OWASP (The open web application security project) is a nonprofit group dedicated to web application security. They provide free tools and projects to help developers find possible threats in their software so they can patch security issues before it is too late. Many other organizations use their tools and projects to make sure they are building secure applications.
OWASP also has a list of top 10 vulnerabilities to look out for when developing software. This list is updated every three years by OWASP and it shows what web application security issues are most used in attacks at the moment.
The last one was published in 2021 and contains the following: