CWEs

CWE NameCWE-IDVulnerabilities
Use of Invariant Value in Dynamically Changing Context3442
Insufficient Verification of Data Authenticity345412
Origin Validation Error346281
Improper Verification of Cryptographic Signature347469
Use of Less Trusted Source34819
Acceptance of Extraneous Untrusted Data With Trusted Data34921
Reliance on Reverse DNS Resolution for a Security-Critical Action35014
Insufficient Type Distinction3515
Cross-Site Request Forgery (CSRF)3526421
Missing Support for Integrity Check35323
Improper Validation of Integrity Check Value354123
Product UI does not Warn User of Unsafe Actions35618
Insufficient UI Warning of Dangerous Operations35716
Improperly Implemented Security Check for Standard35882
Exposure of Private Personal Information to an Unauthorized Actor35971
Trust of System Event Data3602
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')3621595
Race Condition Enabling Link Following3635
Signal Handler Race Condition3646
Race Condition within a Thread3669
Time-of-check Time-of-use (TOCTOU) Race Condition367360
Context Switching Race Condition3685
Divide By Zero369332
Missing Check for Certificate Revocation after Initial Check3700
Incomplete Internal State Distinction3726
Passing Mutable Objects to an Untrusted Method3741
Returning a Mutable Object to an Untrusted Caller3750
Insecure Temporary File37768
Creation of Temporary File With Insecure Permissions37834
Creation of Temporary File in Directory with Insecure Permissions37941
J2EE Bad Practices: Use of System.exit()3820
J2EE Bad Practices: Direct Use of Threads3830
Session Fixation384318
Covert Timing Channel38531
Symbolic Name not Mapping to Correct Object3861
Detection of Error Condition Without Action3908
Unchecked Error Condition39124
Missing Report of Error Condition3925
Return of Wrong Status Code3935
Unexpected Status Code or Return Value3948
Use of NullPointerException Catch to Detect NULL Pointer Dereference39513
Declaration of Catch for Generic Exception3961
Declaration of Throws for Generic Exception3970
Uncontrolled Resource Consumption4002477
Missing Release of Memory after Effective Lifetime401755
Transmission of Private Resources into a New Sphere ('Resource Leak')40218
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')4031
Improper Resource Shutdown or Release404391
Asymmetric Resource Consumption (Amplification)40514
Insufficient Control of Network Message Volume (Network Amplification)40614
Inefficient Algorithmic Complexity40729
Incorrect Behavior Order: Early Amplification4082
Improper Handling of Highly Compressed Data (Data Amplification)40911
Insufficient Resource Pool41011
Unrestricted Externally Accessible Lock4123
Improper Resource Locking4133
Missing Lock Check4141
Double Free415538
Use After Free4165008
Unprotected Primary Channel41910
Unprotected Alternate Channel42010
Race Condition During Access to Alternate Channel4212
Unprotected Windows Messaging Channel ('Shatter')4220
Improper Protection of Alternate Path42413
Direct Request ('Forced Browsing')425176
Untrusted Search Path426508
Uncontrolled Search Path Element427797
Unquoted Search Path or Element428196
Deployment of Wrong Handler4300
Missing Handler4312
Dangerous Signal Handler not Disabled During Sensitive Operations4320
Unparsed Raw Web Content Delivery4330
Unrestricted Upload of File with Dangerous Type4342743
Improper Interaction Between Multiple Correctly-Behaving Entities4352
Interpretation Conflict43673
Incomplete Model of Endpoint Features4373
Behavioral Change in New Version or Environment4390
Expected Behavior Violation44029
Unintended Proxy or Intermediary ('Confused Deputy')44121
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')444234
UI Discrepancy for Security Feature4461
Unimplemented or Unsupported Feature in UI4472
Obsolete Feature in UI4481
The UI Performs the Wrong Action44915
Multiple Interpretations of UI Input4504
User Interface (UI) Misrepresentation of Critical Information45145
Insecure Default Variable Initialization45314
External Initialization of Trusted Variables or Data Stores4540
Non-exit on Failed Initialization4551
Missing Initialization of a Variable4567
Use of Uninitialized Variable45772
Incomplete Cleanup459132
Improper Cleanup on Thrown Exception46013
Duplicate Key in Associative List (Alist)4620
Deletion of Data Structure Sentinel4632
Addition of Data Structure Sentinel4640
Return of Pointer Value Outside of Expected Range4662
Use of sizeof() on a Pointer Type4672
Incorrect Pointer Scaling4682
Use of Pointer Subtraction to Determine Size4690