OWASP Top 10 CVEs

*** Note: 82,325 of 121,717 are uncategorized. ***

Graphical view of OWASP CVEs by year

OWASP Top 10 CategorySearched PhrasesCVE Count
Sql Injection [Vendor/Product][sql injection]7743
XML Injection [Vendor/Product][xml injection]23
Server-Side Includes Injection [Vendor/Product][server side include, server-side include, SSI]10
Command Injection [Vendor/Product][command injection]637
Broken Authentication [Vendor/Product][authentication]4897
Sensitive Data Exposure [Vendor/Product][sensitive data]300
XML External Entities (XEE) [Vendor/Product][xml external entities, xee]44
Broken Access Control [Vendor/Product][access control]1221
Security Misconfiguration [Vendor/Product][misconfig]45
Cross Site Scripting (XSS) [Vendor/Product][css, cross site scripting, xss]14776
Insecure Deserialization [Vendor/Product][deserialization]177
Using Components with Known Vulnerabilities [Vendor/Product][known vulnerab]441
Insecure Encryption [Vendor/Product][cipher, crypt]2373
Information Leakage [Vendor/Product][leak]1427
Direct Object Reference [Vendor/Product][direct object reference]36
Unvalidated Redirect [Vendor/Product][redirect, forward]1508
Cross Site Request Forgery [Vendor/Product][cross-site request forgery, xsrf, cross site request forgery, csrf]4151
Insufficient Logging and Monitoring [Vendor/Product][ log]4940
Brute Force [Vendor/Product][brute force]232
Cache Poisioning [Vendor/Product][cache poison]53
DNS Poisioning [Vendor/Product][dns poison]2
Path Traversal [Vendor/Product][path traversal]378
HTTP Response Splitting [Vendor/Product][split response, response split]168
Sniffing [Vendor/Product][sniff]429
Spoofing [Vendor/Product][spoof]3165
Session Fixation [Vendor/Product][session fixation]168
Session Hijacking [Vendor/Product][session hijack]53
Spyware [Vendor/Product][spyware]19
Malware [Vendor/Product][malware]292
Parameter Tampering [Vendor/Product][parameter tampering]9