OWASP CVEs By Year

Year 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990
Sql Injection 435 452 485 85 215 303 153 234 292 517 959 1096 705 965 602 148 49 40 6 2 0 0 0 0 0 0 0 0 0 0
DOM Injection 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
XML Injection 6 5 3 1 1 1 1 1 3 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Server-Side Includes Injection 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 2 2 3 0 1 0 0 0 0 0 0 0 0 0
Command Injection 202 265 128 2 0 2 0 8 20 2 1 1 1 3 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Authentication 470 638 498 192 371 408 273 283 149 182 306 217 189 167 160 85 57 103 76 38 23 6 3 0 1 0 0 2 0 0
Sensitive Data Exposure 57 82 97 7 2 3 2 2 1 1 4 3 2 13 8 2 4 3 5 1 1 0 0 0 0 0 0 0 0 0
XML External Entities (XEE) 4 13 2 1 3 6 11 0 1 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Broken Access Control 272 205 113 14 28 40 32 20 4 42 106 47 91 78 44 23 13 20 7 9 8 2 1 0 1 0 0 1 0 0
Security Misconfiguration 13 12 11 5 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Cross Site Scripting (XSS) 1572 1581 1117 479 785 1102 647 772 495 637 866 815 892 1297 783 293 131 124 20 6 1 0 1 0 0 0 0 0 0 0
Insecure Deserialization 58 61 28 6 3 2 4 0 5 4 1 2 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Using Components with Known Vulnerabilities 3 17 0 0 0 0 0 0 0 0 0 0 0 1 160 132 65 44 16 1 2 0 0 0 0 0 0 0 0 0
Insecure Encryption 354 398 323 154 132 115 100 78 40 61 63 50 65 58 58 36 28 49 42 26 26 6 0 0 1 0 0 0 0 0
Information Leakage 248 314 316 50 20 14 21 27 34 17 38 31 30 46 70 30 29 58 20 5 4 3 2 0 0 0 0 0 0 0
Direct Object Reference 15 10 4 1 1 3 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Unvalidated Redirect 193 189 184 84 106 96 58 58 49 52 52 72 57 58 52 21 22 33 18 18 14 3 4 1 1 0 0 1 0 1
Cross Site Request Forgery 440 462 326 87 248 264 123 166 58 85 115 83 69 18 11 5 0 2 0 0 0 0 0 0 0 0 0 0 0 0
Insufficient Logging and Monitoring 679 667 647 122 163 212 170 145 128 157 269 202 316 348 246 126 75 90 70 35 44 12 10 2 1 1 1 1 1 0
Brute Force 23 19 19 3 7 14 2 7 2 1 6 15 6 10 15 12 14 22 23 4 6 2 0 0 0 0 0 0 0 0
Cache Poisioning 4 6 12 3 1 0 0 0 2 1 1 15 1 1 0 0 0 4 0 0 0 0 2 0 0 0 0 0 0 0
DNS Poisioning 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Path Traversal 90 103 38 4 14 19 11 11 5 2 12 14 34 14 2 3 2 0 0 0 0 0 0 0 0 0 0 0 0 0
HTTP Response Splitting 4 11 11 14 12 12 7 11 7 8 9 7 14 8 15 12 1 0 0 0 0 0 0 0 0 0 0 0 0 0
Sniffing 21 28 36 23 43 37 29 33 19 14 17 13 17 12 16 6 8 23 20 10 3 0 0 0 1 0 0 0 0 0
Spoofing 125 173 243 117 136 1523 91 129 43 61 86 42 78 48 82 49 24 41 35 10 16 7 5 0 1 0 0 0 0 0
Session Fixation 14 20 19 3 6 18 11 9 8 5 15 11 22 2 0 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Session Hijacking 14 8 5 14 0 1 1 0 0 2 1 1 3 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0
Spyware 0 7 1 0 0 0 0 0 0 0 0 0 5 3 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Malware 31 48 35 18 3 5 2 86 4 3 7 34 11 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Parameter Tampering 9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0