A security vulnerability is a hole or weakness in an application’s code. The weak code could be a design flaw or an implementation bug. If discovered by a malicious actor, the weakness would allow an attacker to cause harm to the application in different ways, depending both on the kind of weakness and the kind of application.
The goal of application security is to reduce the amount of security vulnerabilities within the applications an organization uses and deploys, in effect minimizing the attack surface of the application.