MITRE's CWE (Common Weakness Enumeration)

Overview

CodeSonar's advanced static analysis engine automatically detects over 100 types of security vulnerabilities in your code, allowing you to accurately and efficiently eliminate risks of security breaches.

CodeSonar's warning classes also support several coding initiatives, including the CWE, in order to make compliance with industry standards efficient and effective during software development.

Common Weakness Enumeration (CWE)

CodeSecure's CodeSonar is certified as CWE-Compatible, recognizing that it supports the CWE to the highest level currently recognized by the organization.

The CWE is a list of software weaknesses and security vulnerabilities. This international list allows clear communication between different parties with interests in computer security, including researchers, tool designers, and users. More information can be found using the following link.

Relevant Warning Classes

The following accordion shows the CodeSonar warning classes that are associated with CWE rules and which uses CWE 4.14, published February 29th, 2024.

Mapping Definition

The table below show classes from our broad mapping which for a given warning class and category kind combines categories from four sources:

  1. The close mapping for the class.
  2. Other categories of that kind that are related to the class in a meaningful way, but not eligible for the close mapping. Usually this indicates a substantial overlap between category and warning class, but overlap that cannot be characterized as a subset or superset relationship.
  3. It the category kind is hierarchical (of the current category taxonomies, only We has this property): tor all categories trom sources 1 and 2, all ancestors in the taxonomy hierarchy
  4. In a small number of cases, all descendants of a hierarchical category source 1 or 2 are also applicable to the class. In these cases the descendants are also added to the broad mapping

 

