Breakdown of CVE by OWASP Top 10 (1999-2026)

Below you'll find a graph showing the number of CVEs (Common Vulnerabilities and Exposures) ranked by OWASP Top 10. This graph shows the distribution of the different types of vulnerabilities discovered since 1999. By analyzing this data, you can better understand current trends in IT security and identify the most frequent categories of vulnerability.

Evolution of CVE classified by OWASP Top 10

Below is a graph showing the number of CVEs (Common Vulnerabilities and Exposures) ranked by OWASP Top 10 since 2000. This graph allows you to visualize the evolution and distribution of the different types of vulnerabilities discovered and disclosed over the years. By analyzing this data, you can better understand historical trends in IT security and identify the most frequent categories of vulnerabilities.

OWASP	Nb CVE
A03-Injection	88 954
A01-Broken Access Control	55 070
A07-Identif. and Authent. Fail	13 285
A04-Insecure Design	12 378
A02-Cryptographic Failures	6 143
A08-Soft and Data Integrity Fail	4 131
A10-Server-Side Req. Forgery (SSRF)	2 191
A05-Security Misconfiguration	1 869
A09-Security Log./Monit. Failures	1 183
A06-Vulnerable and Outdated Comp.	16

OWASP	2000 Nb CVE	2001 Nb CVE	2002 Nb CVE	2003 Nb CVE	2004 Nb CVE	2005 Nb CVE	2006 Nb CVE	2007 Nb CVE	2008 Nb CVE	2009 Nb CVE	2010 Nb CVE	2011 Nb CVE	2012 Nb CVE	2013 Nb CVE	2014 Nb CVE	2015 Nb CVE	2016 Nb CVE	2017 Nb CVE	2018 Nb CVE	2019 Nb CVE	2020 Nb CVE	2021 Nb CVE	2022 Nb CVE	2023 Nb CVE	2024 Nb CVE	2025 Nb CVE	2026 Nb CVE
A01-Broken Access Control	25	45	58	127	206	320	452	983	2 204	3 239	4 119	4 874	5 973	7 024	8 572	10 244	12 151	14 986	17 707	20 361	22 727	25 456	29 125	33 923	40 926	50 774	55 070
A03-Injection	16	25	37	125	228	409	885	2 036	4 574	6 981	8 662	9 879	11 370	12 792	14 906	16 365	17 559	20 973	25 395	30 063	34 493	39 734	46 552	55 544	67 238	83 013	88 954
A07-Identif. and Authent. Fail	10	16	22	37	56	76	97	190	384	665	797	895	1 065	1 260	1 530	1 633	1 757	2 474	3 273	4 195	5 399	6 414	7 623	8 844	10 317	12 296	13 285
A05-Security Misconfiguration	6	6	6	15	28	33	40	72	107	157	183	215	238	262	270	272	288	405	601	756	897	1 050	1 200	1 373	1 560	1 786	1 869
A02-Cryptographic Failures	1	7	8	24	33	46	54	83	135	222	288	347	442	572	2 153	2 241	2 310	2 496	2 896	3 231	3 636	4 023	4 428	4 842	5 290	5 849	6 143
A04-Insecure Design	1	5	10	13	14	27	32	37	42	51	55	59	65	71	90	102	126	415	1 077	1 851	2 848	4 009	5 257	6 600	8 579	11 313	12 378
A08-Soft and Data Integrity Fail		1	2	3	5	5	5	6	9	12	17	25	31	33	38	54	83	319	555	831	1 147	1 491	1 807	2 257	2 803	3 680	4 131
A09-Security Log./Monit. Failures			1	1	1	1	1	1	1	1	1	2	2	3	3	3	10	41	111	216	314	404	528	682	900	1 107	1 183
A10-Server-Side Req. Forgery (SSRF)				1	2	2	2	2	2	2	3	3	3	3	3	3	10	55	130	220	338	527	732	970	1 310	1 851	2 191
A06-Vulnerable and Outdated Comp.																								2	6	16	16

Distribution of CVE by OWASP Top 10

Breakdown of CVE by OWASP Top 10 (1999-2026)

Evolution of CVE classified by OWASP Top 10