{"id":27675,"library":"cwe2","title":"cwe2: CWE common weakness enumeration library","description":"cwe2 is a Python library for working with the Common Weakness Enumeration (CWE) dictionary. Version 3.0.0 provides access to CWE data including weaknesses, categories, and views. The library is actively maintained with periodic releases.","status":"active","version":"3.0.0","language":"python","source_language":"en","source_url":"https://github.com/nexB/cwe2","tags":["cwe","common-weakness-enumeration","security","vulnerability","weakness"],"install":[{"cmd":"pip install cwe2","lang":"bash","label":"Install via pip"}],"dependencies":[{"reason":"Used for fetching CWE data from the official XML source","package":"requests","optional":true},{"reason":"Used for parsing CWE XML data","package":"lxml","optional":true}],"imports":[{"note":"cwe2 is the correct package name; import cwe will fail unless another library named cwe exists.","wrong":"import cwe","symbol":"CWE","correct":"from cwe2 import CWE"}],"quickstart":{"code":"from cwe2 import CWE\n\n# Load CWE database\ncwe = CWE()\n# Get a specific weakness by ID\nweakness = cwe.get('CWE-79')\nprint(weakness.name)\nprint(weakness.description)","lang":"python","description":"Initialize CWE object and fetch a weakness by its CWE-ID. The library downloads the CWE data on first use."},"warnings":[{"fix":"Update imports to 'from cwe2 import CWE' and access attributes like weakness.name instead of weakness['name'].","message":"Version 3.0.0 changed the API: the CWE class is now imported from cwe2 instead of cwe2.cwe. Also the get() method returns a Weakness object instead of a dict.","severity":"breaking","affected_versions":"<3.0.0 -> >=3.0.0"},{"fix":"Ensure internet connectivity. Set CWE_CACHE_DIR environment variable to a writable path if default (e.g., ~/.cwe) is not accessible.","message":"CWE data is not bundled; it's downloaded on first instantiation. Requires internet access and write permissions to the cache directory.","severity":"gotcha","affected_versions":"all"},{"fix":"Always pass full CWE ID string, e.g., 'CWE-79'.","message":"CWE IDs must include the 'CWE-' prefix. Using just '79' will raise an error.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"Run: pip install cwe2 and use 'from cwe2 import CWE'.","cause":"Importing the wrong module name. The correct package is 'cwe2', not 'cwe'.","error":"ModuleNotFoundError: No module named 'cwe'"},{"fix":"Access attributes directly: weakness.name, weakness.description, etc.","cause":"Accessing Weakness object as a dict. In version 3.0.0, CWE.get() returns a Weakness object, not a dict.","error":"AttributeError: 'Weakness' object has no attribute '__getitem__'"},{"fix":"Use 'CWE-79' instead of '79'.","cause":"Passing an ID without the 'CWE-' prefix.","error":"ValueError: CWE ID must start with 'CWE-'"},{"fix":"Check internet connectivity. If behind a proxy, set HTTP_PROXY environment variable.","cause":"No internet connection or the CWE data source is unreachable.","error":"requests.exceptions.ConnectionError: Failed to download CWE data"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}