Mapping Tables

Mapping Summary

  Supported All Percent Coverage
All 815 1427 57.1%

Mapping Detail

Rule Rule Name C/C++ Java C#
CWE:1 DEPRECATED: Location No No No
CWE:2 7PK - Environment Yes Yes No
CWE:3 DEPRECATED: Technology-specific Environment Issues No No No
CWE:4 DEPRECATED: J2EE Environment Issues No No No
CWE:5 J2EE Misconfiguration: Data Transmission Without Encryption No Yes No
CWE:6 J2EE Misconfiguration: Insufficient Session-ID Length No No No
CWE:7 J2EE Misconfiguration: Missing Custom Error Page No Yes No
CWE:8 J2EE Misconfiguration: Entity Bean Declared Remote No No No
CWE:9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods No No No
CWE:10 DEPRECATED: ASP.NET Environment Issues No No No
CWE:11 ASP.NET Misconfiguration: Creating Debug Binary No No No
CWE:12 ASP.NET Misconfiguration: Missing Custom Error Page No No No
CWE:13 ASP.NET Misconfiguration: Password in Configuration File No No No
CWE:14 Compiler Removal of Code to Clear Buffers Yes No No
CWE:15 External Control of System or Configuration Setting Yes No No
CWE:16 Configuration No No No
CWE:17 DEPRECATED: Code No No No
CWE:18 DEPRECATED: Source Code No No No
CWE:19 Data Processing Errors Yes Yes Yes
CWE:20 Improper Input Validation Yes Yes Yes
CWE:21 DEPRECATED: Pathname Traversal and Equivalence Errors No No No
CWE:22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Yes Yes Yes
CWE:23 Relative Path Traversal Yes No No
CWE:24 Path Traversal: '../filedir' Yes No No
CWE:25 Path Traversal: '/../filedir' Yes No No
CWE:26 Path Traversal: '/dir/../filename' Yes No No
CWE:27 Path Traversal: 'dir/../../filename' Yes No No
CWE:28 Path Traversal: '..\filedir' Yes No No
CWE:29 Path Traversal: '\..\filename' Yes No No
CWE:30 Path Traversal: '\dir\..\filename' Yes No No
CWE:31 Path Traversal: 'dir\..\..\filename' Yes No No
CWE:32 Path Traversal: '...' (Triple Dot) Yes No No
CWE:33 Path Traversal: '....' (Multiple Dot) Yes No No
CWE:34 Path Traversal: '....//' Yes No No
CWE:35 Path Traversal: '.../...//' Yes No No
CWE:36 Absolute Path Traversal Yes No No
CWE:37 Path Traversal: '/absolute/pathname/here' Yes No No
CWE:38 Path Traversal: '\absolute\pathname\here' Yes No No
CWE:39 Path Traversal: 'C:dirname' Yes No No
CWE:40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) Yes No No
CWE:41 Improper Resolution of Path Equivalence No No No
CWE:42 Path Equivalence: 'filename.' (Trailing Dot) No No No
CWE:43 Path Equivalence: 'filename....' (Multiple Trailing Dot) No No No
CWE:44 Path Equivalence: 'file.name' (Internal Dot) No No No
CWE:45 Path Equivalence: 'file...name' (Multiple Internal Dot) No No No
CWE:46 Path Equivalence: 'filename ' (Trailing Space) No No No
CWE:47 Path Equivalence: ' filename' (Leading Space) No No No
CWE:48 Path Equivalence: 'file name' (Internal Whitespace) No No No
CWE:49 Path Equivalence: 'filename/' (Trailing Slash) No No No
CWE:50 Path Equivalence: '//multiple/leading/slash' No No No
CWE:51 Path Equivalence: '/multiple//internal/slash' No No No
CWE:52 Path Equivalence: '/multiple/trailing/slash//' No No No
CWE:53 Path Equivalence: '\multiple\\internal\backslash' No No No
CWE:54 Path Equivalence: 'filedir\' (Trailing Backslash) No No No
CWE:55 Path Equivalence: '/./' (Single Dot Directory) No No No
CWE:56 Path Equivalence: 'filedir*' (Wildcard) No No No
CWE:57 Path Equivalence: 'fakedir/../realdir/filename' No No No
CWE:58 Path Equivalence: Windows 8.3 Filename No No No
CWE:59 Improper Link Resolution Before File Access ('Link Following') No No No
CWE:60 DEPRECATED: UNIX Path Link Problems No No No
CWE:61 UNIX Symbolic Link (Symlink) Following No No No
CWE:62 UNIX Hard Link No No No
CWE:63 DEPRECATED: Windows Path Link Problems No No No
CWE:64 Windows Shortcut Following (.LNK) No No No
CWE:65 Windows Hard Link No No No
CWE:66 Improper Handling of File Names that Identify Virtual Resources No No No
CWE:67 Improper Handling of Windows Device Names No No No
CWE:68 DEPRECATED: Windows Virtual File Problems No No No
CWE:69 Improper Handling of Windows ::DATA Alternate Data Stream No No No
CWE:70 DEPRECATED: Mac Virtual File Problems No No No
CWE:71 DEPRECATED: Apple '.DS_Store' No No No
CWE:72 Improper Handling of Apple HFS+ Alternate Data Stream Path No No No
CWE:73 External Control of File Name or Path Yes Yes Yes
CWE:74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Yes Yes Yes
CWE:75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) No No No
CWE:76 Improper Neutralization of Equivalent Special Elements No No No
CWE:77 Improper Neutralization of Special Elements used in a Command ('Command Injection') Yes Yes Yes
CWE:78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Yes Yes Yes
CWE:79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Yes Yes Yes
CWE:80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) No No No
CWE:81 Improper Neutralization of Script in an Error Message Web Page No Yes Yes
CWE:82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page No No No
CWE:83 Improper Neutralization of Script in Attributes in a Web Page No No No
CWE:84 Improper Neutralization of Encoded URI Schemes in a Web Page No No No
CWE:85 Doubled Character XSS Manipulations No No No
CWE:86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages No No No
CWE:87 Improper Neutralization of Alternate XSS Syntax No No No
CWE:88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Yes No No
CWE:89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Yes Yes Yes
CWE:90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Yes Yes Yes
CWE:91 XML Injection (aka Blind XPath Injection) No Yes Yes
CWE:92 DEPRECATED: Improper Sanitization of Custom Special Characters No No No
CWE:93 Improper Neutralization of CRLF Sequences ('CRLF Injection') No Yes Yes
CWE:94 Improper Control of Generation of Code ('Code Injection') No Yes Yes
CWE:95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') No Yes Yes
CWE:96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') No No No
CWE:97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page No No No
CWE:98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') No No No
CWE:99 Improper Control of Resource Identifiers ('Resource Injection') Yes No No
CWE:100 DEPRECATED: Technology-Specific Input Validation Problems No No No
CWE:101 DEPRECATED: Struts Validation Problems No No No
CWE:102 Struts: Duplicate Validation Forms No No No
CWE:103 Struts: Incomplete validate() Method Definition No Yes No
CWE:104 Struts: Form Bean Does Not Extend Validation Class No No No
CWE:105 Struts: Form Field Without Validator No No No
CWE:106 Struts: Plug-in Framework not in Use No No No
CWE:107 Struts: Unused Validation Form No No No
CWE:108 Struts: Unvalidated Action Form No No No
CWE:109 Struts: Validator Turned Off No No No
CWE:110 Struts: Validator Without Form Field No No No
CWE:111 Direct Use of Unsafe JNI No No No
