CWE top 25 most dangerous software weaknesses

The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence.

The CWE top 25 most dangerous software weaknesses list was calculated by analyzing public vulnerability information in Common Vulnerabilities and Exposures (CVE) Records for CWE root cause mappings.

This year’s dataset included 31,770 CVE Records for vulnerabilities published between June 1, 2023 and June 1, 2024. Data was initially pulled on July 30, 2024, to share with CNA community partners for review. Data was pulled again on November 4, 2024, to ensure the most up-to-date CVE Records information was used in the top 25 list calculations. For more in-depth details about the methodology, go here.

CWE Top 25 for 2024

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-787: Out-of-bounds Write
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE-125: Out-of-bounds Read
CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE-416: Use After Free
CWE-862: Missing Authorization
CWE-434: Unrestricted Upload of File with Dangerous Type
CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE-20: Improper Input Validation
CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE-287: Improper Authentication
CWE-269: Improper Privilege Management
CWE-502: Deserialization of Untrusted Data
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-476: NULL Pointer Dereference
CWE-798: Use of Hard-coded Credentials
CWE-190: Integer Overflow or Wraparound
CWE-400: Uncontrolled Resource Consumption
CWE-306: Missing Authentication for Critical Function

Hilfe zur Netzsicherheit

Kommentar verfassen Kommentieren abbrechen

London, GB

6:17 am, Juli 2, 2025

18°C

L: 18° | H: 19°

Fühlt sich an wie 18°C° broken clouds

Luftfeuchtigkeit: 85 %

Druck: 1014 mb

Wind: 9 mph N

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 75%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:48 am

Sonnenuntergang: 9:20 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

18° | 19°°C 0.26 mm 26% 11 mph 85 % 1023 mb 0 mm/h

Tomorrow 10:00 pm

14° | 26°°C 0 mm 0% 12 mph 54 % 1028 mb 0 mm/h

Fr. Juli 04 10:00 pm

15° | 26°°C 0 mm 0% 12 mph 61 % 1028 mb 0 mm/h

Sa. Juli 05 10:00 pm

16° | 21°°C 1 mm 100% 13 mph 95 % 1022 mb 0 mm/h

So. Juli 06 10:00 pm

14° | 17°°C 1 mm 100% 12 mph 91 % 1009 mb 0 mm/h

Today 7:00 am

18° | 18°°C 0 mm 0% 8 mph 85 % 1015 mb 0 mm/h

Today 10:00 am

19° | 21°°C 0 mm 0% 6 mph 82 % 1016 mb 0 mm/h

Today 1:00 pm

19° | 19°°C 0.2 mm 20% 7 mph 75 % 1016 mb 0 mm/h

Today 4:00 pm

21° | 21°°C 0.26 mm 26% 8 mph 45 % 1019 mb 0 mm/h

Today 7:00 pm

24° | 24°°C 0 mm 0% 11 mph 32 % 1020 mb 0 mm/h

Today 10:00 pm

18° | 18°°C 0 mm 0% 11 mph 35 % 1023 mb 0 mm/h

Tomorrow 1:00 am

15° | 15°°C 0 mm 0% 7 mph 39 % 1025 mb 0 mm/h

Tomorrow 4:00 am

14° | 14°°C 0 mm 0% 4 mph 52 % 1026 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€90,081.88	-0.49%
Ethereum(ETH)	€2,063.51	-1.02%
Fesseln(USDT)	€0.85	-0.02%
XRP(XRP)	€1.86	-1.61%
Solana(SOL)	€126.05	-2.41%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.135713	-1.73%
Shiba Inu(SHIB)	€0.000009	0.48%
Pepe(PEPE)	€0.000008	-1.44%

CWE top 25 most dangerous software weaknesses

Teilen:

CWE Top 25 for 2024

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns