OWASP Top 10 CVEs

*** Note: 93,166 of 139,138 are uncategorized. ***

Graphical view of OWASP CVEs by year

OWASP Top 10 CategorySearched PhrasesCVE Count
Sql Injection [Vendor/Product][sql injection]8069
XML Injection [Vendor/Product][xml injection]26
Server-Side Includes Injection [Vendor/Product][server side include, server-side include, SSI]10
Command Injection [Vendor/Product][command injection]977
Broken Authentication [Vendor/Product][authentication]5666
Sensitive Data Exposure [Vendor/Product][sensitive data]357
XML External Entities (XEE) [Vendor/Product][xml external entities, xee]49
Broken Access Control [Vendor/Product][access control]1501
Security Misconfiguration [Vendor/Product][misconfig]63
Cross Site Scripting (XSS) [Vendor/Product][css, cross site scripting, xss]16462
Insecure Deserialization [Vendor/Product][deserialization]259
Using Components with Known Vulnerabilities [Vendor/Product][known vulnerab]441
Insecure Encryption [Vendor/Product][cipher, crypt]2811
Information Leakage [Vendor/Product][leak]1778
Direct Object Reference [Vendor/Product][direct object reference]52
Unvalidated Redirect [Vendor/Product][redirect, forward]1790
Cross Site Request Forgery [Vendor/Product][cross-site request forgery, xsrf, cross site request forgery, csrf]4591
Insufficient Logging and Monitoring [Vendor/Product][ log]5823
Brute Force [Vendor/Product][brute force]265
Cache Poisioning [Vendor/Product][cache poison]63
DNS Poisioning [Vendor/Product][dns poison]2
Path Traversal [Vendor/Product][path traversal]478
HTTP Response Splitting [Vendor/Product][split response, response split]196
Sniffing [Vendor/Product][sniff]446
Spoofing [Vendor/Product][spoof]3314
Session Fixation [Vendor/Product][session fixation]219
Session Hijacking [Vendor/Product][session hijack]64
Spyware [Vendor/Product][spyware]22
Malware [Vendor/Product][malware]314
Parameter Tampering [Vendor/Product][parameter tampering]10