CWE:112 Missing XML Validation No No No
CWE:113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') No Yes Yes
CWE:114 Process Control Yes Yes Yes
CWE:115 Misinterpretation of Input No No No
CWE:116 Improper Encoding or Escaping of Output Yes Yes Yes
CWE:117 Improper Output Neutralization for Logs Yes Yes Yes
CWE:118 Incorrect Access of Indexable Resource ('Range Error') Yes No No
CWE:119 Improper Restriction of Operations within the Bounds of a Memory Buffer Yes No No
CWE:120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Yes No No
CWE:121 Stack-based Buffer Overflow Yes No No
CWE:122 Heap-based Buffer Overflow Yes No No
CWE:123 Write-what-where Condition Yes No No
CWE:124 Buffer Underwrite ('Buffer Underflow') Yes No No
CWE:125 Out-of-bounds Read Yes No No
CWE:126 Buffer Over-read Yes No No
CWE:127 Buffer Under-read Yes No No
CWE:128 Wrap-around Error Yes No No
CWE:129 Improper Validation of Array Index Yes No No
CWE:130 Improper Handling of Length Parameter Inconsistency Yes No No
CWE:131 Incorrect Calculation of Buffer Size Yes No No
CWE:132 DEPRECATED: Miscalculated Null Termination No No No
CWE:133 String Errors Yes Yes Yes
CWE:134 Use of Externally-Controlled Format String Yes Yes Yes
CWE:135 Incorrect Calculation of Multi-Byte String Length Yes No No
CWE:136 Type Errors Yes Yes Yes
CWE:137 Data Neutralization Issues Yes Yes Yes
CWE:138 Improper Neutralization of Special Elements Yes No No
CWE:139 DEPRECATED: General Special Element Problems No No No
CWE:140 Improper Neutralization of Delimiters No No No
CWE:141 Improper Neutralization of Parameter/Argument Delimiters No No No
CWE:142 Improper Neutralization of Value Delimiters No No No
CWE:143 Improper Neutralization of Record Delimiters No No No
CWE:144 Improper Neutralization of Line Delimiters No No No
CWE:145 Improper Neutralization of Section Delimiters No No No
CWE:146 Improper Neutralization of Expression/Command Delimiters No No No
CWE:147 Improper Neutralization of Input Terminators Yes No No
CWE:148 Improper Neutralization of Input Leaders No No No
CWE:149 Improper Neutralization of Quoting Syntax No No No
CWE:150 Improper Neutralization of Escape, Meta, or Control Sequences No No No
CWE:151 Improper Neutralization of Comment Delimiters No No No
CWE:152 Improper Neutralization of Macro Symbols No No No
CWE:153 Improper Neutralization of Substitution Characters No No No
CWE:154 Improper Neutralization of Variable Name Delimiters No No No
CWE:155 Improper Neutralization of Wildcards or Matching Symbols No No No
CWE:156 Improper Neutralization of Whitespace No No No
CWE:157 Failure to Sanitize Paired Delimiters No No No
CWE:158 Improper Neutralization of Null Byte or NUL Character No No No
CWE:159 Improper Handling of Invalid Use of Special Elements No No No
CWE:160 Improper Neutralization of Leading Special Elements No No No
CWE:161 Improper Neutralization of Multiple Leading Special Elements No No No
CWE:162 Improper Neutralization of Trailing Special Elements No No No
CWE:163 Improper Neutralization of Multiple Trailing Special Elements No No No
CWE:164 Improper Neutralization of Internal Special Elements No No No
CWE:165 Improper Neutralization of Multiple Internal Special Elements No No No
CWE:166 Improper Handling of Missing Special Element No No No
CWE:167 Improper Handling of Additional Special Element No No No
CWE:168 Improper Handling of Inconsistent Special Elements No No No
CWE:169 DEPRECATED: Technology-Specific Special Elements No No No
CWE:170 Improper Null Termination Yes No No
CWE:171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors No No No
CWE:172 Encoding Error No No No
CWE:173 Improper Handling of Alternate Encoding No No No
CWE:174 Double Decoding of the Same Data No No No
CWE:175 Improper Handling of Mixed Encoding No No No
CWE:176 Improper Handling of Unicode Encoding No No No
CWE:177 Improper Handling of URL Encoding (Hex Encoding) No No No
CWE:178 Improper Handling of Case Sensitivity No No No
CWE:179 Incorrect Behavior Order: Early Validation No No No
CWE:180 Incorrect Behavior Order: Validate Before Canonicalize No No No
CWE:181 Incorrect Behavior Order: Validate Before Filter No No No
CWE:182 Collapse of Data into Unsafe Value No No No
CWE:183 Permissive List of Allowed Inputs No No No
CWE:184 Incomplete List of Disallowed Inputs No No No
CWE:185 Incorrect Regular Expression No No No
CWE:186 Overly Restrictive Regular Expression No No No
CWE:187 Partial String Comparison No No No
CWE:188 Reliance on Data/Memory Layout Yes No No
CWE:189 Numeric Errors Yes Yes Yes
CWE:190 Integer Overflow or Wraparound Yes Yes Yes
CWE:191 Integer Underflow (Wrap or Wraparound) Yes Yes No
CWE:192 Integer Coercion Error Yes Yes Yes
CWE:193 Off-by-one Error Yes No No
CWE:194 Unexpected Sign Extension Yes No No
CWE:195 Signed to Unsigned Conversion Error Yes No No
CWE:196 Unsigned to Signed Conversion Error Yes No No
CWE:197 Numeric Truncation Error Yes Yes Yes
CWE:198 Use of Incorrect Byte Ordering No No No
CWE:199 Information Management Errors Yes Yes Yes
CWE:200 Exposure of Sensitive Information to an Unauthorized Actor Yes Yes Yes
CWE:201 Insertion of Sensitive Information Into Sent Data Yes No No
CWE:202 Exposure of Sensitive Information Through Data Queries No No No
CWE:203 Observable Discrepancy Yes No No
CWE:204 Observable Response Discrepancy No No No
CWE:205 Observable Behavioral Discrepancy No No No
CWE:206 Observable Internal Behavioral Discrepancy No No No
CWE:207 Observable Behavioral Discrepancy With Equivalent Products No No No
CWE:208 Observable Timing Discrepancy No No No
CWE:209 Generation of Error Message Containing Sensitive Information No Yes Yes
CWE:210 Self-generated Error Message Containing Sensitive Information No No No
CWE:211 Externally-Generated Error Message Containing Sensitive Information No Yes No
CWE:212 Improper Removal of Sensitive Information Before Storage or Transfer Yes No No
CWE:213 Exposure of Sensitive Information Due to Incompatible Policies No No No
CWE:214 Invocation of Process Using Visible Sensitive Information No No No
CWE:215 Insertion of Sensitive Information Into Debugging Code No No No
CWE:216 DEPRECATED: Containment Errors (Container Errors) No No No
CWE:217 DEPRECATED: Failure to Protect Stored Data from Modification No No No
CWE:218 DEPRECATED: Failure to provide confidentiality for stored data No No No
CWE:219 Storage of File with Sensitive Data Under Web Root No No No
CWE:220 Storage of File With Sensitive Data Under FTP Root No No No
CWE:221 Information Loss or Omission Yes Yes Yes
CWE:222 Truncation of Security-relevant Information No No No
CWE:223 Omission of Security-relevant Information No No No
CWE:224 Obscured Security-relevant Information by Alternate Name No No No
CWE:225 DEPRECATED: General Information Management Problems No No No
CWE:226 Sensitive Information in Resource Not Removed Before Reuse Yes No No
CWE:227 7PK - API Abuse Yes Yes Yes
CWE:228 Improper Handling of Syntactically Invalid Structure Yes No No
CWE:229 Improper Handling of Values Yes No No
CWE:230 Improper Handling of Missing Values Yes No No
CWE:231 Improper Handling of Extra Values Yes No No
CWE:232 Improper Handling of Undefined Values Yes No No
CWE:233 Improper Handling of Parameters No No No
CWE:234 Failure to Handle Missing Parameter No No No
CWE:235 Improper Handling of Extra Parameters No No No
CWE:236 Improper Handling of Undefined Parameters No No No
CWE:237 Improper Handling of Structural Elements Yes No No
CWE:238 Improper Handling of Incomplete Structural Elements Yes No No
CWE:239 Failure to Handle Incomplete Element Yes No No
CWE:240 Improper Handling of Inconsistent Structural Elements Yes No No
CWE:241 Improper Handling of Unexpected Data Type Yes No No
CWE:242 Use of Inherently Dangerous Function Yes No No
CWE:243 Creation of chroot Jail Without Changing Working Directory Yes No No
CWE:244 Improper Clearing of Heap Memory Before Release ('Heap Inspection') Yes No No
CWE:245 J2EE Bad Practices: Direct Management of Connections No No No
CWE:246 J2EE Bad Practices: Direct Use of Sockets No No No
CWE:247 DEPRECATED: Reliance on DNS Lookups in a Security Decision No No No
CWE:248 Uncaught Exception Yes No No
CWE:249 DEPRECATED: Often Misused: Path Manipulation No No No
CWE:250 Execution with Unnecessary Privileges No No No
CWE:251 Often Misused: String Management Yes No No
CWE:252 Unchecked Return Value Yes Yes Yes
CWE:253 Incorrect Check of Function Return Value Yes Yes Yes
CWE:254 7PK - Security Features Yes Yes Yes
CWE:255 Credentials Management Errors Yes Yes Yes
CWE:256 Plaintext Storage of a Password Yes No No
CWE:257 Storing Passwords in a Recoverable Format No No No
CWE:258 Empty Password in Configuration File No No No
CWE:259 Use of Hard-coded Password Yes Yes Yes
CWE:260 Password in Configuration File No No No
CWE:261 Weak Encoding for Password No No No
CWE:262 Not Using Password Aging No No No
CWE:263 Password Aging with Long Expiration No No No
CWE:264 Permissions, Privileges, and Access Controls No No No
CWE:265 Privilege Issues Yes Yes Yes
CWE:266 Incorrect Privilege Assignment Yes No No
CWE:267 Privilege Defined With Unsafe Actions No No No
CWE:268 Privilege Chaining No No No
CWE:269 Improper Privilege Management Yes No No
CWE:270 Privilege Context Switching Error No No No
CWE:271 Privilege Dropping / Lowering Errors No No No
CWE:272 Least Privilege Violation No No No
CWE:273 Improper Check for Dropped Privileges No No No
CWE:274 Improper Handling of Insufficient Privileges Yes No No
CWE:275 Permission Issues Yes Yes No
CWE:276 Incorrect Default Permissions No No No
CWE:277 Insecure Inherited Permissions No No No
CWE:278 Insecure Preserved Inherited Permissions No No No
CWE:279 Incorrect Execution-Assigned Permissions No No No
CWE:280 Improper Handling of Insufficient Permissions or Privileges Yes No No
CWE:281 Improper Preservation of Permissions Yes No No
CWE:282 Improper Ownership Management No No No
CWE:283 Unverified Ownership No No No
CWE:284 Improper Access Control Yes Yes Yes
CWE:285 Improper Authorization Yes Yes No
CWE:286 Incorrect User Management No No No
CWE:287 Improper Authentication Yes Yes Yes
CWE:288 Authentication Bypass Using an Alternate Path or Channel No No No
CWE:289 Authentication Bypass by Alternate Name No No No
CWE:290 Authentication Bypass by Spoofing Yes No No
CWE:291 Reliance on IP Address for Authentication No No No
CWE:292 DEPRECATED: Trusting Self-reported DNS Name No No No
CWE:293 Using Referer Field for Authentication No No No
CWE:294 Authentication Bypass by Capture-replay No No No
CWE:295 Improper Certificate Validation No Yes No
CWE:296 Improper Following of a Certificate's Chain of Trust No No No
CWE:297 Improper Validation of Certificate with Host Mismatch No No No
CWE:298 Improper Validation of Certificate Expiration No No No
CWE:299 Improper Check for Certificate Revocation No No No
CWE:300 Channel Accessible by Non-Endpoint No No No
CWE:301 Reflection Attack in an Authentication Protocol No No No
CWE:302 Authentication Bypass by Assumed-Immutable Data No No No
CWE:303 Incorrect Implementation of Authentication Algorithm No No No
CWE:304 Missing Critical Step in Authentication No No No
CWE:305 Authentication Bypass by Primary Weakness No No No
CWE:306 Missing Authentication for Critical Function No No No
CWE:307 Improper Restriction of Excessive Authentication Attempts No No No
CWE:308 Use of Single-factor Authentication No No No
CWE:309 Use of Password System for Primary Authentication No No No
CWE:310 Cryptographic Issues Yes Yes Yes
CWE:311 Missing Encryption of Sensitive Data Yes Yes Yes
CWE:312 Cleartext Storage of Sensitive Information Yes No No
CWE:313 Cleartext Storage in a File or on Disk Yes No No
CWE:314 Cleartext Storage in the Registry No No No
CWE:315 Cleartext Storage of Sensitive Information in a Cookie No No No
CWE:316 Cleartext Storage of Sensitive Information in Memory Yes No No
CWE:317 Cleartext Storage of Sensitive Information in GUI No No No
CWE:318 Cleartext Storage of Sensitive Information in Executable Yes No No
CWE:319 Cleartext Transmission of Sensitive Information Yes Yes Yes
CWE:320 Key Management Errors Yes Yes Yes
CWE:321 Use of Hard-coded Cryptographic Key Yes Yes Yes
CWE:322 Key Exchange without Entity Authentication No No No
CWE:323 Reusing a Nonce, Key Pair in Encryption Yes No No
CWE:324 Use of a Key Past its Expiration Date No No No
CWE:325 Missing Cryptographic Step Yes Yes Yes
CWE:326 Inadequate Encryption Strength Yes Yes Yes
CWE:327 Use of a Broken or Risky Cryptographic Algorithm Yes Yes Yes
CWE:328 Use of Weak Hash Yes Yes Yes
CWE:329 Generation of Predictable IV with CBC Mode No No No
CWE:330 Use of Insufficiently Random Values Yes Yes Yes
CWE:331 Insufficient Entropy Yes No No
CWE:332 Insufficient Entropy in PRNG Yes No No
CWE:333 Improper Handling of Insufficient Entropy in TRNG No No No
CWE:334 Small Space of Random Values Yes No No
CWE:335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) Yes Yes Yes
CWE:336 Same Seed in Pseudo-Random Number Generator (PRNG) Yes Yes Yes
CWE:337 Predictable Seed in Pseudo-Random Number Generator (PRNG) Yes No No
CWE:338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Yes Yes Yes
CWE:339 Small Seed Space in PRNG Yes No No
CWE:340 Generation of Predictable Numbers or Identifiers Yes No No
CWE:341 Predictable from Observable State Yes No No
CWE:342 Predictable Exact Value from Previous Values Yes No No
CWE:343 Predictable Value Range from Previous Values Yes No No
CWE:344 Use of Invariant Value in Dynamically Changing Context Yes Yes Yes
CWE:345 Insufficient Verification of Data Authenticity No Yes No
CWE:346 Origin Validation Error No No No
