CWE · MITRE source
CWE-129Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Last updated: 19 May 2026 22:20 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-40477 | 7.1 | 7.8 | 0.9261 | 2024-05-03 |
CVE-2022-35737 | 4.6 | 7.5 | 0.5194 | 2022-08-03 |
CVE-2022-48503 KEV | 3.8 | 8.8 | 0.0015 | 2023-08-14 |
CVE-2021-35594 | 3.6 | 6.3 | 0.3934 | 2021-10-20 |
CVE-2021-35598 | 3.6 | 6.3 | 0.3934 | 2021-10-20 |
CVE-2017-8797 UPD | 3.3 | 7.5 | 0.3042 | 2017-07-02 |
CVE-2021-35592 | 3.0 | 6.3 | 0.2863 | 2021-10-20 |
CVE-2020-11881 | 2.8 | 7.5 | 0.2117 | 2020-09-14 |
CVE-2020-10071 | 2.6 | 9.0 | 0.1390 | 2020-06-05 |
CVE-2016-9053 UPD | 2.3 | 9.8 | 0.0543 | 2017-02-21 |
CVE-2017-16391 UPD | 2.3 | 8.8 | 0.0867 | 2017-12-09 |
CVE-2023-0755 | 2.3 | 9.8 | 0.0582 | 2023-02-23 |
CVE-2017-16410 UPD | 2.2 | 8.8 | 0.0659 | 2017-12-09 |
CVE-2018-12018 | 2.2 | 7.5 | 0.1217 | 2018-07-05 |
CVE-2019-0906 | 2.1 | 7.8 | 0.0933 | 2019-06-12 |
CVE-2019-17212 | 2.1 | 9.8 | 0.0179 | 2019-11-05 |
CVE-2020-27483 | 2.1 | 9.9 | 0.0231 | 2020-11-16 |
CVE-2020-35628 | 2.1 | 9.8 | 0.0242 | 2021-03-04 |
CVE-2021-38654 | 2.1 | 7.8 | 0.0819 | 2021-09-15 |
CVE-2016-10386 UPD | 2.0 | 9.8 | 0.0029 | 2017-08-18 |
CVE-2014-10048 | 2.0 | 9.8 | 0.0021 | 2018-04-18 |
CVE-2014-9989 | 2.0 | 9.8 | 0.0021 | 2018-04-18 |
CVE-2014-9990 | 2.0 | 9.8 | 0.0021 | 2018-04-18 |
CVE-2016-10454 | 2.0 | 9.8 | 0.0021 | 2018-04-18 |
CVE-2019-15784 | 2.0 | 9.8 | 0.0043 | 2019-08-29 |