CWE Reference

Top 25

Prioritized CWE weakness list with executive context, secure coding guidance, and remediation links.

Release starter-2026-05listing

Search And Filters

Browse CWE records

#1 CWE-787 Weakness Base

CWE-787: Out-of-bounds Write

Out-of-bounds Write is a software weakness pattern tracked by CWE 787. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

C C++Rust unsafe Assembly Implementation

#2 CWE-79 Weakness Base

CWE-79: Improper Neutralization of Input During Web Page Generation

Cross-site Scripting is a software weakness pattern tracked by CWE 79. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

JavaScript HTML TypeScript PHP Implementation Architecture and Design

#3 CWE-89 Weakness Base

CWE-89: Improper Neutralization of Special Elements used in an SQL Command

SQL Injection is a software weakness pattern tracked by CWE 89. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

SQL Java PHP Python Implementation

#4 CWE-352 Weakness Compound

CWE-352: Cross-Site Request Forgery

Cross-Site Request Forgery is a software weakness pattern tracked by CWE 352. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

JavaScript HTML PHP Java Architecture and Design Implementation

#5 CWE-22 Weakness Base

CWE-22: Improper Limitation of a Pathname to a Restricted Directory

Path Traversal is a software weakness pattern tracked by CWE 22. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

JavaScript Python Java PHP Implementation

#6 CWE-125 Weakness Base

CWE-125: Out-of-bounds Read

Out-of-bounds Read is a software weakness pattern tracked by CWE 125. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

C C++Rust unsafe Implementation

#7 CWE-78 Weakness Base

CWE-78: Improper Neutralization of Special Elements used in an OS Command

OS Command Injection is a software weakness pattern tracked by CWE 78. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

Shell Python PHP JavaScript Implementation

#8 CWE-416 Weakness Base

CWE-416: Use After Free

Use After Free is a software weakness pattern tracked by CWE 416. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

C C++ Implementation

#9 CWE-862 Weakness Base

CWE-862: Missing Authorization

Missing Authorization is a software weakness pattern tracked by CWE 862. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

Any Architecture and Design Implementation

#10 CWE-200 Weakness Class

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information is a software weakness pattern tracked by CWE 200. The local starter record is replaced by the official MITRE CWE import when the sync pipeline runs.

Any Architecture and Design Implementation Operation