CWE:347 Improper Verification of Cryptographic Signature No No No
CWE:348 Use of Less Trusted Source No No No
CWE:349 Acceptance of Extraneous Untrusted Data With Trusted Data No Yes No
CWE:350 Reliance on Reverse DNS Resolution for a Security-Critical Action Yes No No
CWE:351 Insufficient Type Distinction No No No
CWE:352 Cross-Site Request Forgery (CSRF) No No No
CWE:353 Missing Support for Integrity Check No No No
CWE:354 Improper Validation of Integrity Check Value No No No
CWE:355 User Interface Security Issues Yes No No
CWE:356 Product UI does not Warn User of Unsafe Actions No No No
CWE:357 Insufficient UI Warning of Dangerous Operations No No No
CWE:358 Improperly Implemented Security Check for Standard No No No
CWE:359 Exposure of Private Personal Information to an Unauthorized Actor Yes No No
CWE:360 Trust of System Event Data No No No
CWE:361 7PK - Time and State Yes Yes Yes
CWE:362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Yes Yes No
CWE:363 Race Condition Enabling Link Following Yes No No
CWE:364 Signal Handler Race Condition Yes No No
CWE:365 DEPRECATED: Race Condition in Switch No No No
CWE:366 Race Condition within a Thread Yes Yes No
CWE:367 Time-of-check Time-of-use (TOCTOU) Race Condition Yes No No
CWE:368 Context Switching Race Condition Yes No No
CWE:369 Divide By Zero Yes No No
CWE:370 Missing Check for Certificate Revocation after Initial Check No No No
CWE:371 State Issues Yes No No
CWE:372 Incomplete Internal State Distinction No No No
CWE:373 DEPRECATED: State Synchronization Error No No No
CWE:374 Passing Mutable Objects to an Untrusted Method No No No
CWE:375 Returning a Mutable Object to an Untrusted Caller No No No
CWE:376 DEPRECATED: Temporary File Issues No No No
CWE:377 Insecure Temporary File Yes No No
CWE:378 Creation of Temporary File With Insecure Permissions Yes No No
CWE:379 Creation of Temporary File in Directory with Insecure Permissions Yes No No
CWE:380 DEPRECATED: Technology-Specific Time and State Issues No No No
CWE:381 DEPRECATED: J2EE Time and State Issues No No No
CWE:382 J2EE Bad Practices: Use of System.exit() No Yes No
CWE:383 J2EE Bad Practices: Direct Use of Threads No Yes No
CWE:384 Session Fixation No No No
CWE:385 Covert Timing Channel No No No
CWE:386 Symbolic Name not Mapping to Correct Object Yes No No
CWE:387 Signal Errors Yes No No
CWE:388 7PK - Errors Yes Yes Yes
CWE:389 Error Conditions, Return Values, Status Codes Yes Yes Yes
CWE:390 Detection of Error Condition Without Action Yes Yes Yes
CWE:391 Unchecked Error Condition Yes No No
CWE:392 Missing Report of Error Condition Yes Yes Yes
CWE:393 Return of Wrong Status Code No No No
CWE:394 Unexpected Status Code or Return Value Yes No No
CWE:395 Use of NullPointerException Catch to Detect NULL Pointer Dereference No Yes Yes
CWE:396 Declaration of Catch for Generic Exception Yes Yes Yes
CWE:397 Declaration of Throws for Generic Exception Yes Yes Yes
CWE:398 7PK - Code Quality Yes Yes Yes
CWE:399 Resource Management Errors Yes Yes Yes
CWE:400 Uncontrolled Resource Consumption Yes Yes Yes
CWE:401 Missing Release of Memory after Effective Lifetime Yes No No
CWE:402 Transmission of Private Resources into a New Sphere ('Resource Leak') No No No
CWE:403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') No No No
CWE:404 Improper Resource Shutdown or Release Yes Yes Yes
CWE:405 Asymmetric Resource Consumption (Amplification) No Yes Yes
CWE:406 Insufficient Control of Network Message Volume (Network Amplification) No No No
CWE:407 Inefficient Algorithmic Complexity No No No
CWE:408 Incorrect Behavior Order: Early Amplification No No No
CWE:409 Improper Handling of Highly Compressed Data (Data Amplification) No No No
CWE:410 Insufficient Resource Pool Yes No No
CWE:411 Resource Locking Problems Yes Yes Yes
CWE:412 Unrestricted Externally Accessible Lock No Yes Yes
CWE:413 Improper Resource Locking Yes Yes Yes
CWE:414 Missing Lock Check Yes No No
CWE:415 Double Free Yes No No
CWE:416 Use After Free Yes No No
CWE:417 Communication Channel Errors Yes No No
CWE:418 DEPRECATED: Channel Errors No No No
CWE:419 Unprotected Primary Channel No No No
CWE:420 Unprotected Alternate Channel No No No
CWE:421 Race Condition During Access to Alternate Channel No No No
CWE:422 Unprotected Windows Messaging Channel ('Shatter') No No No
CWE:423 DEPRECATED: Proxied Trusted Channel No No No
CWE:424 Improper Protection of Alternate Path No No No
CWE:425 Direct Request ('Forced Browsing') No No No
CWE:426 Untrusted Search Path Yes No No
CWE:427 Uncontrolled Search Path Element Yes No No
CWE:428 Unquoted Search Path or Element No No No
CWE:429 Handler Errors No No No
CWE:430 Deployment of Wrong Handler No No No
CWE:431 Missing Handler No No No
CWE:432 Dangerous Signal Handler not Disabled During Sensitive Operations No No No
CWE:433 Unparsed Raw Web Content Delivery No No No
CWE:434 Unrestricted Upload of File with Dangerous Type No No No
CWE:435 Improper Interaction Between Multiple Correctly-Behaving Entities Yes Yes Yes
CWE:436 Interpretation Conflict Yes Yes Yes
CWE:437 Incomplete Model of Endpoint Features No No No
CWE:438 Behavioral Problems Yes Yes Yes
CWE:439 Behavioral Change in New Version or Environment No No No
CWE:440 Expected Behavior Violation No Yes Yes
CWE:441 Unintended Proxy or Intermediary ('Confused Deputy') No No No
CWE:442 DEPRECATED: Web Problems No No No
CWE:443 DEPRECATED: HTTP response splitting No No No
CWE:444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') No No No
CWE:445 DEPRECATED: User Interface Errors No No No
CWE:446 UI Discrepancy for Security Feature No No No
CWE:447 Unimplemented or Unsupported Feature in UI No No No
CWE:448 Obsolete Feature in UI No No No
CWE:449 The UI Performs the Wrong Action No No No
CWE:450 Multiple Interpretations of UI Input No No No
CWE:451 User Interface (UI) Misrepresentation of Critical Information Yes No No
CWE:452 Initialization and Cleanup Errors Yes Yes No
CWE:453 Insecure Default Variable Initialization Yes No No
CWE:454 External Initialization of Trusted Variables or Data Stores Yes No No
CWE:455 Non-exit on Failed Initialization No No No
CWE:456 Missing Initialization of a Variable Yes Yes Yes
CWE:457 Use of Uninitialized Variable Yes No No
CWE:458 DEPRECATED: Incorrect Initialization No No No
CWE:459 Incomplete Cleanup Yes Yes No
CWE:460 Improper Cleanup on Thrown Exception No No No
CWE:461 DEPRECATED: Data Structure Issues No No No
CWE:462 Duplicate Key in Associative List (Alist) No No No
CWE:463 Deletion of Data Structure Sentinel No No No
CWE:464 Addition of Data Structure Sentinel No No No
CWE:465 Pointer Issues Yes Yes Yes
CWE:466 Return of Pointer Value Outside of Expected Range Yes No No
CWE:467 Use of sizeof() on a Pointer Type Yes No No
CWE:468 Incorrect Pointer Scaling Yes No No
CWE:469 Use of Pointer Subtraction to Determine Size Yes No No
