| CWE-1021 |
Improper Restriction of Rendered UI Layers or Frames |
CWE-1021 |
| CWE-1050 |
XML Denial of Service (XDoS) |
CWE-1050 |
| CWE-115 |
Misinterpretation of Input |
CWE-115 |
| CWE-116 |
Improper Encoding or Escaping of Output |
CWE-116 |
| CWE-119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-119 |
| CWE-120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-120 |
| CWE-125 |
Out-of-bounds Read |
CWE-125 |
| CWE-1284 |
Improper Validation of Specified Index, Position, or Offset in Input |
CWE-1284 |
| CWE-1287 |
Improper Validation of Semantics Preserving Transformation or Operation |
CWE-1287 |
| CWE-129 |
Improper Validation of Array Index |
CWE-129 |
| CWE-1321 |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
CWE-1321 |
| CWE-178 |
Improper Handling of Case Sensitivity |
CWE-178 |
| CWE-184 |
Incomplete Blacklist |
CWE-184 |
| CWE-190 |
Integer Overflow or Wraparound |
CWE-190 |
| CWE-191 |
Integer Underflow (Wrap or Wraparound) |
CWE-191 |
| CWE-193 |
Off-by-one Error |
CWE-193 |
| CWE-20 |
Improper Input Validation |
CWE-20 |
| CWE-200 |
Information Exposure |
CWE-200 |
| CWE-203 |
Observable Discrepancy |
CWE-203 |
| CWE-204 |
Observable Response Discrepancy |
CWE-204 |
| CWE-208 |
Observable Timing Discrepancy |
CWE-208 |
| CWE-209 |
Information Exposure Through an Error Message |
CWE-209 |
| CWE-212 |
Improper Cross-boundary Removal of Sensitive Data |
CWE-212 |
| CWE-22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
CWE-22 |
| CWE-23 |
Relative Path Traversal |
CWE-23 |
| CWE-24 |
Path Traversal: '..\filename' |
CWE-24 |
| CWE-248 |
Uncaught Exception |
CWE-248 |
| CWE-250 |
Execution with Unnecessary Privileges |
CWE-250 |
| CWE-252 |
Unchecked Return Value |
CWE-252 |
| CWE-264 |
Permissions, Privileges, and Access Controls |
CWE-264 |
| CWE-269 |
Improper Privilege Management |
CWE-269 |
| CWE-276 |
Incorrect Default Permissions |
CWE-276 |
| CWE-281 |
Improper Preservation of Permissions |
CWE-281 |
| CWE-284 |
Improper Access Control |
CWE-284 |
| CWE-285 |
Improper Authorization |
CWE-285 |
| CWE-287 |
Improper Authentication |
CWE-287 |
| CWE-288 |
Authentication Bypass by Alternate Name |
CWE-288 |
| CWE-290 |
Authentication Bypass by Spoofing |
CWE-290 |
| CWE-294 |
Authentication Bypass by Capture-replay |
CWE-294 |
| CWE-295 |
Improper Certificate Validation |
CWE-295 |
| CWE-303 |
Improper Check for Dropped Privileges |
CWE-303 |
| CWE-305 |
Authentication Bypass by Primary Channel |
CWE-305 |
| CWE-306 |
Missing Authentication for Critical Function |
CWE-306 |
| CWE-307 |
Improper Restriction of Excessive Authentication Attempts |
CWE-307 |
| CWE-310 |
Cryptographic Issues |
CWE-310 |
| CWE-311 |
Missing Encryption of Sensitive Data |
CWE-311 |
| CWE-312 |
Cleartext Storage of Sensitive Information |
CWE-312 |
| CWE-319 |
Cleartext Transmission of Sensitive Information |
CWE-319 |
| CWE-321 |
Use of Hard-coded Cryptographic Key |
CWE-321 |
| CWE-325 |
Missing Cryptographic Step |
CWE-325 |
| CWE-326 |
Inadequate Encryption Strength |
CWE-326 |
| CWE-327 |
Use of a Broken or Risky Cryptographic Algorithm |
CWE-327 |
| CWE-330 |
Use of Insufficiently Random Values |
CWE-330 |
| CWE-331 |
Insufficient Entropy |
CWE-331 |
| CWE-338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
CWE-338 |
| CWE-345 |
Insufficient Verification of Data Authenticity |
CWE-345 |
| CWE-346 |
Origin Validation Error |
CWE-346 |
| CWE-347 |
Improper Verification of Cryptographic Signature |
CWE-347 |
| CWE-352 |
Cross-Site Request Forgery (CSRF) |
CWE-352 |
| CWE-354 |
Improper Validation of Integrity Check Value |
CWE-354 |
| CWE-362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CWE-362 |
| CWE-367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
CWE-367 |
| CWE-399 |
Resource Management Errors |
CWE-399 |
| CWE-400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
CWE-400 |
| CWE-401 |
Missing Release of Memory after Effective Lifetime |
CWE-401 |
| CWE-404 |
Improper Resource Shutdown or Release |
CWE-404 |
| CWE-409 |
Improper Handling of Highly Compressed Data ('Zip Bomb') |
CWE-409 |
| CWE-415 |
Double Free |
CWE-415 |
| CWE-416 |
Use After Free |
CWE-416 |
| CWE-426 |
Untrusted Search Path |
CWE-426 |
