CVE Statistics by Category – Vulnerability Types

Breakdown of CVE by categories (1999-2025)

Below you'll find a graph showing the number of CVEs (Common Vulnerabilities and Exposures) classified by category (overflow, cross-site scripting, etc.). This graph allows you to visualize the distribution of the different types of vulnerabilities discovered and disclosed. By analyzing this data, you can better understand current trends in IT security and identify the most frequent categories of vulnerability.

Categories	Nb CVE
Cross-site Scripting	36,857
Overflow	34,805
SQL Injection	15,187
Authorization problems	14,765
Memory Corruption	9,520
Cross-Site Request Forgery - CSRF	7,793
Directory Traversal	7,255
Code Injection	4,736
OS Command Injection	4,384
File Inclusion	3,106
Improper Privilege Management	2,922
Command Injection	2,459
Server-Side Request Forgery - SSRF	1,580
Input Validation	353

Evolution of CVE classified by category

Below, you will find a graph displaying the number of CVEs (Common Vulnerabilities and Exposures) categorized by type (overflow, cross-site scripting, etc.) since the year 2000. This graph allows you to visualize the evolution and distribution of different types of vulnerabilities discovered and disclosed over the years. By analyzing this data, you can better understand historical trends in cybersecurity and identify the most common categories of vulnerabilities.

Categories	2000 Nb CVE	2001 Nb CVE	2002 Nb CVE	2003 Nb CVE	2004 Nb CVE	2005 Nb CVE	2006 Nb CVE	2007 Nb CVE	2008 Nb CVE	2009 Nb CVE	2010 Nb CVE	2011 Nb CVE	2012 Nb CVE	2013 Nb CVE	2014 Nb CVE	2015 Nb CVE	2016 Nb CVE	2017 Nb CVE	2018 Nb CVE	2019 Nb CVE	2020 Nb CVE	2021 Nb CVE	2022 Nb CVE	2023 Nb CVE	2024 Nb CVE	2025 Nb CVE
Overflow	11	23	37	86	154	221	397	849	1,412	1,978	2,523	3,172	3,912	4,670	5,442	6,429	7,721	10,845	13,527	16,273	18,822	21,798	25,495	29,165	32,626	34,805
Code Injection	4	6	7	20	35	65	247	549	852	1,176	1,430	1,531	1,666	1,804	1,995	2,045	2,069	2,158	2,323	2,461	2,562	2,719	2,903	3,193	3,937	4,736
Authorization problems	3	5	9	15	24	45	63	131	274	498	578	638	753	864	1,017	1,055	1,115	1,669	2,360	3,322	4,620	5,868	7,545	9,459	12,511	14,765
Cross-site Scripting	1	1	2	40	76	130	255	607	1,390	2,196	2,805	3,262	4,002	4,612	5,638	6,367	6,838	8,321	10,331	12,659	14,788	17,501	20,669	25,294	31,562	36,857
Directory Traversal	0	5	5	19	44	62	89	250	596	917	1,193	1,300	1,422	1,523	1,720	1,861	1,939	2,216	2,779	3,259	3,687	4,227	4,952	5,717	6,721	7,255
File Inclusion	0	3	3	4	4	9	13	14	14	14	14	14	14	14	14	16	26	118	296	505	734	1,034	1,509	2,027	2,748	3,106
Memory Corruption	0	0	2	3	10	13	18	22	29	44	87	156	241	286	329	379	611	1,257	2,027	2,832	3,393	4,319	5,435	6,350	8,284	9,520
Improper Privilege Management	0	0	2	2	3	3	4	5	7	9	11	14	18	19	35	42	53	149	283	453	750	1,117	1,406	1,715	2,367	2,922
OS Command Injection	0	0	2	5	5	7	9	15	21	38	52	66	81	114	162	196	227	384	717	1,107	1,644	2,136	2,715	3,281	4,079	4,384
SQL Injection	0	0	1	10	23	77	179	433	1,503	2,462	2,977	3,274	3,514	3,657	3,954	4,166	4,262	4,766	5,268	5,811	6,268	7,011	8,738	10,737	13,286	15,187
Server-Side Request Forgery - SSRF	0	0	0	1	2	2	2	2	2	2	3	3	3	3	3	3	10	55	130	220	338	527	732	970	1,310	1,580
Cross-Site Request Forgery - CSRF	0	0	0	1	3	9	12	49	126	238	312	370	524	641	875	1,125	1,212	1,527	1,980	2,518	2,917	3,383	4,071	5,236	6,455	7,793
Command Injection	0	0	0	0	0	1	1	1	1	1	3	3	3	4	16	57	82	190	262	391	535	841	1,071	1,570	2,065	2,459
Input Validation	0	0	0	0	0	0	0	0	2	2	2	2	2	2	2	2	2	2	2	2	5	26	114	144	257	353

Distribution of CVE Categories

Breakdown of CVE by categories (1999-2025)

Evolution of CVE classified by category