CWE:470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') No Yes Yes
CWE:471 Modification of Assumed-Immutable Data (MAID) Yes Yes Yes
CWE:472 External Control of Assumed-Immutable Web Parameter No No No
CWE:473 PHP External Variable Modification No No No
CWE:474 Use of Function with Inconsistent Implementations Yes No No
CWE:475 Undefined Behavior for Input to API Yes No No
CWE:476 NULL Pointer Dereference Yes Yes Yes
CWE:477 Use of Obsolete Function Yes Yes Yes
CWE:478 Missing Default Case in Multiple Condition Expression Yes No No
CWE:479 Signal Handler Use of a Non-reentrant Function Yes No No
CWE:480 Use of Incorrect Operator Yes Yes Yes
CWE:481 Assigning instead of Comparing Yes Yes Yes
CWE:482 Comparing instead of Assigning Yes No No
CWE:483 Incorrect Block Delimitation Yes No No
CWE:484 Omitted Break Statement in Switch Yes No No
CWE:485 7PK - Encapsulation Yes Yes Yes
CWE:486 Comparison of Classes by Name No Yes Yes
CWE:487 Reliance on Package-level Scope No Yes No
CWE:488 Exposure of Data Element to Wrong Session No No No
CWE:489 Active Debug Code Yes Yes Yes
CWE:490 DEPRECATED: Mobile Code Issues No No No
CWE:491 Public cloneable() Method Without Final ('Object Hijack') No Yes Yes
CWE:492 Use of Inner Class Containing Sensitive Data No Yes No
CWE:493 Critical Public Variable Without Final Modifier No Yes Yes
CWE:494 Download of Code Without Integrity Check No No No
CWE:495 Private Data Structure Returned From A Public Method No Yes No
CWE:496 Public Data Assigned to Private Array-Typed Field No Yes No
CWE:497 Exposure of Sensitive System Information to an Unauthorized Control Sphere Yes No No
CWE:498 Cloneable Class Containing Sensitive Information No Yes No
CWE:499 Serializable Class Containing Sensitive Data No Yes No
CWE:500 Public Static Field Not Marked Final No No No
CWE:501 Trust Boundary Violation No Yes Yes
CWE:502 Deserialization of Untrusted Data No Yes No
CWE:503 DEPRECATED: Byte/Object Code No No No
CWE:504 DEPRECATED: Motivation/Intent No No No
CWE:505 DEPRECATED: Intentionally Introduced Weakness No No No
CWE:506 Embedded Malicious Code Yes No No
CWE:507 Trojan Horse Yes No No
CWE:508 Non-Replicating Malicious Code Yes No No
CWE:509 Replicating Malicious Code (Virus or Worm) No No No
CWE:510 Trapdoor Yes No No
CWE:511 Logic/Time Bomb Yes No No
CWE:512 Spyware No No No
CWE:513 DEPRECATED: Intentionally Introduced Nonmalicious Weakness No No No
CWE:514 Covert Channel Yes No No
CWE:515 Covert Storage Channel Yes No No
CWE:516 DEPRECATED: Covert Timing Channel No No No
CWE:517 DEPRECATED: Other Intentional, Nonmalicious Weakness No No No
CWE:518 DEPRECATED: Inadvertently Introduced Weakness No No No
CWE:519 DEPRECATED: .NET Environment Issues No No No
CWE:520 .NET Misconfiguration: Use of Impersonation No No No
CWE:521 Weak Password Requirements No No No
CWE:522 Insufficiently Protected Credentials Yes Yes Yes
CWE:523 Unprotected Transport of Credentials Yes No No
CWE:524 Use of Cache Containing Sensitive Information No Yes No
CWE:525 Use of Web Browser Cache Containing Sensitive Information No No No
CWE:526 Cleartext Storage of Sensitive Information in an Environment Variable No No No
CWE:527 Exposure of Version-Control Repository to an Unauthorized Control Sphere No No No
CWE:528 Exposure of Core Dump File to an Unauthorized Control Sphere No No No
CWE:529 Exposure of Access Control List Files to an Unauthorized Control Sphere Yes No No
CWE:530 Exposure of Backup File to an Unauthorized Control Sphere Yes No No
CWE:531 Inclusion of Sensitive Information in Test Code No No No
CWE:532 Insertion of Sensitive Information into Log File Yes No No
CWE:533 DEPRECATED: Information Exposure Through Server Log Files No No No
CWE:534 DEPRECATED: Information Exposure Through Debug Log Files No No No
CWE:535 Exposure of Information Through Shell Error Message No No No
CWE:536 Servlet Runtime Error Message Containing Sensitive Information No No No
CWE:537 Java Runtime Error Message Containing Sensitive Information No Yes No
CWE:538 Insertion of Sensitive Information into Externally-Accessible File or Directory Yes Yes No
CWE:539 Use of Persistent Cookies Containing Sensitive Information No No No
CWE:540 Inclusion of Sensitive Information in Source Code Yes No No
CWE:541 Inclusion of Sensitive Information in an Include File No No No
CWE:542 DEPRECATED: Information Exposure Through Cleanup Log Files No No No
CWE:543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context Yes Yes No
CWE:544 Missing Standardized Error Handling Mechanism No No No
CWE:545 DEPRECATED: Use of Dynamic Class Loading No No No
CWE:546 Suspicious Comment Yes No No
CWE:547 Use of Hard-coded, Security-relevant Constants Yes Yes Yes
CWE:548 Exposure of Information Through Directory Listing No No No
CWE:549 Missing Password Field Masking No No No
CWE:550 Server-generated Error Message Containing Sensitive Information No Yes Yes
CWE:551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization No No No
CWE:552 Files or Directories Accessible to External Parties Yes No No
CWE:553 Command Shell in Externally Accessible Directory No No No
CWE:554 ASP.NET Misconfiguration: Not Using Input Validation Framework No No No
CWE:555 J2EE Misconfiguration: Plaintext Password in Configuration File No No No
CWE:556 ASP.NET Misconfiguration: Use of Identity Impersonation No No No
CWE:557 Concurrency Issues Yes Yes Yes
CWE:558 Use of getlogin() in Multithreaded Application Yes No No
CWE:559 DEPRECATED: Often Misused: Arguments and Parameters No No No
CWE:560 Use of umask() with chmod-style Argument No No No
CWE:561 Dead Code Yes Yes Yes
CWE:562 Return of Stack Variable Address Yes No No
CWE:563 Assignment to Variable without Use Yes Yes Yes
CWE:564 SQL Injection: Hibernate No No No
CWE:565 Reliance on Cookies without Validation and Integrity Checking No No No
CWE:566 Authorization Bypass Through User-Controlled SQL Primary Key No No No
CWE:567 Unsynchronized Access to Shared Data in a Multithreaded Context Yes Yes Yes
CWE:568 finalize() Method Without super.finalize() No Yes No
CWE:569 Expression Issues Yes Yes Yes
CWE:570 Expression is Always False Yes Yes Yes
CWE:571 Expression is Always True Yes Yes Yes
CWE:572 Call to Thread run() instead of start() No Yes Yes
CWE:573 Improper Following of Specification by Caller Yes Yes Yes
CWE:574 EJB Bad Practices: Use of Synchronization Primitives No No No
CWE:575 EJB Bad Practices: Use of AWT Swing No No No
CWE:576 EJB Bad Practices: Use of Java I/O No No No
CWE:577 EJB Bad Practices: Use of Sockets No No No
CWE:578 EJB Bad Practices: Use of Class Loader No No No
CWE:579 J2EE Bad Practices: Non-serializable Object Stored in Session No No No
CWE:580 clone() Method Without super.clone() No Yes No
CWE:581 Object Model Violation: Just One of Equals and Hashcode Defined No Yes Yes
