The most recent top 25 list from MITRE

2021 CWE Top 25 Most Dangerous Software Weaknesses | CISA

CWE – 2021 CWE Top 25 Most Dangerous Software Weaknesses (mitre.org)

The CWE Top 25 – Below is a brief listing of the weaknesses in the 2021 CWE Top 25, including the overall score of each.

Rank ID Name Score 2020 Rank Change
[1] CWE-787 Out-of-bounds Write 65.93 +1
[2] CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 46.84 -1
[3] CWE-125 Out-of-bounds Read 24.9 +1
[4] CWE-20 Improper Input Validation 20.47 -1
[5] CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 19.55 +5
[6] CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 19.54 0
[7] CWE-416 Use After Free 16.83 +1
[8] CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 14.69 +4
[9] CWE-352 Cross-Site Request Forgery (CSRF) 14.46 0
[10] CWE-434 Unrestricted Upload of File with Dangerous Type 8.45 +5
[11] CWE-306 Missing Authentication for Critical Function 7.93 +13
[12] CWE-190 Integer Overflow or Wraparound 7.12 -1
[13] CWE-502 Deserialization of Untrusted Data 6.71 +8
[14] CWE-287 Improper Authentication 6.58 0
[15] CWE-476 NULL Pointer Dereference 6.54 -2
[16] CWE-798 Use of Hard-coded Credentials 6.27 +4
[17] CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer 5.84 -12
[18] CWE-862 Missing Authorization 5.47 +7
[19] CWE-276 Incorrect Default Permissions 5.09 +22
[20] CWE-200 Exposure of Sensitive Information to an Unauthorized Actor 4.74 -13
[21] CWE-522 Insufficiently Protected Credentials 4.21 -3
[22] CWE-732 Incorrect Permission Assignment for Critical Resource 4.2 -6
[23] CWE-611 Improper Restriction of XML External Entity Reference 4.02 -4
[24] CWE-918 Server-Side Request Forgery (SSRF) 3.78 +3
[25] CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’) 3.58 +6

Go to Source of this post
Author Of this post: harrywaldron

By admin