Views

Architectural Concepts

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that…

CISQ Data Protection Measures

This view outlines the SMM representation of the Automated Source Code Data Protection Measurement specifications, as identified by the Consortium for…

CISQ Quality Measures (2016)

This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality…

CISQ Quality Measures (2020)

This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality…

Composites

This view displays only composite weaknesses.

Comprehensive Categorization for Software Assurance Trends

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

CWE Cross-section

This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be…

Deprecated Entries

CWE nodes in this view (slice) have been deprecated. There should be a reference pointing to the replacement in each deprecated weakness.

Entries with Maintenance Notes

CWE entries in this view have maintenance notes. Maintenance notes are an indicator that an entry might change significantly in future versions. This view was…

Hardware Design

This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the…

Named Chains

This view displays Named Chains and their components.

Quality Weaknesses with Indirect Security Impacts

CWE identifiers in this view (slice) are quality issues that only indirectly make it easier to introduce a vulnerability and/or make the vulnerability more…

Research Concepts

This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical…

Seven Pernicious Kingdoms

This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.

Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software…

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Weakness Base Elements

This view (slice) displays only weakness base elements.

Weaknesses Addressed by ISA/IEC 62443 Requirements

This view (slice) covers weaknesses that are addressed by following requirements in the ISA/IEC 62443 series of standards for industrial automation and…

Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard"…

Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for…

Weaknesses Addressed by the SEI CERT C Coding Standard

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and…

Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer…

Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and…

Weaknesses Addressed by the SEI CERT Perl Coding Standard

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and…

Weaknesses for Simplified Mapping of Published Vulnerabilities

CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such…

Weaknesses in Mobile Applications

CWE entries in this view (slice) are often seen in mobile applications.

Weaknesses in OWASP Top Ten (2004)

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This…

Weaknesses in OWASP Top Ten (2007)

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2007. This view is considered obsolete as a newer version of the OWASP…

Weaknesses in OWASP Top Ten (2010)

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2010. This view is considered obsolete as a newer version of the OWASP…

Weaknesses in OWASP Top Ten (2013)

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2013. This view is considered obsolete as a newer version of the OWASP…

Weaknesses in OWASP Top Ten (2017)

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2017.

Weaknesses in OWASP Top Ten (2021)

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.

Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS

CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure…

Weaknesses in Software Written in C

This view (slice) covers issues that are found in C programs that are not common to all languages.

Weaknesses in Software Written in C++

This view (slice) covers issues that are found in C++ programs that are not common to all languages.

Weaknesses in Software Written in Java

This view (slice) covers issues that are found in Java programs that are not common to all languages.

Weaknesses in Software Written in PHP

This view (slice) covers issues that are found in PHP programs that are not common to all languages.

Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

CWE entries in this view (graph) are listed in the 2009 CWE/SANS Top 25 Programming Errors. This view is considered obsolete as a newer version of the Top 25…

Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

CWE entries in this view (graph) are listed in the 2010 CWE/SANS Top 25 Programming Errors. This view is considered obsolete as a newer version of the Top 25…

Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors

CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.

Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors

CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.

Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses

CWE entries in this view are listed in the 2020 CWE Top 25 Most Dangerous Software Weaknesses.

Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List

CWE entries in this view are listed in the 2021 CWE Most Important Hardware Weaknesses List, as determined by the Hardware CWE Special Interest Group (HW CWE…

Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses

CWE entries in this view are listed in the 2021 CWE Top 25 Most Dangerous Software Weaknesses.

Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses

CWE entries in this view are listed in the 2022 CWE Top 25 Most Dangerous Software Weaknesses.

Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses

CWE entries in this view are listed in the 2023 CWE Top 25 Most Dangerous Software Weaknesses.

Weaknesses in the 2024 CWE Top 25 Most Dangerous Software Weaknesses

CWE entries in this view are listed in the 2024 CWE Top 25 Most Dangerous Software Weaknesses.

Weaknesses in the 2025 CWE Most Important Hardware Weaknesses List

CWE entries in this view are listed in the 2025 CWE Most Important Hardware Weaknesses List, as determined by the Hardware CWE Special Interest Group (HW CWE…

Weaknesses Introduced During Design

This view (slice) lists weaknesses that can be introduced during design.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses Originally Used by NVD from 2008 to 2016

CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many…