CWEs

CWE NameCWE-IDVulnerabilities
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')47034
Modification of Assumed-Immutable Data (MAID)47122
External Control of Assumed-Immutable Web Parameter47222
PHP External Variable Modification4733
Use of Function with Inconsistent Implementations4746
Undefined Behavior for Input to API4759
NULL Pointer Dereference4763073
Use of Obsolete Function4777
Missing Default Case in Multiple Condition Expression4780
Signal Handler Use of a Non-reentrant Function4791
Use of Incorrect Operator4802
Assigning instead of Comparing4810
Comparing instead of Assigning4821
Incorrect Block Delimitation4830
Omitted Break Statement in Switch4840
Comparison of Classes by Name4860
Reliance on Package-level Scope4870
Exposure of Data Element to Wrong Session48811
Active Debug Code48945
Public cloneable() Method Without Final ('Object Hijack')4912
Use of Inner Class Containing Sensitive Data4920
Critical Public Variable Without Final Modifier4930
Download of Code Without Integrity Check494133
Private Data Structure Returned From A Public Method4950
Public Data Assigned to Private Array-Typed Field4960
Exposure of Sensitive System Information to an Unauthorized Control Sphere49751
Cloneable Class Containing Sensitive Information4980
Serializable Class Containing Sensitive Data4991
Public Static Field Not Marked Final5000
Trust Boundary Violation50114
Deserialization of Untrusted Data5021546
Embedded Malicious Code50648
Trojan Horse5071
Non-Replicating Malicious Code5080
Replicating Malicious Code (Virus or Worm)5091
Trapdoor5100
Logic/Time Bomb5110
Spyware5120
Covert Channel5140
Covert Storage Channel5150
.NET Misconfiguration: Use of Impersonation5201
Weak Password Requirements521199
Insufficiently Protected Credentials5221149
Unprotected Transport of Credentials52311
Use of Cache Containing Sensitive Information52414
Use of Web Browser Cache Containing Sensitive Information52511
Cleartext Storage of Sensitive Information in an Environment Variable5265
Exposure of Version-Control Repository to an Unauthorized Control Sphere5272
Exposure of Core Dump File to an Unauthorized Control Sphere5280
Exposure of Access Control List Files to an Unauthorized Control Sphere5290
Exposure of Backup File to an Unauthorized Control Sphere5306
Inclusion of Sensitive Information in Test Code5310
Insertion of Sensitive Information into Log File532828
Exposure of Information Through Shell Error Message5350
Servlet Runtime Error Message Containing Sensitive Information5360
Java Runtime Error Message Containing Sensitive Information5370
Insertion of Sensitive Information into Externally-Accessible File or Directory53837
Use of Persistent Cookies Containing Sensitive Information5393
Inclusion of Sensitive Information in Source Code54013
Inclusion of Sensitive Information in an Include File5410
Use of Singleton Pattern Without Synchronization in a Multithreaded Context5430
Missing Standardized Error Handling Mechanism5444
Suspicious Comment5460
Use of Hard-coded, Security-relevant Constants5474
Exposure of Information Through Directory Listing54829
Missing Password Field Masking5499
Server-generated Error Message Containing Sensitive Information5502
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization5517
Files or Directories Accessible to External Parties552311
Command Shell in Externally Accessible Directory5530
ASP.NET Misconfiguration: Not Using Input Validation Framework5540
J2EE Misconfiguration: Plaintext Password in Configuration File5550
ASP.NET Misconfiguration: Use of Identity Impersonation5561
Use of getlogin() in Multithreaded Application5580
Use of umask() with chmod-style Argument5600
Dead Code5616
Return of Stack Variable Address5624
Assignment to Variable without Use5631
SQL Injection: Hibernate5641
Reliance on Cookies without Validation and Integrity Checking56559
Authorization Bypass Through User-Controlled SQL Primary Key5662
Unsynchronized Access to Shared Data in a Multithreaded Context5673
finalize() Method Without super.finalize()5680
Expression is Always False5701
Expression is Always True5711
Call to Thread run() instead of start()5720
Improper Following of Specification by Caller5731
EJB Bad Practices: Use of Synchronization Primitives5740
EJB Bad Practices: Use of AWT Swing5750
EJB Bad Practices: Use of Java I/O5760
EJB Bad Practices: Use of Sockets5770
EJB Bad Practices: Use of Class Loader5780
J2EE Bad Practices: Non-serializable Object Stored in Session5790
clone() Method Without super.clone()5800
Object Model Violation: Just One of Equals and Hashcode Defined5810
Array Declared Public, Final, and Static5820
finalize() Method Declared Public5830
Return Inside Finally Block5840
Empty Synchronized Block5850
Explicit Call to Finalize()5860