Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

👁 CWE Most Important Hardware Weaknesses

CWE Glossary Definition

👁 CWE

Knowing the weaknesses that result in vulnerabilities means software developers, hardware designers, and security architects can eliminate them before deployment, when it is much easier and cheaper to do so

Learn About CWE
Overview – Learn what CWE is and how to use the information available on this website Basics FAQs Glossary	Root Cause Mapping – Learn about identifying the underlying cause(s) of a vulnerability Guidance Quick Tips Examples

Access Content
All Weaknesses (944 total) Top-N Lists Search CWE View CWEs by CWE REST API

Latest News and Updates

News Videos of Two CWE-Focused Sessions at VulnCon 2026

News CWE Referenced in IEEE Paper on LLM-Assisted Hardware Vulnerability Discovery

“Out-Of-Bounds Read” Podcast “CWE Top 25 Most Dangerous Software Weaknesses”

News CWE Version 4.20 Now Available

News “2025 CWE Top 10 KEV Weaknesses” List Now Available

News “2025 CWE Top 25 Weaknesses “On the Cusp” List Now Available

Video “Effectively Mapping CVEs to CWEs”

Page Last Updated: June 10, 2026

👁 MITRE

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2026, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

👁 HSSEDI

URL: https://cwe.mitre.org/

⇱ CWE - Common Weakness Enumeration

Common Weakness Enumeration