OWASP CVEs By Year

Year 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990
Sql Injection 517 452 485 85 215 300 152 233 292 517 959 1096 705 965 602 148 49 40 6 2 0 0 0 0 0 0 0 0 0 0
DOM Injection 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
XML Injection 6 5 3 1 1 1 1 1 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Server-Side Includes Injection 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 2 3 0 1 0 0 0 0 0 0 0 0 0
Command Injection 239 265 128 2 0 32 1 8 20 5 1 1 1 3 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Authentication 586 643 497 193 375 408 275 283 149 184 308 217 191 168 160 85 57 103 76 38 23 6 3 0 1 0 0 2 0 0
Sensitive Data Exposure 67 82 97 7 2 4 3 2 1 1 4 3 2 13 8 2 4 3 5 1 1 0 0 0 0 0 0 0 0 0
XML External Entities (XEE) 5 13 2 1 3 7 11 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Access Control 333 204 113 14 28 40 32 20 4 42 106 47 91 78 44 23 13 20 7 9 8 2 1 0 1 0 0 1 0 0
Security Misconfiguration 19 12 11 5 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Cross Site Scripting (XSS) 1933 1582 1116 478 787 1100 647 771 493 637 866 815 892 1297 783 293 131 124 20 6 1 0 1 0 0 0 0 0 0 0
Insecure Deserialization 68 61 28 13 3 3 4 0 5 4 1 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Using Components with Known Vulnerabilities 3 17 0 0 0 0 0 0 0 0 0 0 0 1 160 132 65 44 16 1 2 0 0 0 0 0 0 0 0 0
Insecure Encryption 471 398 323 156 134 116 101 77 40 63 64 50 65 59 58 36 28 49 42 26 26 6 0 0 1 0 0 0 0 0
Information Leakage 404 316 316 51 20 15 21 26 34 17 38 31 30 46 70 30 29 58 20 5 4 3 2 0 0 0 0 0 0 0
Direct Object Reference 20 10 4 1 1 3 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Unvalidated Redirect 233 189 184 84 106 97 58 58 49 52 53 72 59 58 52 21 22 33 18 18 14 3 4 1 1 0 0 1 0 1
Cross Site Request Forgery 500 463 326 86 248 263 123 166 58 85 115 83 69 18 11 5 0 2 0 0 0 0 0 0 0 0 0 0 0 0
Insufficient Logging and Monitoring 819 668 647 125 165 213 171 148 128 157 271 215 320 355 246 126 75 90 70 35 44 12 10 2 1 1 1 1 1 0
Brute Force 28 19 19 3 7 14 2 7 2 1 6 15 6 10 15 12 14 22 23 4 6 2 0 0 0 0 0 0 0 0
Cache Poisioning 10 6 12 3 1 0 0 0 2 1 1 15 1 1 0 0 0 4 0 0 0 0 2 0 0 0 0 0 0 0
DNS Poisioning 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Path Traversal 102 103 38 4 14 20 11 11 5 2 12 14 34 14 2 3 2 0 0 0 0 0 0 0 0 0 0 0 0 0
HTTP Response Splitting 9 11 11 14 13 13 7 11 7 8 9 7 14 8 15 12 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Sniffing 25 28 36 23 43 37 29 33 19 14 17 13 17 12 16 6 8 23 20 10 3 0 0 0 1 0 0 0 0 0
Spoofing 177 173 242 117 136 1521 91 128 43 61 86 42 78 48 82 49 24 41 35 10 16 7 5 0 1 0 0 0 0 0
Session Fixation 17 20 19 3 7 19 11 9 8 5 15 11 22 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Session Hijacking 14 8 5 14 0 1 1 0 0 2 1 1 3 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
Spyware 0 7 1 0 0 0 0 0 0 0 1 1 5 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Malware 33 48 35 18 4 5 2 86 4 3 7 34 11 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Parameter Tampering 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0