|
CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
17188
|
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11968
|
|
20 |
Improper Input Validation |
8871
|
|
200 |
Information Exposure |
7520
|
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
6880
|
|
787 |
Out-of-bounds Write |
4357
|
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
4026
|
|
125 |
Out-of-bounds Read |
3643
|
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2740
|
|
287 |
Improper Authentication |
2518
|
|
416 |
Use After Free |
2327
|
|
269 |
Improper Privilege Management |
2133
|
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
1747
|
|
476 |
NULL Pointer Dereference |
1557
|
|
190 |
Integer Overflow or Wraparound |
1525
|
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
1025
|
|
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
995
|
|
284 |
Access Control (Authorization) Issues |
982
|
|
434 |
Unrestricted Upload of File with Dangerous Type |
955
|
|
362 |
Race Condition |
899
|
|
732 |
Incorrect Permission Assignment for Critical Resource |
801
|
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
737
|
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
735
|
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
716
|
|
798 |
Use of Hard-coded Credentials |
685
|
|
522 |
Insufficiently Protected Credentials |
673
|
|
611 |
Information Leak Through XML External Entity File Disclosure |
657
|
|
502 |
Deserialization of Untrusted Data |
654
|
|
276 |
Incorrect Default Permissions |
539
|
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
524
|
|
306 |
Missing Authentication for Critical Function |
421
|
|
772 |
Missing Release of Resource after Effective Lifetime |
395
|
|
668 |
Exposure of Resource to Wrong Sphere |
347
|
|
532 |
Information Leak Through Log Files |
335
|
|
415 |
Double Free |
304
|
|
326 |
Inadequate Encryption Strength |
271
|
|
319 |
Cleartext Transmission of Sensitive Information |
270
|
|
427 |
Uncontrolled Search Path Element |
267
|
|
770 |
Allocation of Resources Without Limits or Throttling |
267
|
|
134 |
Uncontrolled Format String |
255
|
|
312 |
Cleartext Storage of Sensitive Information |
246
|
|
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
242
|
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
226
|
|
347 |
Improper Verification of Cryptographic Signature |
221
|
|
755 |
Improper Handling of Exceptional Conditions |
221
|
|
369 |
Divide By Zero |
218
|
|
617 |
Reachable Assertion |
191
|
|
311 |
Missing Encryption of Sensitive Data |
185
|
|
704 |
Incorrect Type Conversion or Cast |
183
|
|
345 |
Insufficient Verification of Data Authenticity |
174
|
