CVE Statistics by Category – Vulnerability Types

Breakdown of CVE by categories (1999-2025)

Below you'll find a graph showing the number of CVEs (Common Vulnerabilities and Exposures) classified by category (overflow, cross-site scripting, etc.). This graph allows you to visualize the distribution of the different types of vulnerabilities discovered and disclosed. By analyzing this data, you can better understand current trends in IT security and identify the most frequent categories of vulnerability.

Categories	Nb CVE
Cross-site Scripting	37,288
Overflow	35,081
SQL Injection	15,587
Authorization problems	15,011
Memory Corruption	9,597
Cross-Site Request Forgery - CSRF	7,899
Directory Traversal	7,368
Code Injection	4,835
OS Command Injection	4,477
File Inclusion	3,171
Improper Privilege Management	2,980
Command Injection	2,501
Server-Side Request Forgery - SSRF	1,625
Input Validation	362

Evolution of CVE classified by category

Below, you will find a graph displaying the number of CVEs (Common Vulnerabilities and Exposures) categorized by type (overflow, cross-site scripting, etc.) since the year 2000. This graph allows you to visualize the evolution and distribution of different types of vulnerabilities discovered and disclosed over the years. By analyzing this data, you can better understand historical trends in cybersecurity and identify the most common categories of vulnerabilities.

Categories	2000 Nb CVE	2001 Nb CVE	2002 Nb CVE	2003 Nb CVE	2004 Nb CVE	2005 Nb CVE	2006 Nb CVE	2007 Nb CVE	2008 Nb CVE	2009 Nb CVE	2010 Nb CVE	2011 Nb CVE	2012 Nb CVE	2013 Nb CVE	2014 Nb CVE	2015 Nb CVE	2016 Nb CVE	2017 Nb CVE	2018 Nb CVE	2019 Nb CVE	2020 Nb CVE	2021 Nb CVE	2022 Nb CVE	2023 Nb CVE	2024 Nb CVE	2025 Nb CVE
Overflow	11	23	37	86	154	221	397	849	1,412	1,978	2,523	3,172	3,912	4,670	5,442	6,429	7,721	10,845	13,527	16,273	18,822	21,798	25,495	29,165	32,626	35,081
Code Injection	4	6	7	20	35	65	247	549	852	1,176	1,430	1,531	1,666	1,804	1,995	2,045	2,069	2,158	2,323	2,461	2,562	2,719	2,903	3,193	3,937	4,835
Authorization problems	3	5	9	15	24	45	63	131	274	498	578	638	753	864	1,017	1,055	1,115	1,669	2,360	3,322	4,620	5,868	7,545	9,459	12,511	15,011
Cross-site Scripting	1	1	2	40	76	130	255	607	1,390	2,196	2,805	3,262	4,002	4,612	5,638	6,367	6,838	8,321	10,331	12,659	14,788	17,501	20,669	25,294	31,562	37,288
Directory Traversal	0	5	5	19	44	62	89	250	596	917	1,193	1,300	1,422	1,523	1,720	1,861	1,939	2,216	2,779	3,259	3,687	4,227	4,952	5,717	6,721	7,368
File Inclusion	0	3	3	4	4	9	13	14	14	14	14	14	14	14	14	16	26	118	296	505	734	1,034	1,509	2,027	2,748	3,171
Memory Corruption	0	0	2	3	10	13	18	22	29	44	87	156	241	286	329	379	611	1,257	2,027	2,832	3,393	4,319	5,435	6,350	8,284	9,597
Improper Privilege Management	0	0	2	2	3	3	4	5	7	9	11	14	18	19	35	42	53	149	283	453	750	1,117	1,406	1,715	2,367	2,980
OS Command Injection	0	0	2	5	5	7	9	15	21	38	52	66	81	114	162	196	227	384	717	1,107	1,644	2,136	2,715	3,281	4,079	4,477
SQL Injection	0	0	1	10	23	77	179	433	1,503	2,462	2,977	3,274	3,514	3,657	3,954	4,166	4,262	4,766	5,268	5,811	6,268	7,011	8,738	10,737	13,286	15,587
Server-Side Request Forgery - SSRF	0	0	0	1	2	2	2	2	2	2	3	3	3	3	3	3	10	55	130	220	338	527	732	970	1,310	1,625
Cross-Site Request Forgery - CSRF	0	0	0	1	3	9	12	49	126	238	312	370	524	641	875	1,125	1,212	1,527	1,980	2,518	2,917	3,383	4,071	5,236	6,455	7,899
Command Injection	0	0	0	0	0	1	1	1	1	1	3	3	3	4	16	57	82	190	262	391	535	841	1,071	1,570	2,065	2,501
Input Validation	0	0	0	0	0	0	0	0	2	2	2	2	2	2	2	2	2	2	2	2	5	26	114	144	257	362

Distribution of CVE Categories

Breakdown of CVE by categories (1999-2025)

Evolution of CVE classified by category