CWE Library

Common Weakness Enumeration

All Pillar Root categories Class Abstract weaknesses Base Detectable weaknesses Variant Technology-specific Compound Multi-weakness
CWE-20 Class
Improper Input Validation
Likelihood: High Stable
CWE-74 Class
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Likelihood: High Incomplete
CWE-75 Class
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Draft
CWE-77 Class
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Likelihood: High Draft
CWE-99 Class
Improper Control of Resource Identifiers ('Resource Injection')
Likelihood: High Draft
CWE-114 Class
Process Control
Incomplete
CWE-116 Class
Improper Encoding or Escaping of Output
Likelihood: High Draft
CWE-118 Class
Incorrect Access of Indexable Resource ('Range Error')
Incomplete
CWE-119 Class
Improper Restriction of Operations within the Bounds of a Memory Buffer
Likelihood: High Stable
CWE-138 Class
Improper Neutralization of Special Elements
Draft
CWE-159 Class
Improper Handling of Invalid Use of Special Elements
Draft
CWE-172 Class
Encoding Error
Draft
CWE-185 Class
Incorrect Regular Expression
Draft
CWE-200 Class
Exposure of Sensitive Information to an Unauthorized Actor
Likelihood: High Draft
CWE-216 Class
DEPRECATED: Containment Errors (Container Errors)
Deprecated
CWE-221 Class
Information Loss or Omission
Incomplete
CWE-228 Class
Improper Handling of Syntactically Invalid Structure
Incomplete
CWE-269 Class
Improper Privilege Management
Likelihood: Medium Draft
CWE-271 Class
Privilege Dropping / Lowering Errors
Likelihood: High Incomplete
CWE-282 Class
Improper Ownership Management
Draft
CWE-285 Class
Improper Authorization
Likelihood: High Draft
CWE-286 Class
Incorrect User Management
Incomplete
CWE-287 Class
Improper Authentication
Likelihood: High Draft
CWE-300 Class
Channel Accessible by Non-Endpoint
Draft
CWE-311 Class
Missing Encryption of Sensitive Data
Likelihood: High Draft
CWE-326 Class
Inadequate Encryption Strength
Draft
CWE-327 Class
Use of a Broken or Risky Cryptographic Algorithm
Likelihood: High Draft
CWE-330 Class
Use of Insufficiently Random Values
Likelihood: High Stable
CWE-340 Class
Generation of Predictable Numbers or Identifiers
Incomplete
CWE-345 Class
Insufficient Verification of Data Authenticity
Draft
CWE-346 Class
Origin Validation Error
Draft
CWE-362 Class
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Likelihood: Medium Draft
CWE-377 Class
Insecure Temporary File
Incomplete
CWE-400 Class
Uncontrolled Resource Consumption
Likelihood: High Draft
CWE-402 Class
Transmission of Private Resources into a New Sphere ('Resource Leak')
Draft
CWE-404 Class
Improper Resource Shutdown or Release
Likelihood: Medium Draft
CWE-405 Class
Asymmetric Resource Consumption (Amplification)
Incomplete
CWE-406 Class
Insufficient Control of Network Message Volume (Network Amplification)
Incomplete
CWE-407 Class
Inefficient Algorithmic Complexity
Likelihood: Low Incomplete
CWE-410 Class
Insufficient Resource Pool
Incomplete
CWE-424 Class
Improper Protection of Alternate Path
Draft
CWE-436 Class
Interpretation Conflict
Incomplete
CWE-441 Class
Unintended Proxy or Intermediary ('Confused Deputy')
Draft
CWE-446 Class
UI Discrepancy for Security Feature
Incomplete
CWE-451 Class
User Interface (UI) Misrepresentation of Critical Information
Draft
CWE-506 Class
Embedded Malicious Code
Incomplete
CWE-514 Class
Covert Channel
Incomplete
CWE-522 Class
Insufficiently Protected Credentials
Incomplete
CWE-573 Class
Improper Following of Specification by Caller
Draft
CWE-592 Class
DEPRECATED: Authentication Bypass Issues
Deprecated