Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | 470 | 34 |
Modification of Assumed-Immutable Data (MAID) | 471 | 22 |
External Control of Assumed-Immutable Web Parameter | 472 | 22 |
PHP External Variable Modification | 473 | 3 |
Use of Function with Inconsistent Implementations | 474 | 6 |
Undefined Behavior for Input to API | 475 | 9 |
NULL Pointer Dereference | 476 | 3073 |
Use of Obsolete Function | 477 | 7 |
Missing Default Case in Multiple Condition Expression | 478 | 0 |
Signal Handler Use of a Non-reentrant Function | 479 | 1 |
Use of Incorrect Operator | 480 | 2 |
Assigning instead of Comparing | 481 | 0 |
Comparing instead of Assigning | 482 | 1 |
Incorrect Block Delimitation | 483 | 0 |
Omitted Break Statement in Switch | 484 | 0 |
Comparison of Classes by Name | 486 | 0 |
Reliance on Package-level Scope | 487 | 0 |
Exposure of Data Element to Wrong Session | 488 | 11 |
Active Debug Code | 489 | 45 |
Public cloneable() Method Without Final ('Object Hijack') | 491 | 2 |
Use of Inner Class Containing Sensitive Data | 492 | 0 |
Critical Public Variable Without Final Modifier | 493 | 0 |
Download of Code Without Integrity Check | 494 | 133 |
Private Data Structure Returned From A Public Method | 495 | 0 |
Public Data Assigned to Private Array-Typed Field | 496 | 0 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere | 497 | 51 |
Cloneable Class Containing Sensitive Information | 498 | 0 |
Serializable Class Containing Sensitive Data | 499 | 1 |
Public Static Field Not Marked Final | 500 | 0 |
Trust Boundary Violation | 501 | 14 |
Deserialization of Untrusted Data | 502 | 1546 |
Embedded Malicious Code | 506 | 48 |
Trojan Horse | 507 | 1 |
Non-Replicating Malicious Code | 508 | 0 |
Replicating Malicious Code (Virus or Worm) | 509 | 1 |
Trapdoor | 510 | 0 |
Logic/Time Bomb | 511 | 0 |
Spyware | 512 | 0 |
Covert Channel | 514 | 0 |
Covert Storage Channel | 515 | 0 |
.NET Misconfiguration: Use of Impersonation | 520 | 1 |
Weak Password Requirements | 521 | 199 |
Insufficiently Protected Credentials | 522 | 1149 |
Unprotected Transport of Credentials | 523 | 11 |
Use of Cache Containing Sensitive Information | 524 | 14 |
Use of Web Browser Cache Containing Sensitive Information | 525 | 11 |
Cleartext Storage of Sensitive Information in an Environment Variable | 526 | 5 |
Exposure of Version-Control Repository to an Unauthorized Control Sphere | 527 | 2 |
Exposure of Core Dump File to an Unauthorized Control Sphere | 528 | 0 |
Exposure of Access Control List Files to an Unauthorized Control Sphere | 529 | 0 |
Exposure of Backup File to an Unauthorized Control Sphere | 530 | 6 |
Inclusion of Sensitive Information in Test Code | 531 | 0 |
Insertion of Sensitive Information into Log File | 532 | 828 |
Exposure of Information Through Shell Error Message | 535 | 0 |
Servlet Runtime Error Message Containing Sensitive Information | 536 | 0 |
Java Runtime Error Message Containing Sensitive Information | 537 | 0 |
Insertion of Sensitive Information into Externally-Accessible File or Directory | 538 | 37 |
Use of Persistent Cookies Containing Sensitive Information | 539 | 3 |
Inclusion of Sensitive Information in Source Code | 540 | 13 |
Inclusion of Sensitive Information in an Include File | 541 | 0 |
Use of Singleton Pattern Without Synchronization in a Multithreaded Context | 543 | 0 |
Missing Standardized Error Handling Mechanism | 544 | 4 |
Suspicious Comment | 546 | 0 |
Use of Hard-coded, Security-relevant Constants | 547 | 4 |
Exposure of Information Through Directory Listing | 548 | 29 |
Missing Password Field Masking | 549 | 9 |
Server-generated Error Message Containing Sensitive Information | 550 | 2 |
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | 551 | 7 |
Files or Directories Accessible to External Parties | 552 | 311 |
Command Shell in Externally Accessible Directory | 553 | 0 |
ASP.NET Misconfiguration: Not Using Input Validation Framework | 554 | 0 |
J2EE Misconfiguration: Plaintext Password in Configuration File | 555 | 0 |
ASP.NET Misconfiguration: Use of Identity Impersonation | 556 | 1 |
Use of getlogin() in Multithreaded Application | 558 | 0 |
Use of umask() with chmod-style Argument | 560 | 0 |
Dead Code | 561 | 6 |
Return of Stack Variable Address | 562 | 4 |
Assignment to Variable without Use | 563 | 1 |
SQL Injection: Hibernate | 564 | 1 |
Reliance on Cookies without Validation and Integrity Checking | 565 | 59 |
Authorization Bypass Through User-Controlled SQL Primary Key | 566 | 2 |
Unsynchronized Access to Shared Data in a Multithreaded Context | 567 | 3 |
finalize() Method Without super.finalize() | 568 | 0 |
Expression is Always False | 570 | 1 |
Expression is Always True | 571 | 1 |
Call to Thread run() instead of start() | 572 | 0 |
Improper Following of Specification by Caller | 573 | 1 |
EJB Bad Practices: Use of Synchronization Primitives | 574 | 0 |
EJB Bad Practices: Use of AWT Swing | 575 | 0 |
EJB Bad Practices: Use of Java I/O | 576 | 0 |
EJB Bad Practices: Use of Sockets | 577 | 0 |
EJB Bad Practices: Use of Class Loader | 578 | 0 |
J2EE Bad Practices: Non-serializable Object Stored in Session | 579 | 0 |
clone() Method Without super.clone() | 580 | 0 |
Object Model Violation: Just One of Equals and Hashcode Defined | 581 | 0 |
Array Declared Public, Final, and Static | 582 | 0 |
finalize() Method Declared Public | 583 | 0 |
Return Inside Finally Block | 584 | 0 |
Empty Synchronized Block | 585 | 0 |
Explicit Call to Finalize() | 586 | 0 |