Common Weakness Enumeration

Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.

Reset

765 CWEs

API response
CWE Name Mapping usage Occurrences
CWE-1076 Insufficient Adherence to Expected Conventions Prohibited 2
CWE-920 Improper Restriction of Power Consumption Allowed 1
CWE-828 Signal Handler with Functionality that is not Asynchronous-Safe Allowed 1
CWE-768 Incorrect Short Circuit Evaluation Allowed 1
CWE-765 Multiple Unlocks of a Critical Resource Allowed 1
CWE-761 Free of Pointer not at Start of Buffer Allowed 1
CWE-695 Use of Low-Level Functionality Allowed 1
CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream Allowed 1
CWE-673 External Influence of Sphere Definition Allowed-with-Review 1
CWE-663 Use of a Non-reentrant Function in a Concurrent Context Allowed 1
CWE-66 Improper Handling of File Names that Identify Virtual Resources Allowed 1
CWE-654 Reliance on a Single Factor in a Security Decision Allowed 1
CWE-638 Not Using Complete Mediation Allowed-with-Review 1
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') Allowed-with-Review 1
CWE-621 Variable Extraction Error Allowed 1
CWE-618 Exposed Unsafe ActiveX Method Allowed 1
CWE-615 Inclusion of Sensitive Information in Source Code Comments Allowed 1
CWE-600 Uncaught Exception in Servlet Allowed 1
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length Allowed 1
CWE-587 Assignment of a Fixed Address to a Pointer Allowed 1
CWE-571 Expression is Always True Allowed 1
CWE-570 Expression is Always False Allowed 1
CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File Allowed 1
CWE-553 Command Shell in Externally Accessible Directory Allowed 1
CWE-541 Inclusion of Sensitive Information in an Include File Allowed 1
CWE-533 DEPRECATED: Information Exposure Through Server Log Files Prohibited 1
CWE-529 Exposure of Access Control List Files to an Unauthorized Control Sphere Allowed 1
CWE-515 Covert Storage Channel Allowed 1
CWE-514 Covert Channel Allowed-with-Review 1
CWE-509 Replicating Malicious Code (Virus or Worm) Allowed 1
CWE-507 Trojan Horse Allowed 1
CWE-50 Path Equivalence: '//multiple/leading/slash' Allowed 1
CWE-495 Private Data Structure Returned From A Public Method Allowed 1
CWE-484 Omitted Break Statement in Switch Allowed 1
CWE-482 Comparing instead of Assigning Allowed 1
CWE-478 Missing Default Case in Multiple Condition Expression Allowed 1
CWE-469 Use of Pointer Subtraction to Determine Size Allowed 1
CWE-463 Deletion of Data Structure Sentinel Allowed 1
CWE-462 Duplicate Key in Associative List (Alist) Allowed 1
CWE-455 Non-exit on Failed Initialization Allowed 1
CWE-443 DEPRECATED: HTTP response splitting Prohibited 1