This project incorporates data and content from the following third-party sources. Each source's license terms are reproduced below.
Files containing CWE-derived content:
taxonomies/cwe-*.md— per-domain CWE taxonomy filesdata/cwe/— normalized CWE data and domain mappingsscripts/ingest-cwe.py— references CWE schema structures
Source: https://cwe.mitre.org
Version used: CWE List Version 4.19.1 (2026-01-21)
© 2006–2026 The MITRE Corporation. All rights reserved.
CWE™ is a trademark of The MITRE Corporation.
This product includes data derived from the Common Weakness Enumeration (CWE™) maintained by The MITRE Corporation. Used under the CWE Terms of Use (excerpted below):
CWE™ is free to use by any organization or individual for any research, development, and/or commercial purposes, including the prioritization and/or categorization of vulnerabilities. The MITRE Corporation hereby grants you a non-exclusive, royalty-free license to use CWE for research, development, and commercial purposes.
Any copy of CWE content, or derivative works thereof, that you make is authorized on the condition that you reproduce MITRE's copyright designation and this license in any such copy.
Complete terms: https://cwe.mitre.org/about/termsofuse.html
SPDX identifier: LicenseRef-MITRE-CWE-ToU