Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CWE Number Name Action
CWE-173 Improper Handling of Alternate Encoding
CWE-174 Double Decoding of the Same Data
CWE-175 Improper Handling of Mixed Encoding
CWE-176 Improper Handling of Unicode Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-178 Improper Handling of Case Sensitivity
CWE-179 Incorrect Behavior Order: Early Validation
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-182 Collapse of Data into Unsafe Value
CWE-183 Permissive List of Allowed Inputs
CWE-184 Incomplete List of Disallowed Inputs
CWE-185 Incorrect Regular Expression
CWE-186 Overly Restrictive Regular Expression
CWE-187 Partial String Comparison
CWE-188 Reliance on Data/Memory Layout
CWE-190 Integer Overflow or Wraparound
CWE-191 Integer Underflow (Wrap or Wraparound)
CWE-192 Integer Coercion Error
CWE-193 Off-by-one Error
CWE-194 Unexpected Sign Extension
CWE-195 Signed to Unsigned Conversion Error
CWE-196 Unsigned to Signed Conversion Error
CWE-197 Numeric Truncation Error
CWE-198 Use of Incorrect Byte Ordering
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-201 Insertion of Sensitive Information Into Sent Data
CWE-202 Exposure of Sensitive Information Through Data Queries
CWE-203 Observable Discrepancy
CWE-204 Observable Response Discrepancy
CWE-205 Observable Behavioral Discrepancy
CWE-206 Observable Internal Behavioral Discrepancy
CWE-207 Observable Behavioral Discrepancy With Equivalent Products
CWE-208 Observable Timing Discrepancy
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-210 Self-generated Error Message Containing Sensitive Information
CWE-211 Externally-Generated Error Message Containing Sensitive Information
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
CWE-213 Exposure of Sensitive Information Due to Incompatible Policies
CWE-214 Invocation of Process Using Visible Sensitive Information
CWE-215 Insertion of Sensitive Information Into Debugging Code
CWE-216 DEPRECATED: Containment Errors (Container Errors)
CWE-217 DEPRECATED: Failure to Protect Stored Data from Modification
CWE-218 DEPRECATED: Failure to provide confidentiality for stored data
CWE-219 Storage of File with Sensitive Data Under Web Root
CWE-220 Storage of File With Sensitive Data Under FTP Root
CWE-221 Information Loss or Omission
CWE-222 Truncation of Security-relevant Information
CWE-223 Omission of Security-relevant Information
CWE-224 Obscured Security-relevant Information by Alternate Name
Showing 50 of 959 Results