OWASP Top 10 CVEs

*** Note: 84,989 of 126,428 are uncategorized. ***

Graphical view of OWASP CVEs by year

OWASP Top 10 CategorySearched PhrasesCVE Count
Sql Injection [Vendor/Product][sql injection]7823
XML Injection [Vendor/Product][xml injection]24
Server-Side Includes Injection [Vendor/Product][server side include, server-side include, SSI]10
Command Injection [Vendor/Product][command injection]712
Broken Authentication [Vendor/Product][authentication]5043
Sensitive Data Exposure [Vendor/Product][sensitive data]312
XML External Entities (XEE) [Vendor/Product][xml external entities, xee]46
Broken Access Control [Vendor/Product][access control]1284
Security Misconfiguration [Vendor/Product][misconfig]52
Cross Site Scripting (XSS) [Vendor/Product][css, cross site scripting, xss]15152
Insecure Deserialization [Vendor/Product][deserialization]196
Using Components with Known Vulnerabilities [Vendor/Product][known vulnerab]441
Insecure Encryption [Vendor/Product][cipher, crypt]2518
Information Leakage [Vendor/Product][leak]1587
Direct Object Reference [Vendor/Product][direct object reference]41
Unvalidated Redirect [Vendor/Product][redirect, forward]1643
Cross Site Request Forgery [Vendor/Product][cross-site request forgery, xsrf, cross site request forgery, csrf]4223
Insufficient Logging and Monitoring [Vendor/Product][ log]5127
Brute Force [Vendor/Product][brute force]237
Cache Poisioning [Vendor/Product][cache poison]59
DNS Poisioning [Vendor/Product][dns poison]2
Path Traversal [Vendor/Product][path traversal]391
HTTP Response Splitting [Vendor/Product][split response, response split]183
Sniffing [Vendor/Product][sniff]433
Spoofing [Vendor/Product][spoof]3216
Session Fixation [Vendor/Product][session fixation]204
Session Hijacking [Vendor/Product][session hijack]53
Spyware [Vendor/Product][spyware]21
Malware [Vendor/Product][malware]295
Parameter Tampering [Vendor/Product][parameter tampering]10