The CWE is not a list of security vulnerabilities as such, but of factors which commonly lead to security vulnerabilities https://www.theregister.co.uk/2019/09/18/the_25_most_dangerous_software_weaknesses/. The methodology of the list has changed from the previous one (from back in 2011), so it’s hard to say that the changes are down to different (improved?) coding practices. Still, two thirds of the entries are the same in both lists.