A03:2025 Software Supply Chain Failures
Vulnerable, outdated, or compromised dependencies, build pipelines, and signing infrastructure. Expanded from 2021's 'Vulnerable and Outdated Components'.
Related on the LLM side: OWASP Top 10 for LLMs LLM03:2025.
Member CWEs (6)
- CWE-447 Unimplemented or Unsupported Feature in UI
- CWE-477 Use of Obsolete Function
- CWE-1035
- CWE-1104 Use of Unmaintained Third Party Components
- CWE-1329 Reliance on Component That is Not Updateable
- CWE-1395 Dependency on Vulnerable Third-Party Component
Tagged CVEs (showing 50 most recent of 42)
- CVE-2026-41468
- CVE-2026-41097
- CVE-2026-21821
- CVE-2026-21265
- CVE-2026-1693
- CVE-2025-55277
- CVE-2025-52658
- CVE-2025-49220
- CVE-2025-49219
- CVE-2025-49217
- CVE-2025-49216
- CVE-2025-49214
- CVE-2025-49213
- CVE-2025-49212
- CVE-2025-48862
- CVE-2025-40906
- CVE-2025-3497
- CVE-2025-34193
- CVE-2025-34192
- CVE-2025-20010
- CVE-2025-12104
- CVE-2025-10220
- CVE-2024-8885
- CVE-2024-39533
- CVE-2024-35252
- CVE-2024-21631
- CVE-2024-21607
- CVE-2024-11999
- CVE-2024-0148
- CVE-2023-7102
- CVE-2023-28829
- CVE-2023-23451
- CVE-2022-46871
- CVE-2022-34381
- CVE-2022-1384
- CVE-2021-38398
- CVE-2021-22142
- CVE-2020-6978
- CVE-2019-18251
- CVE-2019-10988
- CVE-2019-10968
- CVE-2018-17890
Data: OWASP Top 10:2025 (CC BY-SA 4.0) · CWE memberships from cwe-api.mitre.org (meta-category CWE-1438).