CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-117
Improper Output Neutralization for Logs
CWE-118
Incorrect Access of Indexable Resource ('Range Error')
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121
Stack-based Buffer Overflow
CWE-122
Heap-based Buffer Overflow
CWE-123
Write-what-where Condition
CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE-125
Out-of-bounds Read
CWE-126
Buffer Over-read
CWE-127
Buffer Under-read
CWE-128
Wrap-around Error
CWE-129
Improper Validation of Array Index
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-131
Incorrect Calculation of Buffer Size
CWE-132
DEPRECATED: Miscalculated Null Termination
CWE-134
Use of Externally-Controlled Format String
CWE-135
Incorrect Calculation of Multi-Byte String Length
CWE-138
Improper Neutralization of Special Elements
CWE-140
Improper Neutralization of Delimiters
CWE-141
Improper Neutralization of Parameter/Argument Delimiters
CWE-142
Improper Neutralization of Value Delimiters
CWE-143
Improper Neutralization of Record Delimiters
CWE-144
Improper Neutralization of Line Delimiters
CWE-145
Improper Neutralization of Section Delimiters
CWE-146
Improper Neutralization of Expression/Command Delimiters
CWE-147
Improper Neutralization of Input Terminators
CWE-148
Improper Neutralization of Input Leaders
CWE-149
Improper Neutralization of Quoting Syntax
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE-151
Improper Neutralization of Comment Delimiters
CWE-152
Improper Neutralization of Macro Symbols
CWE-153
Improper Neutralization of Substitution Characters
CWE-154
Improper Neutralization of Variable Name Delimiters
CWE-155
Improper Neutralization of Wildcards or Matching Symbols
CWE-156
Improper Neutralization of Whitespace
CWE-157
Failure to Sanitize Paired Delimiters
CWE-158
Improper Neutralization of Null Byte or NUL Character
CWE-159
Improper Handling of Invalid Use of Special Elements
CWE-160
Improper Neutralization of Leading Special Elements
CWE-161
Improper Neutralization of Multiple Leading Special Elements
CWE-162
Improper Neutralization of Trailing Special Elements
CWE-163
Improper Neutralization of Multiple Trailing Special Elements
CWE-164
Improper Neutralization of Internal Special Elements
CWE-165
Improper Neutralization of Multiple Internal Special Elements
CWE-166
Improper Handling of Missing Special Element
CWE-167
Improper Handling of Additional Special Element
CWE-168
Improper Handling of Inconsistent Special Elements
