The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses.
The following table shows the CWE Top 25, including the number of entries relate to CWE within the NVD(CVE) data set, and the average CVSS score.
| Rank | CWE | NVD Count | Avg CVSS | Overall Score |
|---|---|---|---|---|
| [1] | CWE-79 | 3788 | 5.80 | 46.82 |
| [2] | CWE-787 | 2225 | 8.31 | 46.17 |
| [3] | CWE-20 | 1910 | 7.35 | 33.47 |
| [4] | CWE-125 | 1578 | 7.13 | 26.5 |
| [5] | CWE-119 | 1189 | 8.08 | 23.73 |
| [6] | CWE-89 | 901 | 8.98 | 20.69 |
| [7] | CWE-200 | 1467 | 6.01 | 19.16 |
| [8] | CWE-416 | 918 | 8.26 | 18.87 |
| [9] | CWE-352 | 866 | 8.08 | 17.29 |
| [10] | CWE-78 | 767 | 8.52 | 16.44 |
| [11] | CWE-190 | 846 | 7.70 | 15.81 |
| [12] | CWE-22 | 792 | 7.27 | 13.67 |
| [13] | CWE-476 | 529 | 6.83 | 8.35 |
| [14] | CWE-287 | 412 | 8.05 | 8.17 |
| [15] | CWE-434 | 346 | 8.50 | 7.38 |
| [16] | CWE-732 | 426 | 6.99 | 6.95 |
| [17] | CWE-94 | 295 | 8.74 | 6.53 |
| [18] | CWE-522 | 283 | 7.92 | 5.49 |
| [19] | CWE-611 | 277 | 7.88 | 5.33 |
| [20] | CWE-798 | 234 | 8.76 | 5.19 |
| [21] | CWE-502 | 217 | 8.93 | 4.93 |
| [22] | CWE-269 | 278 | 7.36 | 4.87 |
| [23] | CWE-400 | 249 | 7.09 | 4.14 |
| [24] | CWE-306 | 193 | 8.10 | 3.85 |
| [25] | CWE-862 | 236 | 6.90 | 3.77 |
Links: