CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
18600
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11929
|
20 |
Improper Input Validation |
9038
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
7572
|
200 |
Information Exposure |
7517
|
787 |
Out-of-bounds Write |
5426
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
4334
|
125 |
Out-of-bounds Read |
4060
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2817
|
287 |
Improper Authentication |
2758
|
416 |
Use After Free |
2662
|
269 |
Improper Privilege Management |
2309
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
1962
|
476 |
NULL Pointer Dereference |
1774
|
190 |
Integer Overflow or Wraparound |
1654
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
1169
|
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
1165
|
434 |
Unrestricted Upload of File with Dangerous Type |
1157
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
1053
|
362 |
Race Condition |
1015
|
284 |
Access Control (Authorization) Issues |
999
|
732 |
Incorrect Permission Assignment for Critical Resource |
881
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
787
|
798 |
Use of Hard-coded Credentials |
781
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
769
|
522 |
Insufficiently Protected Credentials |
742
|
502 |
Deserialization of Untrusted Data |
725
|
611 |
Information Leak Through XML External Entity File Disclosure |
716
|
276 |
Incorrect Default Permissions |
661
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
601
|
668 |
Exposure of Resource to Wrong Sphere |
569
|
306 |
Missing Authentication for Critical Function |
485
|
772 |
Missing Release of Resource after Effective Lifetime |
389
|
532 |
Information Leak Through Log Files |
374
|
415 |
Double Free |
339
|
427 |
Uncontrolled Search Path Element |
332
|
770 |
Allocation of Resources Without Limits or Throttling |
327
|
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
313
|
319 |
Cleartext Transmission of Sensitive Information |
307
|
326 |
Inadequate Encryption Strength |
295
|
312 |
Cleartext Storage of Sensitive Information |
285
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
272
|
617 |
Reachable Assertion |
268
|
755 |
Improper Handling of Exceptional Conditions |
267
|
134 |
Uncontrolled Format String |
260
|
347 |
Improper Verification of Cryptographic Signature |
251
|
369 |
Divide By Zero |
233
|
203 |
Information Exposure Through Discrepancy |
213
|
311 |
Missing Encryption of Sensitive Data |
193
|
665 |
Improper Initialization |
193
|