CVE Statistics by Category – Vulnerability Types

Breakdown of CVE by categories (1999-2025)

Below you'll find a graph showing the number of CVEs (Common Vulnerabilities and Exposures) classified by category (overflow, cross-site scripting, etc.). This graph allows you to visualize the distribution of the different types of vulnerabilities discovered and disclosed. By analyzing this data, you can better understand current trends in IT security and identify the most frequent categories of vulnerability.

Categories	Nb CVE
Cross-site Scripting	37,197
Overflow	34,980
SQL Injection	15,486
Authorization problems	14,955
Memory Corruption	9,546
Cross-Site Request Forgery - CSRF	7,892
Directory Traversal	7,338
Code Injection	4,805
OS Command Injection	4,446
File Inclusion	3,152
Improper Privilege Management	2,965
Command Injection	2,493
Server-Side Request Forgery - SSRF	1,611
Input Validation	362

Evolution of CVE classified by category

Below, you will find a graph displaying the number of CVEs (Common Vulnerabilities and Exposures) categorized by type (overflow, cross-site scripting, etc.) since the year 2000. This graph allows you to visualize the evolution and distribution of different types of vulnerabilities discovered and disclosed over the years. By analyzing this data, you can better understand historical trends in cybersecurity and identify the most common categories of vulnerabilities.

Categories	2000 Nb CVE	2001 Nb CVE	2002 Nb CVE	2003 Nb CVE	2004 Nb CVE	2005 Nb CVE	2006 Nb CVE	2007 Nb CVE	2008 Nb CVE	2009 Nb CVE	2010 Nb CVE	2011 Nb CVE	2012 Nb CVE	2013 Nb CVE	2014 Nb CVE	2015 Nb CVE	2016 Nb CVE	2017 Nb CVE	2018 Nb CVE	2019 Nb CVE	2020 Nb CVE	2021 Nb CVE	2022 Nb CVE	2023 Nb CVE	2024 Nb CVE	2025 Nb CVE
Overflow	11	23	37	86	154	221	397	849	1,412	1,978	2,523	3,172	3,912	4,670	5,442	6,429	7,721	10,845	13,527	16,273	18,822	21,798	25,495	29,165	32,626	34,980
Code Injection	4	6	7	20	35	65	247	549	852	1,176	1,430	1,531	1,666	1,804	1,995	2,045	2,069	2,158	2,323	2,461	2,562	2,719	2,903	3,193	3,937	4,805
Authorization problems	3	5	9	15	24	45	63	131	274	498	578	638	753	864	1,017	1,055	1,115	1,669	2,360	3,322	4,620	5,868	7,545	9,459	12,511	14,955
Cross-site Scripting	1	1	2	40	76	130	255	607	1,390	2,196	2,805	3,262	4,002	4,612	5,638	6,367	6,838	8,321	10,331	12,659	14,788	17,501	20,669	25,294	31,562	37,197
Directory Traversal	0	5	5	19	44	62	89	250	596	917	1,193	1,300	1,422	1,523	1,720	1,861	1,939	2,216	2,779	3,259	3,687	4,227	4,952	5,717	6,721	7,338
File Inclusion	0	3	3	4	4	9	13	14	14	14	14	14	14	14	14	16	26	118	296	505	734	1,034	1,509	2,027	2,748	3,152
Memory Corruption	0	0	2	3	10	13	18	22	29	44	87	156	241	286	329	379	611	1,257	2,027	2,832	3,393	4,319	5,435	6,350	8,284	9,546
Improper Privilege Management	0	0	2	2	3	3	4	5	7	9	11	14	18	19	35	42	53	149	283	453	750	1,117	1,406	1,715	2,367	2,965
OS Command Injection	0	0	2	5	5	7	9	15	21	38	52	66	81	114	162	196	227	384	717	1,107	1,644	2,136	2,715	3,281	4,079	4,446
SQL Injection	0	0	1	10	23	77	179	433	1,503	2,462	2,977	3,274	3,514	3,657	3,954	4,166	4,262	4,766	5,268	5,811	6,268	7,011	8,738	10,737	13,286	15,486
Server-Side Request Forgery - SSRF	0	0	0	1	2	2	2	2	2	2	3	3	3	3	3	3	10	55	130	220	338	527	732	970	1,310	1,611
Cross-Site Request Forgery - CSRF	0	0	0	1	3	9	12	49	126	238	312	370	524	641	875	1,125	1,212	1,527	1,980	2,518	2,917	3,383	4,071	5,236	6,455	7,892
Command Injection	0	0	0	0	0	1	1	1	1	1	3	3	3	4	16	57	82	190	262	391	535	841	1,071	1,570	2,065	2,493
Input Validation	0	0	0	0	0	0	0	0	2	2	2	2	2	2	2	2	2	2	2	2	5	26	114	144	257	362

Distribution of CVE Categories

Breakdown of CVE by categories (1999-2025)

Evolution of CVE classified by category