| A01:2017 - INJECTION | 149 items |
| A01:2021 - BROKEN ACCESS CONTROL | 92 items |
| A02:2017 - BROKEN AUTHENTICATION | 28 items |
| A02:2021 - CRYPTOGRAPHIC FAILURES | 28 items |
| A02:2021 – CRYPTOGRAPHIC FAILURES | 2 items |
| A03:2017 - SENSITIVE DATA EXPOSURE | 267 items |
| A03:2021 - INJECTION | 113 items |
| A04:2017 - XML EXTERNAL ENTITIES (XXE) | 30 items |
| A04:2021 - INSECURE DESIGN | 25 items |
| A04:2021 INSECURE DESIGN | 3 items |
| A05:2017 - BROKEN ACCESS CONTROL | 132 items |
| A05:2021 - SECURITY MISCONFIGURATION | 65 items |
| A06:2017 - SECURITY MISCONFIGURATION | 19 items |
| A06:2021 - VULNERABLE and OUTDATED COMPONENTS | 3 items |
| A07:2017 - CROSS-SITE SCRIPTING (XSS) | 129 items |
| A07:2021 - IDENTIFICATION and AUTHENTICATION FAILURES | 255 items |
| A08:2017 - INSECURE DESERIALIZATION | 38 items |
| A08:2021 - SOFTWARE and DATA INTEGRITY FAILURES | 23 items |
| A09:2021 - SECURITY LOGGING and MONITORING FAILURES | 7 items |
| A10:2017 - INSUFFICIENT LOGGING & MONITORING | 6 items |
| A10:2021 - SERVER-SIDE REQUEST FORGERY (SSRF) | 39 items |