CWE-228 is a common weakness enumeration in software security. This database tracks 12 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-228?

There are 12 CVE vulnerabilities classified as CWE-228 with an average CVSS score of 6.6416666666667.

What is the severity distribution for CWE-228?

CWE-228 contains 2 critical, 3 high, 6 medium, and 1 low severity vulnerabilities.

CWE-228

Total CVEs

Vulnerabilities

Avg CVSS v3

6.6

Medium

Avg CVSS v2

6.3

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 2

16.7%

High 3

25%

Medium 6

50%

Low 1

8.3%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (12)

Page 1 of 1

CVE-2021-38443

CRITICAL

CVSS:9.8(Critical)

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.

CWE-2282021

A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest thr...

CWE-2282020

CVE-2025-0343

HIGH

CVSS:7.5(High)

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided i...

CWE-2282025

CVE-2024-21612

HIGH

CVSS:7.5(High)

An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker t...

CWE-2282024

CVE-2018-5381

HIGH

CVSS:7.5(High)

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infi...

CWE-2282018

CVE-2024-22809

MEDIUM

CVSS:6.5(Medium)

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information.

CWE-2282024

CVE-2024-6382

MEDIUM

CVSS:6.4(Medium)

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This ...

CWE-2282024

CVE-2024-55594

MEDIUM

CVSS:5.6(Medium)

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthor...

CWE-2282024

CVE-2023-42784

MEDIUM

CVSS:5.6(Medium)

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthori...

CWE-2282023

CVE-2024-22815

MEDIUM

CVSS:5.3(Medium)

An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.

CWE-2282024