CWEs

CWE NameCWE-IDVulnerabilities
Incorrect Ownership Assignment70812
Improper Adherence to Coding Standards7104
Incorrect Permission Assignment for Critical Resource7321410
Compiler Optimization Removal or Modification of Security-critical Code7331
Exposed Dangerous Method or Function74991
Improper Check for Unusual or Exceptional Conditions754374
Improper Handling of Exceptional Conditions755536
Missing Custom Error Page7562
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')75713
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior7581
Use of a One-Way Hash without a Salt7596
Use of a One-Way Hash with a Predictable Salt7605
Free of Pointer not at Start of Buffer7610
Mismatched Memory Management Routines7625
Release of Invalid Pointer or Reference76370
Multiple Locks of a Critical Resource7641
Multiple Unlocks of a Critical Resource7650
Critical Data Element Declared Public7660
Access to Critical Private Variable via Public Method7672
Incorrect Short Circuit Evaluation7680
Allocation of Resources Without Limits or Throttling770967
Missing Reference to Active Allocated Resource7712
Missing Release of Resource after Effective Lifetime772429
Missing Reference to Active File Descriptor or Handle7730
Allocation of File Descriptors or Handles Without Limits or Throttling7741
Missing Release of File Descriptor or Handle after Effective Lifetime7752
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')77669
Regular Expression without Anchors7770
Insufficient Logging77812
Logging of Excessive Data77915
Use of RSA Algorithm without OAEP7800
Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code7810
Exposed IOCTL with Insufficient Access Control78222
Operator Precedence Logic Error78313
Reliance on Cookies without Validation and Integrity Checking in a Security Decision7846
Use of Path Manipulation Function without Maximum-sized Buffer7850
Access of Memory Location Before Start of Buffer7868
Out-of-bounds Write78711243
Access of Memory Location After End of Buffer788159
Memory Allocation with Excessive Size Value78951
Improper Filtering of Special Elements7908
Incomplete Filtering of Special Elements7918
Incomplete Filtering of One or More Instances of Special Elements7921
Only Filtering One Instance of a Special Element7930
Incomplete Filtering of Multiple Instances of Special Elements7944
Only Filtering Special Elements at a Specified Location7950
Only Filtering Special Elements Relative to a Marker7960
Only Filtering Special Elements at an Absolute Position7970
Use of Hard-coded Credentials7981311
Improper Control of Interaction Frequency79927
Guessable CAPTCHA8044
Buffer Access with Incorrect Length Value80516
Buffer Access Using Size of Source Buffer8060
Reliance on Untrusted Inputs in a Security Decision80715
Missing Synchronization8203
Incorrect Synchronization8219
Untrusted Pointer Dereference82299
Use of Out-of-range Pointer Offset82362
Access of Uninitialized Pointer824226
Expired Pointer Dereference82519
Premature Release of Resource During Expected Lifetime8261
Improper Control of Document Type Definition8270
Signal Handler with Functionality that is not Asynchronous-Safe8281
Inclusion of Functionality from Untrusted Control Sphere829143
Inclusion of Web Functionality from an Untrusted Source8304
Signal Handler Function Associated with Multiple Signals8310
Unlock of a Resource that is not Locked8321
Deadlock83314
Excessive Iteration83496
Loop with Unreachable Exit Condition ('Infinite Loop')835637
Use of Password Hash Instead of Password for Authentication8365
Improper Enforcement of a Single, Unique Action8375
Inappropriate Encoding for Output Context83812
Numeric Range Comparison Without Minimum Check8392
Improper Enforcement of Behavioral Workflow84113
Placement of User into Incorrect Group84210
Access of Resource Using Incompatible Type ('Type Confusion')843541
Missing Authorization8623425
Incorrect Authorization8632416
Use of Uninitialized Resource908442
Missing Initialization of Resource90994
Use of Expired File Descriptor9101
Improper Update of Reference Count91110
Hidden Functionality91237
Improper Control of Dynamically-Managed Code Resources91360
Improper Control of Dynamically-Identified Variables9141
Improperly Controlled Modification of Dynamically-Determined Object Attributes915112
Use of Password Hash With Insufficient Computational Effort91688
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')917167
Server-Side Request Forgery (SSRF)9181286
Improper Restriction of Power Consumption9204
Storage of Sensitive Data in a Mechanism without Access Control9214
Insecure Storage of Sensitive Information922231
Improper Restriction of Communication Channel to Intended Endpoints92322
Improper Enforcement of Message Integrity During Transmission in a Communication Channel92428
Improper Verification of Intent by Broadcast Receiver9250
Improper Export of Android Application Components92618
Use of Implicit Intent for Sensitive Communication92712
Improper Authorization in Handler for Custom URL Scheme9397
Improper Verification of Source of a Communication Channel94025