[1]

93.8

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

[2]

83.3

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

[3]

79.0

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[4]

77.7

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

[5]

76.9

CWE-306

Missing Authentication for Critical Function

[6]

76.8

CWE-862

Missing Authorization

[7]

75.0

CWE-798

Use of Hard-coded Credentials

[8]

75.0

CWE-311

Missing Encryption of Sensitive Data

[9]

74.0

CWE-434

Unrestricted Upload of File with Dangerous Type

[10]

73.8

CWE-807

Reliance on Untrusted Inputs in a Security Decision

[11]

73.1

CWE-250

Execution with Unnecessary Privileges

[12]

70.1

CWE-352

Cross-Site Request Forgery (CSRF)

[13]

69.3

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

[14]

68.5

CWE-494

Download of Code Without Integrity Check

[15]

67.8

CWE-863

Incorrect Authorization

[16]

66.0

CWE-829

Inclusion of Functionality from Untrusted Control Sphere

[17]

65.5

CWE-732

Incorrect Permission Assignment for Critical Resource

[18]

64.6

CWE-676

Use of Potentially Dangerous Function

[19]

64.1

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

[20]

62.4

CWE-131

Incorrect Calculation of Buffer Size

[21]

61.5

CWE-307

Improper Restriction of Excessive Authentication Attempts

[22]

61.1

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

[23]

61.0

CWE-134

Uncontrolled Format String

[24]

60.3

CWE-190

Integer Overflow or Wraparound

[25]

59.9

CWE-759

Use of a One-Way Hash without a Salt