| CWE-427 |
Uncontrolled Search Path Element |
CWE-427 |
| CWE-434 |
Unrestricted Upload of File with Dangerous Type |
CWE-434 |
| CWE-436 |
Interpretation Conflict |
CWE-436 |
| CWE-441 |
Unintended Proxy or Intermediary ('Confused Deputy') |
CWE-441 |
| CWE-444 |
Inconsistent Interpretation of HTTP Requests |
CWE-444 |
| CWE-475 |
Undefined Behavior |
CWE-475 |
| CWE-476 |
NULL Pointer Dereference |
CWE-476 |
| CWE-494 |
Download of Code Without Integrity Check |
CWE-494 |
| CWE-502 |
Deserialization of Untrusted Data |
CWE-502 |
| CWE-522 |
Insufficiently Protected Credentials |
CWE-522 |
| CWE-532 |
Information Exposure Through Log Files |
CWE-532 |
| CWE-565 |
Reliance on Cookies without Validation and Integrity Checking |
CWE-565 |
| CWE-59 |
Improper Link Resolution Before File Access ('Link Following') |
CWE-59 |
| CWE-601 |
URL Redirection to Untrusted Site ('Open Redirect') |
CWE-601 |
| CWE-610 |
Externally Controlled Reference to a Resource in Another Sphere |
CWE-610 |
| CWE-613 |
Insufficient Session Expiration |
CWE-613 |
| CWE-614 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
CWE-614 |
| CWE-617 |
Reachable Assertion |
CWE-617 |
| CWE-639 |
Authorization Bypass Through User-Controlled Key |
CWE-639 |
| CWE-641 |
Improper Restriction of Names for Files and Other Resources |
CWE-641 |
| CWE-665 |
Improper Initialization |
CWE-665 |
| CWE-667 |
Improper Locking |
CWE-667 |
| CWE-668 |
Exposure of Resource to Wrong Sphere |
CWE-668 |
| CWE-669 |
Incorrect Resource Transfer Between Spheres |
CWE-669 |
| CWE-670 |
Always-invoked Function |
CWE-670 |
| CWE-674 |
Uncontrolled Recursion |
CWE-674 |
| CWE-681 |
Incorrect Conversion between Numeric Types |
CWE-681 |
| CWE-682 |
Incorrect Calculation |
CWE-682 |
| CWE-692 |
Incomplete Denylist |
CWE-692 |
| CWE-693 |
Protection Mechanism Failure |
CWE-693 |
| CWE-694 |
Use of Multiple Resources with Duplicate Identifier |
CWE-694 |
| CWE-697 |
Incorrect Comparison |
CWE-697 |
| CWE-703 |
Improper Check or Handling of Exceptional Conditions |
CWE-703 |
| CWE-706 |
Use of Incorrectly-Resolved Name or Reference |
CWE-706 |
| CWE-73 |
External Control of File Name or Path |
CWE-73 |
| CWE-732 |
Incorrect Permission Assignment for Critical Resource |
CWE-732 |
| CWE-74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-74 |
| CWE-754 |
Improper Check for Unusual or Exceptional Conditions |
CWE-754 |
| CWE-755 |
Improper Handling of Exceptional Conditions |
CWE-755 |
| CWE-769 |
Improper Check for Dropped Privileges |
CWE-769 |
| CWE-77 |
Command Injection |
CWE-77 |
| CWE-770 |
Allocation of Resources Without Limits or Throttling |
CWE-770 |
| CWE-772 |
Missing Release of Resource after Effective Lifetime |
CWE-772 |
| CWE-774 |
Allocation of File Descriptors or Handles Without Limits or Throttling |
CWE-774 |
| CWE-78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-78 |
| CWE-787 |
Out-of-bounds Write |
CWE-787 |
| CWE-789 |
Uncontrolled Memory Allocation |
CWE-789 |
| CWE-79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CWE-79 |
| CWE-798 |
Use of Hard-coded Credentials |
CWE-798 |
| CWE-80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
CWE-80 |
| CWE-807 |
Reliance on Untrusted Inputs in a Security Decision |
CWE-807 |
| CWE-834 |
Excessive Iteration |
CWE-834 |
| CWE-835 |
Infinite Loop |
CWE-835 |
| CWE-842 |
Placement of User into Incorrect Group |
CWE-842 |
| CWE-843 |
Access of Resource Using Incompatible Type ('Type Confusion') |
CWE-843 |
| CWE-862 |
Missing Authorization |
CWE-862 |
| CWE-863 |
Incorrect Authorization |
CWE-863 |
| CWE-88 |
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
CWE-88 |
| CWE-89 |
SQL Injection |
CWE-89 |
| CWE-90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
CWE-90 |
| CWE-908 |
Use of Uninitialized Variable |
CWE-908 |
| CWE-918 |
Server-Side Request Forgery (SSRF) |
CWE-918 |
| CWE-924 |
Improper Enforcement of Message Integrity During Transmission Between Communicating Entities |
CWE-924 |
| CWE-93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
CWE-93 |
| CWE-94 |
Improper Control of Generation of Code ('Code Injection') |
CWE-94 |
| CWE-942 |
Permissive Cross-domain Policy with Untrusted Domains |
CWE-942 |