Common Weakness Enumeration

Top-N Lists/Scoring CWEs

The publicly available top-n lists below help the community leverage the information in the CWE List in actionable ways to improve the quality of their products and/or the security of their enterprises.

Top-N Lists

• CWE Top 25 Most Dangerous Software Weaknesses
  The CWE Top 25 Most Dangerous Software Weaknesses is a free, easy to use community resource that identifies the most widespread and critical programming errors that can lead to serious software vulnerabilities. These weaknesses are often easy to find, and easy to exploit. They are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.

• CWE Most Important Hardware Weaknesses
  The CWE Most Important Hardware Weaknesses is a list of common hardware weaknesses, compiled through collaboration with the Hardware CWE Special Interest Group (SIG).

• CWE Top 10 KEV Weaknesses
  The CWE Top 10 KEV Weaknesses list identifies the top ten CWEs in the Cybersecurity and Infrastructure Security Agency’s (CISA) "Known Exploited Vulnerabilities (KEV) Catalog," a database of security flaws in software applications and weaknesses that have been exposed and leveraged by attackers. Each vulnerability listed in KEV is identified by, and links to, a CVE Record. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise.

Please send any comments or questions about scoring, prioritizing, and/or mitigating CWEs to cwe@mitre.org.