Common Weakness Enumeration (CWE)

Fundamental

“Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weaknesses. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.”

Examples of CWEs are:

“Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)” (CWE-79),
“Out-of-bounds Write” (CWE-787)
“Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)” (CWE-89)

Each CWE identifies a type of vulnerability. A specific vulnerability in a specific product, once publicly known, would receive a CVE identifier (not a CWE identifier).

Source: https://cwe.mitre.org/about/index.html

Last modified March 21, 2025: Add CWE (178d9e2)