CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
18996
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11912
|
20 |
Improper Input Validation |
9075
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
7914
|
200 |
Information Exposure |
7543
|
787 |
Out-of-bounds Write |
5613
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
4370
|
125 |
Out-of-bounds Read |
4124
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2836
|
287 |
Improper Authentication |
2806
|
416 |
Use After Free |
2713
|
269 |
Improper Privilege Management |
2366
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
1989
|
476 |
NULL Pointer Dereference |
1797
|
190 |
Integer Overflow or Wraparound |
1678
|
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
1217
|
434 |
Unrestricted Upload of File with Dangerous Type |
1195
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
1192
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
1081
|
362 |
Race Condition |
1035
|
284 |
Access Control (Authorization) Issues |
1003
|
732 |
Incorrect Permission Assignment for Critical Resource |
897
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
800
|
798 |
Use of Hard-coded Credentials |
797
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
777
|
522 |
Insufficiently Protected Credentials |
753
|
502 |
Deserialization of Untrusted Data |
736
|
611 |
Information Leak Through XML External Entity File Disclosure |
725
|
276 |
Incorrect Default Permissions |
685
|
668 |
Exposure of Resource to Wrong Sphere |
610
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
608
|
306 |
Missing Authentication for Critical Function |
507
|
772 |
Missing Release of Resource after Effective Lifetime |
393
|
532 |
Information Leak Through Log Files |
389
|
415 |
Double Free |
346
|
427 |
Uncontrolled Search Path Element |
343
|
770 |
Allocation of Resources Without Limits or Throttling |
337
|
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
319
|
319 |
Cleartext Transmission of Sensitive Information |
317
|
326 |
Inadequate Encryption Strength |
296
|
312 |
Cleartext Storage of Sensitive Information |
292
|
617 |
Reachable Assertion |
280
|
755 |
Improper Handling of Exceptional Conditions |
278
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
272
|
134 |
Uncontrolled Format String |
262
|
347 |
Improper Verification of Cryptographic Signature |
255
|
369 |
Divide By Zero |
233
|
203 |
Information Exposure Through Discrepancy |
221
|
311 |
Missing Encryption of Sensitive Data |
199
|
345 |
Insufficient Verification of Data Authenticity |
199
|