OWASP Top 10 Risk Lists

The Open Web Application Security Project (OWASP) Top 10 awareness documents for different domains. 50 risks across 5 risk lists.

OWASP Top 10 lists represent consensus views on the most critical security risks in their respective domains. They are updated periodically based on community input and vulnerability data analysis.

Learn more at owasp.org →

v2.0 AI Public Domain 10 risks

OWASP Top 10 for LLMs

Security risks for Large Language Model applications

10 Risk Categories

v2025 Web Public Domain 10 risks

OWASP Top 10

The OWASP Top 10 is a standard awareness document for web application security risks

10 Risk Categories

v2023 API Public Domain 10 risks

OWASP API Security Top 10

The OWASP API Security Top 10 represents the most critical security risks to APIs

8 Risk Categories

v2024 Mobile Public Domain 10 risks

OWASP Mobile Top 10

The OWASP Mobile Top 10 represents the most critical security risks to mobile applications

10 Risk Categories

v2026 Public Domain 10 risks

OWASP Smart Contract Top 10

The most critical security risks in smart contract development, based on 2025 incident data

10 Risk Categories