OWASP CVEs By Year

Year 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990
Sql Injection 231 527 452 485 85 216 302 153 234 292 517 959 1096 705 965 602 148 49 40 6 2 0 0 0 0 0 0 0 0 0 0
DOM Injection 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
XML Injection 2 6 5 3 1 1 1 1 1 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Server-Side Includes Injection 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 2 3 0 1 0 0 0 0 0 0 0 0 0
Command Injection 257 247 265 128 2 0 32 1 8 20 5 1 1 1 3 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Authentication 594 619 638 498 193 375 409 275 283 149 184 308 217 190 168 160 85 57 103 76 38 23 6 3 0 1 0 0 2 0 0
Sensitive Data Exposure 45 67 82 97 7 2 4 3 2 1 1 4 3 2 13 8 2 4 3 5 1 1 0 0 0 0 0 0 0 0 0
XML External Entities (XEE) 3 5 13 2 1 3 7 11 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Access Control 199 350 205 113 14 28 40 32 20 4 42 106 47 91 78 44 23 13 20 7 9 8 2 1 0 1 0 0 1 0 0
Security Misconfiguration 10 20 12 11 5 0 0 1 0 0 0 1 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Cross Site Scripting (XSS) 1161 2021 1584 1117 479 787 1101 647 773 495 637 866 815 892 1297 783 293 131 124 20 6 1 0 1 0 0 0 0 0 0 0
Insecure Deserialization 59 74 61 28 12 3 3 4 0 5 4 1 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Using Components with Known Vulnerabilities 0 3 17 0 0 0 0 0 0 0 0 0 0 0 1 160 132 65 44 16 1 2 0 0 0 0 0 0 0 0 0
Insecure Encryption 263 494 398 323 156 134 116 101 78 40 63 64 50 65 59 58 36 28 49 42 26 26 6 0 0 1 0 0 0 0 0
Information Leakage 203 393 314 316 51 20 15 21 27 34 17 38 31 30 46 70 30 29 58 20 5 4 3 2 0 0 0 0 0 0 0
Direct Object Reference 12 19 10 4 1 1 3 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Unvalidated Redirect 132 246 189 184 84 106 97 58 58 49 52 53 72 59 58 52 21 22 33 18 18 14 3 4 1 1 0 0 1 0 1
Cross Site Request Forgery 271 536 462 326 86 248 264 123 166 58 85 115 83 69 18 11 5 0 2 0 0 0 0 0 0 0 0 0 0 0 0
Insufficient Logging and Monitoring 632 881 667 647 125 166 213 172 149 128 157 271 215 320 355 246 126 75 90 70 35 44 12 10 2 1 1 1 1 1 0
Brute Force 26 30 19 19 3 7 14 2 7 2 1 6 15 6 10 15 12 14 22 23 4 6 2 0 0 0 0 0 0 0 0
Cache Poisioning 3 11 6 12 3 1 0 0 0 2 1 1 15 1 1 0 0 0 4 0 0 0 0 2 0 0 0 0 0 0 0
DNS Poisioning 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Path Traversal 82 106 103 38 4 14 21 11 11 5 2 12 14 34 14 2 3 2 0 0 0 0 0 0 0 0 0 0 0 0 0
HTTP Response Splitting 12 10 11 11 14 13 13 7 11 7 8 9 7 14 8 15 12 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Sniffing 12 26 28 36 23 43 37 29 33 19 14 17 13 17 12 16 6 8 23 20 10 3 0 0 0 1 0 0 0 0 0
Spoofing 96 175 173 243 117 136 1523 91 129 43 61 86 42 78 48 82 49 24 41 35 10 16 7 5 0 1 0 0 0 0 0
Session Fixation 13 19 20 19 3 7 19 11 9 8 5 15 11 22 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Session Hijacking 9 16 8 5 14 0 1 1 0 0 2 1 1 3 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
Spyware 1 0 7 1 0 0 0 0 0 0 0 1 1 5 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Malware 16 36 48 35 18 4 5 2 86 4 3 7 34 11 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Parameter Tampering 1 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0