|
CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
16481
|
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
11984
|
|
20 |
Improper Input Validation |
8811
|
|
200 |
Information Exposure |
7499
|
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
6680
|
|
787 |
Out-of-bounds Write |
3969
|
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
3888
|
|
125 |
Out-of-bounds Read |
3483
|
|
94 |
Failure to Control Generation of Code ('Code Injection') |
2711
|
|
287 |
Improper Authentication |
2434
|
|
416 |
Use After Free |
2209
|
|
269 |
Improper Privilege Management |
1986
|
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
1683
|
|
190 |
Integer Overflow or Wraparound |
1479
|
|
476 |
NULL Pointer Dereference |
1434
|
|
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
972
|
|
284 |
Access Control (Authorization) Issues |
971
|
|
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
892
|
|
362 |
Race Condition |
873
|
|
434 |
Unrestricted Upload of File with Dangerous Type |
869
|
|
732 |
Incorrect Permission Assignment for Critical Resource |
759
|
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
731
|
|
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
689
|
|
798 |
Use of Hard-coded Credentials |
668
|
|
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
662
|
|
522 |
Insufficiently Protected Credentials |
645
|
|
611 |
Information Leak Through XML External Entity File Disclosure |
628
|
|
502 |
Deserialization of Untrusted Data |
611
|
|
276 |
Incorrect Default Permissions |
508
|
|
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
507
|
|
306 |
Missing Authentication for Critical Function |
398
|
|
772 |
Missing Release of Resource after Effective Lifetime |
391
|
|
532 |
Information Leak Through Log Files |
322
|
|
415 |
Double Free |
291
|
|
326 |
Inadequate Encryption Strength |
264
|
|
134 |
Uncontrolled Format String |
252
|
|
668 |
Exposure of Resource to Wrong Sphere |
251
|
|
770 |
Allocation of Resources Without Limits or Throttling |
251
|
|
319 |
Cleartext Transmission of Sensitive Information |
249
|
|
427 |
Uncontrolled Search Path Element |
244
|
|
312 |
Cleartext Storage of Sensitive Information |
224
|
|
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
218
|
|
369 |
Divide By Zero |
212
|
|
327 |
Use of a Broken or Risky Cryptographic Algorithm |
211
|
|
347 |
Improper Verification of Cryptographic Signature |
204
|
|
755 |
Improper Handling of Exceptional Conditions |
193
|
|
617 |
Reachable Assertion |
185
|
|
704 |
Incorrect Type Conversion or Cast |
183
|
|
311 |
Missing Encryption of Sensitive Data |
178
|
|
345 |
Insufficient Verification of Data Authenticity |
161
|
