# CWE **slug:** `cwe` · **URL:** `/knowledge/glossary/cwe/` · **category:** Vulnerability Taxonomies · **reviewer:** Gleb ### Definition CWE (Common Weakness Enumeration) is the community-developed catalog of software and hardware weakness types. Maintained by MITRE, CWE provides a hierarchical taxonomy that classifies the **kind** of flaw underlying a vulnerability — for example CWE-79 (Cross-Site Scripting), CWE-89 (SQL Injection), CWE-787 (Out-of-Bounds Write). ### What it means Where [CVE](/knowledge/glossary/cve/) identifies a specific vulnerability in a specific product, CWE identifies the underlying weakness category. A single CVE often maps to one or more CWE entries; conversely, a single CWE category appears across thousands of CVE entries. CWE is the basis for the annual "Top 25 Most Dangerous Software Weaknesses" list and informs developer-training programs, secure-coding standards, and static-analysis tool taxonomy mappings. The CWE View hierarchy includes specialized subsets — CWE-1000 (Research Concepts), CWE-699 (Software Development), CWE-1194 (Hardware Design) — that group weaknesses by analyst perspective. For Melina reporting, every finding is mapped to one or more CWE IDs. This lets the client correlate our findings with their internal secure-coding standards, static-analysis tooling, and remediation guidance. ### Related terms - [CVE](/knowledge/glossary/cve/) - [CVSS](/knowledge/glossary/cvss/) - [OWASP LLM Top 10](/knowledge/glossary/owasp-llm-top-10/) ### Authoritative sources - [CWE program (MITRE)](https://cwe.mitre.org/) - [CWE Top 25 (2025)](https://cwe.mitre.org/top25/) ---