CWE-400: Resource Exhaustion
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, leading to exhaustion.
Yearly Trend
Top Affected Vendors
All Resource Exhaustion CVEs (705)
This vulnerability in Rhino JavaScript engine allows attackers to cause high CPU consumption and potential Denial of Service by passing specially craf...
Dec 3, 2025This vulnerability in pypdf allows attackers to craft malicious PDFs that cause excessive memory consumption (up to 1GB per stream) when parsed using ...
Nov 26, 2025CVE-2025-13466 is a denial-of-service vulnerability in body-parser 2.2.0 where inefficient handling of URL-encoded requests with many parameters allow...
Nov 24, 2025This vulnerability allows unauthenticated remote attackers to cause denial-of-service by sending a single crafted HTTP GET request to ReQuest Serious ...
Nov 14, 2025This vulnerability allows unauthenticated remote attackers to cause denial-of-service by flooding the client communication service on TCP port 2002 wi...
Nov 14, 2025About Resource Exhaustion (CWE-400)
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, leading to exhaustion.
Our database tracks 705 CVEs classified as CWE-400, with 21 rated critical and 465 rated high severity. The average CVSS score for Resource Exhaustion vulnerabilities is 7.0.
External reference: View CWE-400 on MITRE CWE →
Monitor Resource Exhaustion Vulnerabilities
Get alerted when new Resource Exhaustion CVEs affect your infrastructure.
Start Monitoring Free