OWASP CVEs By Year

Year	2020	2019	2018	2017	2016	2015	2014	2013	2012	2011	2010	2009	2008	2007	2006	2005	2004	2003	2002	2001	2000	1999	1998	1997	1996	1995	1994	1993	1992	1991	1990
Sql Injection	231	527	452	485	85	216	302	153	234	292	517	959	1096	705	965	602	148	49	40	6	2	0	0	0	0	0	0	0	0	0	0
DOM Injection	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
XML Injection	2	6	5	3	1	1	1	1	1	3	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Server-Side Includes Injection	0	0	0	0	0	0	1	1	0	0	0	0	0	0	0	0	0	2	2	3	0	1	0	0	0	0	0	0	0	0	0
Command Injection	257	247	265	128	2	0	32	1	8	20	5	1	1	1	3	1	0	2	0	0	0	0	0	0	0	0	0	0	0	0	0
Broken Authentication	594	619	638	498	193	375	409	275	283	149	184	308	217	190	168	160	85	57	103	76	38	23	6	3	0	1	0	0	2	0	0
Sensitive Data Exposure	45	67	82	97	7	2	4	3	2	1	1	4	3	2	13	8	2	4	3	5	1	1	0	0	0	0	0	0	0	0	0
XML External Entities (XEE)	3	5	13	2	1	3	7	11	0	1	0	1	0	0	0	1	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0
Broken Access Control	199	350	205	113	14	28	40	32	20	4	42	106	47	91	78	44	23	13	20	7	9	8	2	1	0	1	0	0	1	0	0
Security Misconfiguration	10	20	12	11	5	0	0	1	0	0	0	1	1	0	0	0	0	0	0	0	1	0	1	0	0	0	0	0	0	0	0
Cross Site Scripting (XSS)	1161	2021	1584	1117	479	787	1101	647	773	495	637	866	815	892	1297	783	293	131	124	20	6	1	0	1	0	0	0	0	0	0	0
Insecure Deserialization	59	74	61	28	12	3	3	4	0	5	4	1	2	1	0	2	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Using Components with Known Vulnerabilities	0	3	17	0	0	0	0	0	0	0	0	0	0	0	1	160	132	65	44	16	1	2	0	0	0	0	0	0	0	0	0
Insecure Encryption	263	494	398	323	156	134	116	101	78	40	63	64	50	65	59	58	36	28	49	42	26	26	6	0	0	1	0	0	0	0	0
Information Leakage	203	393	314	316	51	20	15	21	27	34	17	38	31	30	46	70	30	29	58	20	5	4	3	2	0	0	0	0	0	0	0
Direct Object Reference	12	19	10	4	1	1	3	0	1	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Unvalidated Redirect	132	246	189	184	84	106	97	58	58	49	52	53	72	59	58	52	21	22	33	18	18	14	3	4	1	1	0	0	1	0	1
Cross Site Request Forgery	271	536	462	326	86	248	264	123	166	58	85	115	83	69	18	11	5	0	2	0	0	0	0	0	0	0	0	0	0	0	0
Insufficient Logging and Monitoring	632	881	667	647	125	166	213	172	149	128	157	271	215	320	355	246	126	75	90	70	35	44	12	10	2	1	1	1	1	1	0
Brute Force	26	30	19	19	3	7	14	2	7	2	1	6	15	6	10	15	12	14	22	23	4	6	2	0	0	0	0	0	0	0	0
Cache Poisioning	3	11	6	12	3	1	0	0	0	2	1	1	15	1	1	0	0	0	4	0	0	0	0	2	0	0	0	0	0	0	0
DNS Poisioning	0	0	0	1	0	0	0	0	0	0	0	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Path Traversal	82	106	103	38	4	14	21	11	11	5	2	12	14	34	14	2	3	2	0	0	0	0	0	0	0	0	0	0	0	0	0
HTTP Response Splitting	12	10	11	11	14	13	13	7	11	7	8	9	7	14	8	15	12	1	0	0	0	0	0	0	0	0	0	0	0	0	0
Sniffing	12	26	28	36	23	43	37	29	33	19	14	17	13	17	12	16	6	8	23	20	10	3	0	0	0	1	0	0	0	0	0
Spoofing	96	175	173	243	117	136	1523	91	129	43	61	86	42	78	48	82	49	24	41	35	10	16	7	5	0	1	0	0	0	0	0
Session Fixation	13	19	20	19	3	7	19	11	9	8	5	15	11	22	2	0	5	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Session Hijacking	9	16	8	5	14	0	1	1	0	0	2	1	1	3	0	0	0	0	0	1	1	1	0	0	0	0	0	0	0	0	0
Spyware	1	0	7	1	0	0	0	0	0	0	0	1	1	5	3	3	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Malware	16	36	48	35	18	4	5	2	86	4	3	7	34	11	5	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Parameter Tampering	1	9	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0