CWE

TitleCount
CWE-1004: SENSITIVE COOKIE WITHOUT 'HTTPONLY' FLAG11 items
CWE-1104: USE of UNMAINTAINED THIRD PARTY COMPONENTS2 items
CWE-113: IMPROPER NEUTRALIZATION of CRLF SEQUENCES in HTTP HEADERS ('HTTP REQUEST/RESPONSE SPLITTING')2 items
CWE-116: IMPROPER ENCODING or ESCAPING of OUTPUT9 items
CWE-1236: IMPROPER NEUTRALIZATION of FORMULA ELEMENTS in a CSV FILE3 items
CWE-1275: SENSITIVE COOKIE WITH IMPROPER SAMESITE ATTRIBUTE5 items
CWE-1333: INEFFICIENT REGULAR EXPRESSION COMPLEXITY6 items
CWE-1336: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS USED in a TEMPLATE ENGINE2 items
CWE-134: USE of EXTERNALLY-CONTROLLED FORMAT STRING3 items
CWE-16: CWE CATEGORY: CONFIGURATION4 items
CWE-183: PERMISSIVE LIST of ALLOWED INPUTS3 items
CWE-20: IMPROPER INPUT VALIDATION7 items
CWE-200: EXPOSURE of SENSITIVE INFORMATION to an UNAUTHORIZED ACTOR19 items
CWE-22: IMPROPER LIMITATION of a PATHNAME to a RESTRICTED DIRECTORY ('PATH TRAVERSAL')24 items
CWE-223: OMISSION of SECURITY-RELEVANT INFORMATION2 items
CWE-242: USE of INHERENTLY DANGEROUS FUNCTION2 items
CWE-250: EXECUTION WITH UNNECESSARY PRIVILEGES14 items
CWE-262: NOT USING PASSWORD AGING2 items
CWE-264: CWE CATEGORY: PERMISSIONS, PRIVILEGES, and ACCESS CONTROLS2 items
CWE-269: IMPROPER PRIVILEGE MANAGEMENT10 items
CWE-276: INCORRECT DEFAULT PERMISSIONS4 items
CWE-284: IMPROPER ACCESS CONTROL124 items
CWE-285: IMPROPER AUTHORIZATION3 items
CWE-287: IMPROPER AUTHENTICATION10 items
CWE-295: IMPROPER CERTIFICATE VALIDATION12 items
CWE-300: CHANNEL ACCESSIBLE by NON-ENDPOINT2 items
CWE-306: MISSING AUTHENTICATION for CRITICAL FUNCTION2 items
CWE-310: CWE CATEGORY: CRYPTOGRAPHIC ISSUES3 items
CWE-311: MISSING ENCRYPTION of SENSITIVE DATA21 items
CWE-319: CLEARTEXT TRANSMISSION of SENSITIVE INFORMATION77 items
CWE-320: CWE CATEGORY: KEY MANAGEMENT ERRORS51 items
CWE-321: USE of HARD-CODED CRYPTOGRAPHIC KEY2 items
CWE-322: KEY EXCHANGE WITHOUT ENTITY AUTHENTICATION2 items
CWE-323: REUSING a NONCE, KEY PAIR in ENCRYPTION3 items
CWE-326: INADEQUATE ENCRYPTION STRENGTH47 items
CWE-327: USE of a BROKEN or RISKY CRYPTOGRAPHIC ALGORITHM57 items
CWE-328: USE of WEAK HASH11 items
CWE-329: GENERATION of PREDICTABLE IV WITH CBC MODE2 items
CWE-330: USE of INSUFFICIENTLY RANDOM VALUES3 items
CWE-338: USE of CRYPTOGRAPHICALLY WEAK PSEUDO-RANDOM NUMBER GENERATOR (PRNG)4 items
CWE-345: INSUFFICIENT VERIFICATION of DATA AUTHENTICITY7 items
CWE-346: ORIGIN VALIDATION ERROR5 items
CWE-347: IMPROPER VERIFICATION of CRYPTOGRAPHIC SIGNATURE2 items
CWE-352: CROSS-SITE REQUEST FORGERY (CSRF)21 items
CWE-400: UNCONTROLLED RESOURCE CONSUMPTION3 items
CWE-416: USE AFTER FREE2 items
CWE-441: UNINTENDED PROXY or INTERMEDIARY ('CONFUSED DEPUTY')2 items
CWE-444: INCONSISTENT INTERPRETATION of HTTP REQUESTS ('HTTP REQUEST/RESPONSE SMUGGLING')3 items
CWE-470: USE of EXTERNALLY-CONTROLLED INPUT to SELECT CLASSES or CODE ('UNSAFE REFLECTION')3 items
CWE-489: ACTIVE DEBUG CODE11 items
CWE-502: DESERIALIZATION of UNTRUSTED DATA41 items
CWE-521: WEAK PASSWORD REQUIREMENTS3 items
CWE-522: INSUFFICIENTLY PROTECTED CREDENTIALS19 items
CWE-532: INSERTION of SENSITIVE INFORMATION INTO LOG FILE3 items
CWE-538: INSERTION of SENSITIVE INFORMATION INTO EXTERNALLY-ACCESSIBLE FILE or DIRECTORY2 items
CWE-540: INCLUSION of SENSITIVE INFORMATION in SOURCE CODE4 items
CWE-548: EXPOSURE of INFORMATION THROUGH DIRECTORY LISTING3 items
CWE-601: URL REDIRECTION to UNTRUSTED SITE ('OPEN REDIRECT')17 items
CWE-611: IMPROPER RESTRICTION of XML EXTERNAL ENTITY REFERENCE29 items
CWE-614: SENSITIVE COOKIE in HTTPS SESSION WITHOUT 'SECURE' ATTRIBUTE13 items
CWE-643: IMPROPER NEUTRALIZATION of DATA WITHIN XPATH EXPRESSIONS ('XPATH INJECTION')2 items
CWE-668: EXPOSURE of RESOURCE to WRONG SPHERE2 items
CWE-676: USE of POTENTIALLY DANGEROUS FUNCTION6 items
CWE-682: INCORRECT CALCULATION4 items
CWE-688: FUNCTION CALL WITH INCORRECT VARIABLE or REFERENCE as ARGUMENT2 items
CWE-693: PROTECTION MECHANISM FAILURE2 items
CWE-704: INCORRECT TYPE CONVERSION or CAST5 items
CWE-706: USE of INCORRECTLY-RESOLVED NAME or REFERENCE4 items
CWE-73: EXTERNAL CONTROL of FILE NAME or PATH4 items
CWE-732: INCORRECT PERMISSION ASSIGNMENT for CRITICAL RESOURCE15 items
CWE-74: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS in OUTPUT USED by a DOWNSTREAM COMPONENT ('INJECTION')2 items
CWE-778: INSUFFICIENT LOGGING9 items
CWE-78: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS USED in an OS COMMAND ('OS COMMAND INJECTION')58 items
CWE-780: USE of RSA ALGORITHM WITHOUT OAEP2 items
CWE-79: IMPROPER NEUTRALIZATION of INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING')128 items
CWE-798: USE of HARD-CODED CREDENTIALS239 items
CWE-807: RELIANCE on UNTRUSTED INPUTS in a SECURITY DECISION4 items
CWE-837: IMPROPER ENFORCEMENT of a SINGLE, UNIQUE ACTION2 items
CWE-841: IMPROPER ENFORCEMENT of BEHAVIORAL WORKFLOW7 items
CWE-862: MISSING AUTHORIZATION2 items
CWE-89: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS USED in an SQL COMMAND ('SQL INJECTION')79 items
CWE-90: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS USED in an LDAP QUERY ('LDAP INJECTION')4 items
CWE-913: IMPROPER CONTROL of DYNAMICALLY-MANAGED CODE RESOURCES4 items
CWE-915: IMPROPERLY CONTROLLED MODIFICATION of DYNAMICALLY-DETERMINED OBJECT ATTRIBUTES15 items
CWE-918: SERVER-SIDE REQUEST FORGERY (SSRF)39 items
CWE-922: INSECURE STORAGE of SENSITIVE INFORMATION2 items
CWE-93: IMPROPER NEUTRALIZATION of CRLF SEQUENCES ('CRLF INJECTION')2 items
CWE-94: IMPROPER CONTROL of GENERATION of CODE ('CODE INJECTION')43 items
CWE-942: PERMISSIVE CROSS-DOMAIN POLICY WITH UNTRUSTED DOMAINS5 items
CWE-943: IMPROPER NEUTRALIZATION of SPECIAL ELEMENTS in DATA QUERY LOGIC5 items
CWE-95: IMPROPER NEUTRALIZATION of DIRECTIVES in DYNAMICALLY EVALUATED CODE ('EVAL INJECTION')31 items
CWE-96: IMPROPER NEUTRALIZATION of DIRECTIVES in STATICALLY SAVED CODE ('STATIC CODE INJECTION')6 items