|
772 |
Missing Release of Resource after Effective Lifetime |
400
|
319 |
Cleartext Transmission of Sensitive Information |
379
|
415 |
Double Free |
378
|
312 |
Cleartext Storage of Sensitive Information |
351
|
617 |
Reachable Assertion |
344
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
324
|
326 |
Inadequate Encryption Strength |
310
|
755 |
Improper Handling of Exceptional Conditions |
303
|
203 |
Information Exposure Through Discrepancy |
293
|
347 |
Improper Verification of Cryptographic Signature |
291
|
134 |
Uncontrolled Format String |
287
|
639 |
Access Control Bypass Through User-Controlled Key |
273
|
369 |
Divide By Zero |
253
|
345 |
Insufficient Verification of Data Authenticity |
241
|