Industry frameworks, databases, and scoring systems.
6 articlesCVE (Common Vulnerabilities and Exposures) is a public registry of known security vulnerabilities, each assigned a unique identifier used to track and communicate vulnerability information across tools and teams.
CVSS (Common Vulnerability Scoring System) is a standardized framework for rating the severity of security vulnerabilities, producing a 0–10 score used to prioritize remediation efforts.
CWE (Common Weakness Enumeration) is a categorized list of software and hardware weaknesses — root-cause patterns that lead to vulnerabilities — used to guide secure coding, SAST configuration, and vulnerability research.
The NVD is the US government's authoritative repository of vulnerability data, enriching CVE entries with CVSS scores, CWE classifications, and affected product lists used by security tools worldwide.
The OWASP API Security Top 10 lists the most critical security risks specific to REST, GraphQL, and web APIs — addressing vulnerabilities that the original OWASP Top 10 does not fully cover.
The CWE Top 25 Most Dangerous Software Weaknesses is an annual ranking of the most prevalent and impactful software weakness types, used to prioritize secure coding and vulnerability management efforts.