CWE List – Software Weaknesses Classification

Vendors and Products

CPE, which stands for Common Platform Enumeration, is a standardized scheme for naming hardware, software, and operating systems. CPE provides a structured naming scheme to uniquely identify and classify information technology systems, platforms, and packages based on certain attributes such as vendor, product name, version, update, edition, and language.

Explore common application-level flaws

Below is a list of categories from the CWE (Common Weakness Enumeration) framework, used to classify common software weaknesses. These categories offer a structured way to explore the vulnerability database and identify CWEs frequently linked to known CVEs (Common Vulnerabilities and Exposures). Reviewing them helps improve your understanding of software security, assess your attack surface, and strengthen your cyber threat intelligence and data protection efforts.

Notifications on CWE

Stay informed of any changes or new CWEs.

Notifications manage


CWE ID	Published Modified	Name Description	Likelihood of exploit	Status

The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.

Classified Software Weaknesses (CWE)

Explore common application-level flaws