CWE:582 Array Declared Public, Final, and Static No Yes Yes
CWE:583 finalize() Method Declared Public No Yes No
CWE:584 Return Inside Finally Block No No No
CWE:585 Empty Synchronized Block No Yes Yes
CWE:586 Explicit Call to Finalize() No Yes No
CWE:587 Assignment of a Fixed Address to a Pointer Yes No No
CWE:588 Attempt to Access Child of a Non-structure Pointer Yes No No
CWE:589 Call to Non-ubiquitous API Yes No No
CWE:590 Free of Memory not on the Heap Yes No No
CWE:591 Sensitive Data Storage in Improperly Locked Memory No No No
CWE:592 DEPRECATED: Authentication Bypass Issues No No No
CWE:593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created No No No
CWE:594 J2EE Framework: Saving Unserializable Objects to Disk No No No
CWE:595 Comparison of Object References Instead of Object Contents No Yes Yes
CWE:596 DEPRECATED: Incorrect Semantic Object Comparison No No No
CWE:597 Use of Wrong Operator in String Comparison No Yes Yes
CWE:598 Use of GET Request Method With Sensitive Query Strings No No No
CWE:599 Missing Validation of OpenSSL Certificate No No No
CWE:600 Uncaught Exception in Servlet No No No
CWE:601 URL Redirection to Untrusted Site ('Open Redirect') No Yes Yes
CWE:602 Client-Side Enforcement of Server-Side Security No No No
CWE:603 Use of Client-Side Authentication No No No
CWE:604 Deprecated Entries No No No
CWE:605 Multiple Binds to the Same Port Yes No No
CWE:606 Unchecked Input for Loop Condition Yes No No
CWE:607 Public Static Final Field References Mutable Object No Yes Yes
CWE:608 Struts: Non-private Field in ActionForm Class No Yes No
CWE:609 Double-Checked Locking Yes Yes Yes
CWE:610 Externally Controlled Reference to a Resource in Another Sphere Yes Yes Yes
CWE:611 Improper Restriction of XML External Entity Reference No Yes Yes
CWE:612 Improper Authorization of Index Containing Sensitive Information No No No
CWE:613 Insufficient Session Expiration No Yes Yes
CWE:614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute No Yes Yes
CWE:615 Inclusion of Sensitive Information in Source Code Comments Yes No No
CWE:616 Incomplete Identification of Uploaded File Variables (PHP) No No No
CWE:617 Reachable Assertion No No No
CWE:618 Exposed Unsafe ActiveX Method No No No
CWE:619 Dangling Database Cursor ('Cursor Injection') No No No
CWE:620 Unverified Password Change No No No
CWE:621 Variable Extraction Error No No No
CWE:622 Improper Validation of Function Hook Arguments No No No
CWE:623 Unsafe ActiveX Control Marked Safe For Scripting No No No
CWE:624 Executable Regular Expression Error No Yes Yes
CWE:625 Permissive Regular Expression No No No
CWE:626 Null Byte Interaction Error (Poison Null Byte) Yes No No
CWE:627 Dynamic Variable Evaluation No No No
CWE:628 Function Call with Incorrectly Specified Arguments Yes Yes Yes
CWE:629 Weaknesses in OWASP Top Ten (2007) Yes Yes Yes
CWE:630 DEPRECATED: Weaknesses Examined by SAMATE No No No
CWE:631 DEPRECATED: Resource-specific Weaknesses No No No
CWE:632 DEPRECATED: Weaknesses that Affect Files or Directories No No No
CWE:633 DEPRECATED: Weaknesses that Affect Memory No No No
CWE:634 DEPRECATED: Weaknesses that Affect System Processes No No No
CWE:635 Weaknesses Originally Used by NVD from 2008 to 2016 Yes Yes Yes
CWE:636 Not Failing Securely ('Failing Open') No No No
CWE:637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') No No No
CWE:638 Not Using Complete Mediation No No No
CWE:639 Authorization Bypass Through User-Controlled Key No No No
CWE:640 Weak Password Recovery Mechanism for Forgotten Password No No No
CWE:641 Improper Restriction of Names for Files and Other Resources Yes No No
CWE:642 External Control of Critical State Data Yes Yes Yes
CWE:643 Improper Neutralization of Data within XPath Expressions ('XPath Injection') No Yes Yes
CWE:644 Improper Neutralization of HTTP Headers for Scripting Syntax No No No
CWE:645 Overly Restrictive Account Lockout Mechanism No No No
CWE:646 Reliance on File Name or Extension of Externally-Supplied File No No No
CWE:647 Use of Non-Canonical URL Paths for Authorization Decisions No No No
CWE:648 Incorrect Use of Privileged APIs No No No
CWE:649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking No No No
CWE:650 Trusting HTTP Permission Methods on the Server Side No No No
CWE:651 Exposure of WSDL File Containing Sensitive Information Yes No No
CWE:652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') No No No
CWE:653 Improper Isolation or Compartmentalization No No No
CWE:654 Reliance on a Single Factor in a Security Decision No No No
CWE:655 Insufficient Psychological Acceptability No No No
CWE:656 Reliance on Security Through Obscurity No No No
CWE:657 Violation of Secure Design Principles Yes Yes Yes
CWE:658 Weaknesses in Software Written in C Yes Yes Yes
CWE:659 Weaknesses in Software Written in C++ Yes Yes Yes
CWE:660 Weaknesses in Software Written in Java Yes Yes Yes
CWE:661 Weaknesses in Software Written in PHP Yes Yes Yes
CWE:662 Improper Synchronization Yes Yes Yes
CWE:663 Use of a Non-reentrant Function in a Concurrent Context Yes No No
CWE:664 Improper Control of a Resource Through its Lifetime Yes Yes Yes
CWE:665 Improper Initialization Yes Yes Yes
CWE:666 Operation on Resource in Wrong Phase of Lifetime Yes Yes Yes
CWE:667 Improper Locking Yes Yes Yes
CWE:668 Exposure of Resource to Wrong Sphere Yes Yes Yes
CWE:669 Incorrect Resource Transfer Between Spheres Yes No No
CWE:670 Always-Incorrect Control Flow Implementation Yes Yes Yes
CWE:671 Lack of Administrator Control over Security Yes Yes Yes
CWE:672 Operation on a Resource after Expiration or Release Yes Yes Yes
CWE:673 External Influence of Sphere Definition Yes No No
CWE:674 Uncontrolled Recursion Yes Yes Yes
CWE:675 Multiple Operations on Resource in Single-Operation Context Yes No No
CWE:676 Use of Potentially Dangerous Function Yes Yes Yes
CWE:677 Weakness Base Elements Yes Yes Yes
CWE:678 Composites No No No
CWE:679 DEPRECATED: Chain Elements No No No
CWE:680 Integer Overflow to Buffer Overflow Yes No No
CWE:681 Incorrect Conversion between Numeric Types Yes Yes Yes
CWE:682 Incorrect Calculation Yes Yes Yes
CWE:683 Function Call With Incorrect Order of Arguments Yes Yes Yes
CWE:684 Incorrect Provision of Specified Functionality Yes Yes Yes
CWE:685 Function Call With Incorrect Number of Arguments Yes Yes Yes
CWE:686 Function Call With Incorrect Argument Type Yes Yes Yes
CWE:687 Function Call With Incorrectly Specified Argument Value Yes No No
CWE:688 Function Call With Incorrect Variable or Reference as Argument Yes Yes Yes
CWE:689 Permission Race Condition During Resource Copy No No No
CWE:690 Unchecked Return Value to NULL Pointer Dereference Yes Yes Yes
CWE:691 Insufficient Control Flow Management Yes Yes Yes
CWE:692 Incomplete Denylist to Cross-Site Scripting No No No
CWE:693 Protection Mechanism Failure Yes Yes Yes
