Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CWE Number Name Action
CWE-117 Improper Output Neutralization for Logs
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121 Stack-based Buffer Overflow
CWE-122 Heap-based Buffer Overflow
CWE-123 Write-what-where Condition
CWE-124 Buffer Underwrite ('Buffer Underflow')
CWE-125 Out-of-bounds Read
CWE-126 Buffer Over-read
CWE-127 Buffer Under-read
CWE-128 Wrap-around Error
CWE-129 Improper Validation of Array Index
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-131 Incorrect Calculation of Buffer Size
CWE-132 DEPRECATED: Miscalculated Null Termination
CWE-134 Use of Externally-Controlled Format String
CWE-135 Incorrect Calculation of Multi-Byte String Length
CWE-138 Improper Neutralization of Special Elements
CWE-140 Improper Neutralization of Delimiters
CWE-141 Improper Neutralization of Parameter/Argument Delimiters
CWE-142 Improper Neutralization of Value Delimiters
CWE-143 Improper Neutralization of Record Delimiters
CWE-144 Improper Neutralization of Line Delimiters
CWE-145 Improper Neutralization of Section Delimiters
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-147 Improper Neutralization of Input Terminators
CWE-148 Improper Neutralization of Input Leaders
CWE-149 Improper Neutralization of Quoting Syntax
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-151 Improper Neutralization of Comment Delimiters
CWE-152 Improper Neutralization of Macro Symbols
CWE-153 Improper Neutralization of Substitution Characters
CWE-154 Improper Neutralization of Variable Name Delimiters
CWE-155 Improper Neutralization of Wildcards or Matching Symbols
CWE-156 Improper Neutralization of Whitespace
CWE-157 Failure to Sanitize Paired Delimiters
CWE-158 Improper Neutralization of Null Byte or NUL Character
CWE-159 Improper Handling of Invalid Use of Special Elements
CWE-160 Improper Neutralization of Leading Special Elements
CWE-161 Improper Neutralization of Multiple Leading Special Elements
CWE-162 Improper Neutralization of Trailing Special Elements
CWE-163 Improper Neutralization of Multiple Trailing Special Elements
CWE-164 Improper Neutralization of Internal Special Elements
CWE-165 Improper Neutralization of Multiple Internal Special Elements
CWE-166 Improper Handling of Missing Special Element
CWE-167 Improper Handling of Additional Special Element
CWE-168 Improper Handling of Inconsistent Special Elements
CWE-170 Improper Null Termination
CWE-172 Encoding Error
Showing 50 of 959 Results