OWASP Top 10 CVEs

*** Note: 93,434 of 139,019 are uncategorized. ***

Graphical view of OWASP CVEs by year

OWASP Top 10 CategorySearched PhrasesCVE Count
Sql Injection [Vendor/Product][sql injection]8019
XML Injection [Vendor/Product][xml injection]26
Server-Side Includes Injection [Vendor/Product][server side include, server-side include, SSI]10
Command Injection [Vendor/Product][command injection]977
Broken Authentication [Vendor/Product][authentication]5638
Sensitive Data Exposure [Vendor/Product][sensitive data]356
XML External Entities (XEE) [Vendor/Product][xml external entities, xee]49
Broken Access Control [Vendor/Product][access control]1480
Security Misconfiguration [Vendor/Product][misconfig]64
Cross Site Scripting (XSS) [Vendor/Product][css, cross site scripting, xss]16335
Insecure Deserialization [Vendor/Product][deserialization]259
Using Components with Known Vulnerabilities [Vendor/Product][known vulnerab]440
Insecure Encryption [Vendor/Product][cipher, crypt]2814
Information Leakage [Vendor/Product][leak]1797
Direct Object Reference [Vendor/Product][direct object reference]46
Unvalidated Redirect [Vendor/Product][redirect, forward]1790
Cross Site Request Forgery [Vendor/Product][cross-site request forgery, xsrf, cross site request forgery, csrf]4583
Insufficient Logging and Monitoring [Vendor/Product][ log]5798
Brute Force [Vendor/Product][brute force]266
Cache Poisioning [Vendor/Product][cache poison]63
DNS Poisioning [Vendor/Product][dns poison]2
Path Traversal [Vendor/Product][path traversal]473
HTTP Response Splitting [Vendor/Product][split response, response split]199
Sniffing [Vendor/Product][sniff]446
Spoofing [Vendor/Product][spoof]3323
Session Fixation [Vendor/Product][session fixation]218
Session Hijacking [Vendor/Product][session hijack]64
Spyware [Vendor/Product][spyware]21
Malware [Vendor/Product][malware]305
Parameter Tampering [Vendor/Product][parameter tampering]9