Common Weaknesses
The chart below shows the most common weakness classes found in vulnerabilities across the Erlang ecosystem. Understanding which weakness types recur most often helps library authors and application developers focus their security efforts where they matter most.
Each CVE is mapped to its CWE (Common Weakness Enumeration) class using the CWE hierarchy. Individual weakness types (Base and Variant level) are rolled up to their nearest Class-level ancestor, so related weaknesses are grouped together rather than scattered across many small slices. Weakness classes with fewer than 2 CVEs are folded into “Other”. Each CVE is counted once per unique class it references.
| CWE-400 | Uncontrolled Resource Consumption | 24 (35.8%) | |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | 8 (11.9%) | |
| CWE-706 | Use of Incorrectly-Resolved Name or Reference | 7 (10.4%) | |
| CWE-863 | Incorrect Authorization | 6 (9.0%) | |
| CWE-436 | Interpretation Conflict | 3 (4.5%) | |
| CWE-672 | Operation on a Resource after Expiration or Release | 2 (3.0%) | |
| CWE-405 | Asymmetric Resource Consumption (Amplification) | 2 (3.0%) | |
| CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | 2 (3.0%) | |
| CWE-834 | Excessive Iteration | 2 (3.0%) | |
| Other | 11 (16.4%) |