CWEs

CWE NameCWE-IDVulnerabilities
Improper Restriction of Operations within the Bounds of a Memory Buffer11912617
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')1202833
Stack-based Buffer Overflow1211712
Heap-based Buffer Overflow1221229
Write-what-where Condition12334
Buffer Underwrite ('Buffer Underflow')12413
Out-of-bounds Read1256651
Buffer Over-read126265
Buffer Under-read1275
Wrap-around Error1282
Improper Validation of Array Index129386
Improper Handling of Length Parameter Inconsistency13051
Incorrect Calculation of Buffer Size131133
Use of Externally-Controlled Format String134336
Incorrect Calculation of Multi-Byte String Length1350
Improper Neutralization of Special Elements13810
Improper Neutralization of Delimiters1408
Improper Neutralization of Parameter/Argument Delimiters1415
Improper Neutralization of Value Delimiters1420
Improper Neutralization of Record Delimiters1430
Improper Neutralization of Line Delimiters1440
Improper Neutralization of Section Delimiters1450
Improper Neutralization of Expression/Command Delimiters1463
Improper Neutralization of Input Terminators1472
Improper Neutralization of Input Leaders1481
Improper Neutralization of Quoting Syntax1491
Improper Neutralization of Escape, Meta, or Control Sequences15017
Improper Neutralization of Comment Delimiters1510
Improper Neutralization of Macro Symbols1520
Improper Neutralization of Substitution Characters1530
Improper Neutralization of Variable Name Delimiters1541
Improper Neutralization of Wildcards or Matching Symbols1558
Improper Neutralization of Whitespace1560
Failure to Sanitize Paired Delimiters1570
Improper Neutralization of Null Byte or NUL Character15812
Improper Handling of Invalid Use of Special Elements1599
Improper Neutralization of Leading Special Elements1600
Improper Neutralization of Multiple Leading Special Elements1610
Improper Neutralization of Trailing Special Elements1620
Improper Neutralization of Multiple Trailing Special Elements1630
Improper Neutralization of Internal Special Elements1640
Improper Neutralization of Multiple Internal Special Elements1651
Improper Handling of Missing Special Element1662
Improper Handling of Additional Special Element1673
Improper Handling of Inconsistent Special Elements1682
Improper Null Termination17030
Encoding Error17213
Improper Handling of Alternate Encoding1732
Double Decoding of the Same Data1740
Improper Handling of Mixed Encoding1750
Improper Handling of Unicode Encoding1768
Improper Handling of URL Encoding (Hex Encoding)1776
Improper Handling of Case Sensitivity17841
Incorrect Behavior Order: Early Validation1793
Incorrect Behavior Order: Validate Before Canonicalize1802
Incorrect Behavior Order: Validate Before Filter1810
Collapse of Data into Unsafe Value1822
Permissive List of Allowed Inputs18311
Incomplete List of Disallowed Inputs18441
Incorrect Regular Expression18528
Overly Restrictive Regular Expression1860
Partial String Comparison1874
Reliance on Data/Memory Layout1880
Integer Overflow or Wraparound1902579
Integer Underflow (Wrap or Wraparound)191274
Integer Coercion Error1926
Off-by-one Error193131
Unexpected Sign Extension1944
Signed to Unsigned Conversion Error19510
Unsigned to Signed Conversion Error1963
Numeric Truncation Error19732
Use of Incorrect Byte Ordering1980
Exposure of Sensitive Information to an Unauthorized Actor2008807
Insertion of Sensitive Information Into Sent Data20174
Exposure of Sensitive Information Through Data Queries20219
Observable Discrepancy203578
Observable Response Discrepancy20454
Observable Behavioral Discrepancy2053
Observable Internal Behavioral Discrepancy2060
Observable Behavioral Discrepancy With Equivalent Products2070
Observable Timing Discrepancy20875
Generation of Error Message Containing Sensitive Information209375
Self-generated Error Message Containing Sensitive Information2102
Externally-Generated Error Message Containing Sensitive Information2110
Improper Removal of Sensitive Information Before Storage or Transfer21276
Exposure of Sensitive Information Due to Incompatible Policies21322
Invocation of Process Using Visible Sensitive Information21412
Insertion of Sensitive Information Into Debugging Code2157
Storage of File with Sensitive Data Under Web Root2195
Storage of File With Sensitive Data Under FTP Root2200
Information Loss or Omission2211
Truncation of Security-relevant Information2222
Omission of Security-relevant Information2234
Obscured Security-relevant Information by Alternate Name2240
Sensitive Information in Resource Not Removed Before Reuse22611
Improper Handling of Syntactically Invalid Structure22810
Improper Handling of Values22913
Improper Handling of Missing Values2306
Improper Handling of Extra Values2314
Improper Handling of Undefined Values2325