Aug 31, 2020

Top 25 Most Dangerous CWE

The Top 25 Most Dangerous Software Weaknesses, or CWE Top 25, is a list of the most common and impactful issues experienced over the past 2 years. These weaknesses are dangerous because they are often easy to find, exploit, and may allow for completely take over a system, steal data, or prevent an application from working.

The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security weaknesses.

The following table shows the CWE Top 25, including the number of entries relate to CWE within the NVD(CVE) data set, and the average CVSS score.


RankCWENVD CountAvg CVSSOverall Score
[1]CWE-7937885.8046.82
[2]CWE-78722258.3146.17
[3]CWE-2019107.3533.47
[4]CWE-12515787.1326.5
[5]CWE-11911898.0823.73
[6]CWE-899018.9820.69
[7]CWE-20014676.0119.16
[8]CWE-4169188.2618.87
[9]CWE-3528668.0817.29
[10]CWE-787678.5216.44
[11]CWE-1908467.7015.81
[12]CWE-227927.2713.67
[13]CWE-4765296.838.35
[14]CWE-2874128.058.17
[15]CWE-4343468.507.38
[16]CWE-7324266.996.95
[17]CWE-942958.746.53
[18]CWE-5222837.925.49
[19]CWE-6112777.885.33
[20]CWE-7982348.765.19
[21]CWE-5022178.934.93
[22]CWE-2692787.364.87
[23]CWE-4002497.094.14
[24]CWE-3061938.103.85
[25]CWE-8622366.903.77

Links: