CWE-1425: CWE Top 25 Most Dangerous Software Weaknesses

The 2023 CWE Top 25 Most Dangerous Software Weaknesses features a listing of CWE entries in this particular view.

The graph provided illustrates the hierarchical connections between weaknesses of different levels of abstraction. At the topmost level, weaknesses are grouped into categories and pillars. Categories, which are not actual weaknesses themselves, serve the purpose of grouping weaknesses with shared characteristics. Pillars, on the other hand, represent weaknesses described at the most abstract level. Beneath these high-level entries, weaknesses exist at varying levels of abstraction. Classes, which remain abstract, are generally independent of any specific language or technology. Base level weaknesses, on the other hand, represent more specific types of weaknesses. Variants are weaknesses that are described in a highly detailed manner, usually limited to a specific language or technology. Chains refer to a series of weaknesses that must occur consecutively in order to exploit a vulnerability. Conversely, composites represent a collection of weaknesses that must all be present simultaneously to exploit a vulnerability.