The shift from 2021 (the last time the list came out) to 2025 represents more than minor adjustments, it's a fundamental shift in application security. Two entirely new categories entered the list and one category was consolidated into another, which highlights emerging risks that traditional testing often misses. These additions and shifts can be seen in the chart below:
OWASP Top 10 2025: What's changed and why it mattersPublished on: May 26, 2026 5 min read Reduce supply chain risk with SBOM-based dependency scanning Detect transitive dependencies, trace how they entered your project, and prioritize them by real-world exposure. …
… More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager Start building faster today See what your team can do with the intelligent orchestr… …
… We see this need across government agencies at all levels as they work to secure hybrid cloud environments, mitigate third-party supply chain risks, address critical security gaps in aging IT systems, and defend against sophisticated ransomware and nation-state threats. …
… More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager Start building faster today See what your team can do with the intelligent orchestr… …
… Reduce supply chain risk with SBOM-based dependency scanning Manage CI/CD credentials with GitLab Secrets Manager Security Labs How to detect and prevent Contagious Interview IDE attacks Learn how we built custom controls that detect and prevent malware campaigns like those used for Contagious Inte… …
… GitLab 19.0 released More AI models for GitLab Duo Agent Platform Self-Hosted Transform MRs from manual tasks to an automated workflow Track CI component usage across your organization Reduce supply chain risk with SBOM-based dependency scanning Full security scanner coverage of your codebase in mi… …
… More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager Start building faster today See what your team can do with the intelligent orchestr… …
… More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager Start building faster today See what your team can do with the intelligent orchestr… …
… Static Application Security Testing SAST , Software Composition Analysis SCA , and Secret Detection become critical controls to mitigate the risk of secret leaks, supply chain attacks, and weaknesses like SQL injections. …
… More to explore Security Full security scanner coverage of your codebase in minutes Security Reduce supply chain risk with SBOM-based dependency scanning Security Manage CI/CD credentials with GitLab Secrets Manager Start building faster today See what your team can do with the intelligent orchestr… …