CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11803
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
10313
|
20 |
Improper Input Validation |
6524
|
200 |
Information Exposure |
5649
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
5264
|
284 |
Access Control (Authorization) Issues |
3165
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
2686
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2311
|
287 |
Improper Authentication |
1436
|
125 |
Out-of-bounds Read |
1145
|
190 |
Integer Overflow or Wraparound |
942
|
416 |
Use After Free |
901
|
476 |
NULL Pointer Dereference |
732
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
591
|
362 |
Race Condition |
549
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
491
|
787 |
Out-of-bounds Write |
472
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
423
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
312
|
611 |
Information Leak Through XML External Entity File Disclosure |
295
|
434 |
Unrestricted Upload of File with Dangerous Type |
255
|
798 |
Use of Hard-coded Credentials |
215
|
134 |
Uncontrolled Format String |
199
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
185
|
502 |
Deserialization of Untrusted Data |
175
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
162
|
704 |
Incorrect Type Conversion or Cast |
141
|
285 |
Improper Access Control (Authorization) |
140
|
415 |
Double Free |
127
|
369 |
Divide By Zero |
84
|
326 |
Inadequate Encryption Strength |
79
|
532 |
Information Leak Through Log Files |
70
|
345 |
Insufficient Verification of Data Authenticity |
47
|
129 |
Improper Validation of Array Index |
46
|
306 |
Missing Authentication for Critical Function |
43
|
640 |
Weak Password Recovery Mechanism for Forgotten Password |
40
|
347 |
Improper Verification of Cryptographic Signature |
38
|
191 |
Integer Underflow (Wrap or Wraparound) |
34
|
427 |
Uncontrolled Search Path Element |
33
|
428 |
Unquoted Search Path or Element |
29
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
28
|
346 |
Origin Validation Error |
25
|
693 |
Protection Mechanism Failure |
22
|
93 |
Failure to Sanitize CRLF Sequences ('CRLF Injection') |
21
|
613 |
Insufficient Session Expiration |
19
|
113 |
Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
19
|
358 |
Improperly Implemented Security Check for Standard |
18
|
338 |
Use of Cryptographically Weak PRNG |
17
|
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
15
|
91 |
XML Injection (aka Blind XPath Injection) |
14
|