OWASP CVEs By Year

Year	2020	2019	2018	2017	2016	2015	2014	2013	2012	2011	2010	2009	2008	2007	2006	2005	2004	2003	2002	2001	2000	1999	1998	1997	1996	1995	1994	1993	1992	1991	1990
Sql Injection	210	517	449	478	84	214	302	153	233	291	516	959	1093	705	965	602	148	49	40	6	2	0	0	0	0	0	0	0	0	0	0
DOM Injection	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
XML Injection	1	6	6	3	1	1	1	1	1	3	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Server-Side Includes Injection	0	0	0	0	0	0	1	1	0	0	0	0	0	0	0	0	0	2	2	3	0	1	0	0	0	0	0	0	0	0	0
Command Injection	256	246	264	131	2	0	32	1	8	20	5	1	1	1	3	1	0	2	0	0	0	0	0	0	0	0	0	0	0	0	0
Broken Authentication	575	607	637	502	194	376	410	277	283	147	182	307	217	190	168	160	85	57	103	76	38	23	6	3	0	1	0	0	2	0	0
Sensitive Data Exposure	45	66	82	97	7	2	4	3	2	1	1	4	3	2	13	8	2	4	3	5	1	1	0	0	0	0	0	0	0	0	0
XML External Entities (XEE)	4	5	13	1	1	3	7	11	0	1	0	1	0	0	0	1	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0
Broken Access Control	189	341	203	113	15	28	40	32	19	4	42	106	47	91	78	44	23	13	20	7	9	8	2	1	0	1	0	0	1	0	0
Security Misconfiguration	10	22	11	11	5	0	0	1	0	0	0	1	1	0	0	0	0	0	0	0	1	0	1	0	0	0	0	0	0	0	0
Cross Site Scripting (XSS)	1086	1998	1561	1128	476	787	1096	646	773	492	638	865	815	892	1297	783	293	131	124	20	6	1	0	1	0	0	0	0	0	0	0
Insecure Deserialization	60	75	58	28	13	3	3	4	0	5	4	1	2	1	0	2	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Using Components with Known Vulnerabilities	0	2	17	0	0	0	0	0	0	0	0	0	0	0	1	160	132	65	44	16	1	2	0	0	0	0	0	0	0	0	0
Insecure Encryption	263	491	400	321	159	134	119	101	77	40	62	64	50	65	59	58	36	28	49	42	26	26	6	0	0	1	0	0	0	0	0
Information Leakage	206	408	315	316	50	20	16	21	26	34	17	38	32	30	46	70	30	29	58	20	5	4	3	2	0	0	0	0	0	0	0
Direct Object Reference	10	15	10	4	1	1	3	0	1	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Unvalidated Redirect	130	246	189	185	84	106	97	58	58	51	52	53	72	58	58	52	21	22	33	18	18	14	3	4	1	1	0	0	1	0	1
Cross Site Request Forgery	261	527	460	332	85	248	267	123	166	57	85	115	83	69	18	11	5	0	2	0	0	0	0	0	0	0	0	0	0	0	0
Insufficient Logging and Monitoring	631	854	667	651	125	165	214	172	149	126	157	271	216	320	355	246	126	75	90	70	35	44	12	10	2	1	1	1	1	1	0
Brute Force	27	29	20	20	3	7	13	2	7	2	1	6	15	6	10	15	12	14	22	23	4	6	2	0	0	0	0	0	0	0	0
Cache Poisioning	3	11	6	12	3	1	0	0	0	2	1	1	15	1	1	0	0	0	4	0	0	0	0	2	0	0	0	0	0	0	0
DNS Poisioning	0	0	0	1	0	0	0	0	0	0	0	0	0	1	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Path Traversal	81	105	99	38	4	14	21	11	12	5	2	12	14	34	14	2	3	2	0	0	0	0	0	0	0	0	0	0	0	0	0
HTTP Response Splitting	12	10	12	11	14	14	13	7	11	7	8	9	7	14	8	15	12	1	0	0	0	0	0	0	0	0	0	0	0	0	0
Sniffing	11	27	27	35	23	43	37	30	33	19	15	17	13	17	12	16	6	8	23	20	10	3	0	0	0	1	0	0	0	0	0
Spoofing	102	172	173	247	115	138	1523	94	129	42	61	86	42	78	48	82	49	24	41	35	10	16	7	5	0	1	0	0	0	0	0
Session Fixation	13	21	19	19	3	7	19	11	9	7	5	15	11	22	2	0	5	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Session Hijacking	9	15	8	6	14	0	1	1	0	0	2	1	1	3	0	0	0	0	0	1	1	1	0	0	0	0	0	0	0	0	0
Spyware	1	0	6	1	0	0	0	0	0	0	0	1	1	5	3	3	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Malware	15	29	47	35	18	4	5	2	86	4	3	7	34	11	5	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Parameter Tampering	1	8	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0