Frameworks & standards
CWE
Common Weakness Enumeration
Common Weakness Enumeration (CWE) is a community-developed, categorized list of software and hardware weakness types - such as CWE-89 (SQL Injection) or CWE-918 (SSRF). Where a CVE names a specific vulnerability, a CWE names the class of weakness behind it, making CWE the backbone of vulnerability taxonomy.
Key points
- Taxonomy of weakness types, not specific instances.
- Referenced throughout this knowledge graph.
- Maps to CVEs (instances) and CAPEC (attack patterns).
Related
References
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist