OWASP Top 10 CVEs

*** Note: 80,705 of 118,293 are uncategorized. ***

Graphical view of OWASP CVEs by year

OWASP Top 10 CategorySearched PhrasesCVE Count
Sql Injection [Vendor/Product][sql injection]7610
XML Injection [Vendor/Product][xml injection]22
Server-Side Includes Injection [Vendor/Product][server side include, server-side include, SSI]10
Command Injection [Vendor/Product][command injection]612
Broken Authentication [Vendor/Product][authentication]4815
Sensitive Data Exposure [Vendor/Product][sensitive data]292
XML External Entities (XEE) [Vendor/Product][xml external entities, xee]44
Broken Access Control [Vendor/Product][access control]1154
Security Misconfiguration [Vendor/Product][misconfig]40
Cross Site Scripting (XSS) [Vendor/Product][css, cross site scripting, xss]14388
Insecure Deserialization [Vendor/Product][deserialization]161
Using Components with Known Vulnerabilities [Vendor/Product][known vulnerab]441
Insecure Encryption [Vendor/Product][cipher, crypt]2305
Information Leakage [Vendor/Product][leak]1375
Direct Object Reference [Vendor/Product][direct object reference]36
Unvalidated Redirect [Vendor/Product][redirect, forward]1466
Cross Site Request Forgery [Vendor/Product][cross-site request forgery, xsrf, cross site request forgery, csrf]4033
Insufficient Logging and Monitoring [Vendor/Product][ log]4831
Brute Force [Vendor/Product][brute force]229
Cache Poisioning [Vendor/Product][cache poison]51
DNS Poisioning [Vendor/Product][dns poison]2
Path Traversal [Vendor/Product][path traversal]364
HTTP Response Splitting [Vendor/Product][split response, response split]165
Sniffing [Vendor/Product][sniff]425
Spoofing [Vendor/Product][spoof]3149
Session Fixation [Vendor/Product][session fixation]165
Session Hijacking [Vendor/Product][session hijack]51
Spyware [Vendor/Product][spyware]19
Malware [Vendor/Product][malware]288
Parameter Tampering [Vendor/Product][parameter tampering]7