OWASP CVEs By Year

Year 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990
Sql Injection 210 517 449 478 84 214 302 153 233 291 516 959 1093 705 965 602 148 49 40 6 2 0 0 0 0 0 0 0 0 0 0
DOM Injection 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
XML Injection 1 6 6 3 1 1 1 1 1 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Server-Side Includes Injection 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 2 3 0 1 0 0 0 0 0 0 0 0 0
Command Injection 256 246 264 131 2 0 32 1 8 20 5 1 1 1 3 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Authentication 575 607 637 502 194 376 410 277 283 147 182 307 217 190 168 160 85 57 103 76 38 23 6 3 0 1 0 0 2 0 0
Sensitive Data Exposure 45 66 82 97 7 2 4 3 2 1 1 4 3 2 13 8 2 4 3 5 1 1 0 0 0 0 0 0 0 0 0
XML External Entities (XEE) 4 5 13 1 1 3 7 11 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Access Control 189 341 203 113 15 28 40 32 19 4 42 106 47 91 78 44 23 13 20 7 9 8 2 1 0 1 0 0 1 0 0
Security Misconfiguration 10 22 11 11 5 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Cross Site Scripting (XSS) 1086 1998 1561 1128 476 787 1096 646 773 492 638 865 815 892 1297 783 293 131 124 20 6 1 0 1 0 0 0 0 0 0 0
Insecure Deserialization 60 75 58 28 13 3 3 4 0 5 4 1 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Using Components with Known Vulnerabilities 0 2 17 0 0 0 0 0 0 0 0 0 0 0 1 160 132 65 44 16 1 2 0 0 0 0 0 0 0 0 0
Insecure Encryption 263 491 400 321 159 134 119 101 77 40 62 64 50 65 59 58 36 28 49 42 26 26 6 0 0 1 0 0 0 0 0
Information Leakage 206 408 315 316 50 20 16 21 26 34 17 38 32 30 46 70 30 29 58 20 5 4 3 2 0 0 0 0 0 0 0
Direct Object Reference 10 15 10 4 1 1 3 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Unvalidated Redirect 130 246 189 185 84 106 97 58 58 51 52 53 72 58 58 52 21 22 33 18 18 14 3 4 1 1 0 0 1 0 1
Cross Site Request Forgery 261 527 460 332 85 248 267 123 166 57 85 115 83 69 18 11 5 0 2 0 0 0 0 0 0 0 0 0 0 0 0
Insufficient Logging and Monitoring 631 854 667 651 125 165 214 172 149 126 157 271 216 320 355 246 126 75 90 70 35 44 12 10 2 1 1 1 1 1 0
Brute Force 27 29 20 20 3 7 13 2 7 2 1 6 15 6 10 15 12 14 22 23 4 6 2 0 0 0 0 0 0 0 0
Cache Poisioning 3 11 6 12 3 1 0 0 0 2 1 1 15 1 1 0 0 0 4 0 0 0 0 2 0 0 0 0 0 0 0
DNS Poisioning 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Path Traversal 81 105 99 38 4 14 21 11 12 5 2 12 14 34 14 2 3 2 0 0 0 0 0 0 0 0 0 0 0 0 0
HTTP Response Splitting 12 10 12 11 14 14 13 7 11 7 8 9 7 14 8 15 12 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Sniffing 11 27 27 35 23 43 37 30 33 19 15 17 13 17 12 16 6 8 23 20 10 3 0 0 0 1 0 0 0 0 0
Spoofing 102 172 173 247 115 138 1523 94 129 42 61 86 42 78 48 82 49 24 41 35 10 16 7 5 0 1 0 0 0 0 0
Session Fixation 13 21 19 19 3 7 19 11 9 7 5 15 11 22 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Session Hijacking 9 15 8 6 14 0 1 1 0 0 2 1 1 3 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
Spyware 1 0 6 1 0 0 0 0 0 0 0 1 1 5 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Malware 15 29 47 35 18 4 5 2 86 4 3 7 34 11 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Parameter Tampering 1 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0