OWASP CVEs By Year

Year 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990
Sql Injection 302 452 485 85 215 303 153 234 292 517 959 1096 705 965 602 148 49 40 6 2 0 0 0 0 0 0 0 0 0 0
DOM Injection 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
XML Injection 5 5 3 1 1 1 1 1 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Server-Side Includes Injection 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 2 3 0 1 0 0 0 0 0 0 0 0 0
Command Injection 177 265 128 2 0 2 0 8 20 2 1 1 1 3 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Authentication 388 638 498 192 371 408 273 283 149 182 306 217 189 167 160 85 57 103 76 38 23 6 3 0 1 0 0 2 0 0
Sensitive Data Exposure 49 82 97 7 2 3 2 2 1 1 4 3 2 13 8 2 4 3 5 1 1 0 0 0 0 0 0 0 0 0
XML External Entities (XEE) 4 13 2 1 3 6 11 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Access Control 205 205 113 14 28 40 32 20 4 42 106 47 91 78 44 23 13 20 7 9 8 2 1 0 1 0 0 1 0 0
Security Misconfiguration 8 12 11 5 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Cross Site Scripting (XSS) 1192 1581 1117 479 785 1102 647 772 495 637 866 815 892 1297 783 293 131 124 20 6 1 0 1 0 0 0 0 0 0 0
Insecure Deserialization 42 61 28 6 3 2 4 0 5 4 1 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Using Components with Known Vulnerabilities 3 17 0 0 0 0 0 0 0 0 0 0 0 1 160 132 65 44 16 1 2 0 0 0 0 0 0 0 0 0
Insecure Encryption 286 398 323 154 132 115 100 78 40 61 63 50 65 58 58 36 28 49 42 26 26 6 0 0 1 0 0 0 0 0
Information Leakage 196 314 316 50 20 14 21 27 34 17 38 31 30 46 70 30 29 58 20 5 4 3 2 0 0 0 0 0 0 0
Direct Object Reference 15 10 4 1 1 3 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Unvalidated Redirect 152 188 184 84 106 96 58 58 49 52 52 72 57 58 52 21 22 33 18 18 14 3 4 1 1 0 0 1 0 1
Cross Site Request Forgery 331 462 326 87 248 264 123 166 58 85 115 83 69 18 11 5 0 2 0 0 0 0 0 0 0 0 0 0 0 0
Insufficient Logging and Monitoring 570 667 647 122 163 212 170 145 128 157 269 202 316 348 246 126 75 90 70 35 44 12 10 2 1 1 1 1 1 0
Brute Force 20 19 19 3 7 14 2 7 2 1 6 15 6 10 15 12 14 22 23 4 6 2 0 0 0 0 0 0 0 0
Cache Poisioning 2 6 12 3 1 0 0 0 2 1 1 15 1 1 0 0 0 4 0 0 0 0 2 0 0 0 0 0 0 0
DNS Poisioning 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Path Traversal 76 103 38 4 14 19 11 11 5 2 12 14 34 14 2 3 2 0 0 0 0 0 0 0 0 0 0 0 0 0
HTTP Response Splitting 1 11 11 14 12 12 7 11 7 8 9 7 14 8 15 12 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Sniffing 17 28 36 23 43 37 29 33 19 14 17 13 17 12 16 6 8 23 20 10 3 0 0 0 1 0 0 0 0 0
Spoofing 109 173 243 117 136 1523 91 129 43 61 86 42 78 48 82 49 24 41 35 10 16 7 5 0 1 0 0 0 0 0
Session Fixation 11 20 19 3 6 18 11 9 8 5 15 11 22 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Session Hijacking 12 8 5 14 0 1 1 0 0 2 1 1 3 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
Spyware 0 7 1 0 0 0 0 0 0 0 0 0 5 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Malware 27 48 35 18 3 5 2 86 4 3 7 34 11 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Parameter Tampering 7 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0