diff --git a/app/models/concerns/enums/vulnerability.rb b/app/models/concerns/enums/vulnerability.rb
index dbf05dbc4287bbfe0f689f5df676581e7fba9de5..f7d35c77648e342d493bab5db54119233b7e1be5 100644
--- a/app/models/concerns/enums/vulnerability.rb
+++ b/app/models/concerns/enums/vulnerability.rb
@@ -46,6 +46,30 @@ module Vulnerability
       dismissed: 2
     }.with_indifferent_access.freeze
 
+    OWASP_TOP_10 = {
+      "A1:2017-Injection" => 1,
+      "A2:2017-Broken Authentication" => 2,
+      "A3:2017-Sensitive Data Exposure" => 3,
+      "A4:2017-XML External Entities (XXE)" => 4,
+      "A5:2017-Broken Access Control" => 5,
+      "A6:2017-Security Misconfiguration" => 6,
+      "A7:2017-Cross-Site Scripting (XSS)" => 7,
+      "A8:2017-Insecure Deserialization" => 8,
+      "A9:2017-Using Components with Known Vulnerabilities" => 9,
+      "A10:2017-Insufficient Logging & Monitoring" => 10,
+
+      "A1:2021-Broken Access Control" => 11,
+      "A2:2021-Cryptographic Failures" => 12,
+      "A3:2021-Injection" => 13,
+      "A4:2021-Insecure Design" => 14,
+      "A5:2021-Security Misconfiguration" => 15,
+      "A6:2021-Vulnerable and Outdated Components" => 16,
+      "A7:2021-Identification and Authentication Failures" => 17,
+      "A8:2021-Software and Data Integrity Failures" => 18,
+      "A9:2021-Security Logging and Monitoring Failures" => 19,
+      "A10:2021-Server-Side Request Forgery" => 20
+    }.with_indifferent_access.freeze
+
     def self.confidence_levels
       CONFIDENCE_LEVELS
     end
@@ -73,6 +97,10 @@ def self.detection_methods
     def self.vulnerability_states
       VULNERABILITY_STATES
     end
+
+    def self.owasp_top_10
+      OWASP_TOP_10
+    end
   end
 end
 
diff --git a/ee/app/models/vulnerabilities/read.rb b/ee/app/models/vulnerabilities/read.rb
index 9c895a8b1ab8cc631060f43e7a98b24617a2e658..5d2532c120edd7340b52ee4ae3d8a17f3827c5b8 100644
--- a/ee/app/models/vulnerabilities/read.rb
+++ b/ee/app/models/vulnerabilities/read.rb
@@ -32,6 +32,7 @@ class Read < ApplicationRecord
     enum state: ::Enums::Vulnerability.vulnerability_states
     enum report_type: ::Enums::Vulnerability.report_types
     enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
+    enum owasp_top_10: ::Enums::Vulnerability.owasp_top_10
 
     scope :by_uuid, -> (uuids) { where(uuid: uuids) }
     scope :by_vulnerabilities, -> (vulnerabilities) { where(vulnerability: vulnerabilities) }
diff --git a/ee/spec/models/vulnerabilities/read_spec.rb b/ee/spec/models/vulnerabilities/read_spec.rb
index 8d3bcfe982e2fbea9f935cf2702204368ff3d013..49207ee2588c85b22cf363642c011bc73979743c 100644
--- a/ee/spec/models/vulnerabilities/read_spec.rb
+++ b/ee/spec/models/vulnerabilities/read_spec.rb
@@ -618,6 +618,16 @@
     end
   end
 
+  describe '.owasp_top_10' do
+    it 'raises ArgumentError for invalid enum value' do
+      expect { described_class.new(owasp_top_10: '123456') }.to raise_error(ArgumentError)
+    end
+
+    it 'accepts nil value' do
+      is_expected.to allow_value(nil).for(:owasp_top_10)
+    end
+  end
+
   private
 
   def create_vulnerability(severity: 7, confidence: 7, report_type: 0)