CWE:694 Use of Multiple Resources with Duplicate Identifier No No No
CWE:695 Use of Low-Level Functionality Yes Yes No
CWE:696 Incorrect Behavior Order Yes No No
CWE:697 Incorrect Comparison Yes Yes Yes
CWE:698 Execution After Redirect (EAR) No Yes Yes
CWE:699 Software Development Yes Yes Yes
CWE:700 Seven Pernicious Kingdoms Yes Yes Yes
CWE:701 Weaknesses Introduced During Design Yes Yes Yes
CWE:702 Weaknesses Introduced During Implementation Yes Yes Yes
CWE:703 Improper Check or Handling of Exceptional Conditions Yes Yes Yes
CWE:704 Incorrect Type Conversion or Cast Yes Yes Yes
CWE:705 Incorrect Control Flow Scoping Yes Yes Yes
CWE:706 Use of Incorrectly-Resolved Name or Reference Yes Yes Yes
CWE:707 Improper Neutralization Yes Yes Yes
CWE:708 Incorrect Ownership Assignment No No No
CWE:709 Named Chains Yes Yes Yes
CWE:710 Improper Adherence to Coding Standards Yes Yes Yes
CWE:711 Weaknesses in OWASP Top Ten (2004) Yes Yes Yes
CWE:712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) Yes Yes Yes
CWE:713 OWASP Top Ten 2007 Category A2 - Injection Flaws Yes Yes Yes
CWE:714 OWASP Top Ten 2007 Category A3 - Malicious File Execution Yes Yes Yes
CWE:715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference Yes Yes Yes
CWE:716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) No No No
CWE:717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling Yes Yes Yes
CWE:718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management Yes Yes Yes
CWE:719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage Yes Yes Yes
CWE:720 OWASP Top Ten 2007 Category A9 - Insecure Communications Yes Yes Yes
CWE:721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access Yes Yes No
CWE:722 OWASP Top Ten 2004 Category A1 - Unvalidated Input Yes Yes Yes
CWE:723 OWASP Top Ten 2004 Category A2 - Broken Access Control Yes Yes Yes
CWE:724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management Yes Yes Yes
CWE:725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws Yes Yes Yes
CWE:726 OWASP Top Ten 2004 Category A5 - Buffer Overflows Yes Yes Yes
CWE:727 OWASP Top Ten 2004 Category A6 - Injection Flaws Yes Yes Yes
CWE:728 OWASP Top Ten 2004 Category A7 - Improper Error Handling Yes Yes Yes
CWE:729 OWASP Top Ten 2004 Category A8 - Insecure Storage Yes Yes Yes
CWE:730 OWASP Top Ten 2004 Category A9 - Denial of Service Yes Yes Yes
CWE:731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management Yes Yes Yes
CWE:732 Incorrect Permission Assignment for Critical Resource Yes Yes No
CWE:733 Compiler Optimization Removal or Modification of Security-critical Code Yes No No
CWE:734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008) Yes Yes Yes
CWE:735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) Yes Yes Yes
CWE:736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) Yes Yes Yes
CWE:737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) Yes Yes Yes
CWE:738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) Yes Yes Yes
CWE:739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) Yes Yes Yes
CWE:740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR) Yes Yes Yes
CWE:741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) Yes Yes Yes
CWE:742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM) Yes Yes Yes
CWE:743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO) Yes Yes Yes
CWE:744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) Yes Yes Yes
CWE:745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) Yes Yes Yes
CWE:746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) Yes Yes Yes
CWE:747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) Yes Yes Yes
CWE:748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) Yes Yes Yes
CWE:749 Exposed Dangerous Method or Function No Yes Yes
CWE:750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors Yes Yes Yes
CWE:751 2009 Top 25 - Insecure Interaction Between Components Yes Yes Yes
CWE:752 2009 Top 25 - Risky Resource Management Yes Yes Yes
CWE:753 2009 Top 25 - Porous Defenses Yes Yes Yes
CWE:754 Improper Check for Unusual or Exceptional Conditions Yes Yes Yes
CWE:755 Improper Handling of Exceptional Conditions Yes Yes Yes
CWE:756 Missing Custom Error Page No Yes No
CWE:757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') No Yes Yes
CWE:758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior Yes No No
CWE:759 Use of a One-Way Hash without a Salt No No No
CWE:760 Use of a One-Way Hash with a Predictable Salt Yes No No
CWE:761 Free of Pointer not at Start of Buffer Yes No No
CWE:762 Mismatched Memory Management Routines Yes No No
CWE:763 Release of Invalid Pointer or Reference Yes No No
CWE:764 Multiple Locks of a Critical Resource Yes No No
CWE:765 Multiple Unlocks of a Critical Resource Yes No No
CWE:766 Critical Data Element Declared Public No Yes No
CWE:767 Access to Critical Private Variable via Public Method No No No
CWE:768 Incorrect Short Circuit Evaluation No Yes Yes
CWE:769 DEPRECATED: Uncontrolled File Descriptor Consumption No No No
CWE:770 Allocation of Resources Without Limits or Throttling Yes Yes Yes
CWE:771 Missing Reference to Active Allocated Resource Yes Yes Yes
CWE:772 Missing Release of Resource after Effective Lifetime Yes Yes Yes
CWE:773 Missing Reference to Active File Descriptor or Handle Yes No No
CWE:774 Allocation of File Descriptors or Handles Without Limits or Throttling No No No
CWE:775 Missing Release of File Descriptor or Handle after Effective Lifetime Yes No No
CWE:776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') No No No
CWE:777 Regular Expression without Anchors No No No
CWE:778 Insufficient Logging No No No
CWE:779 Logging of Excessive Data No No No
CWE:780 Use of RSA Algorithm without OAEP Yes No No
CWE:781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code No No No
CWE:782 Exposed IOCTL with Insufficient Access Control No No No
CWE:783 Operator Precedence Logic Error Yes No No
CWE:784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision No No No
CWE:785 Use of Path Manipulation Function without Maximum-sized Buffer Yes No No
CWE:786 Access of Memory Location Before Start of Buffer Yes No No
CWE:787 Out-of-bounds Write Yes No No
CWE:788 Access of Memory Location After End of Buffer Yes No No
CWE:789 Memory Allocation with Excessive Size Value Yes Yes Yes
CWE:790 Improper Filtering of Special Elements No No No
CWE:791 Incomplete Filtering of Special Elements No No No
CWE:792 Incomplete Filtering of One or More Instances of Special Elements No No No
CWE:793 Only Filtering One Instance of a Special Element No No No
CWE:794 Incomplete Filtering of Multiple Instances of Special Elements No No No
CWE:795 Only Filtering Special Elements at a Specified Location No No No
CWE:796 Only Filtering Special Elements Relative to a Marker No No No
CWE:797 Only Filtering Special Elements at an Absolute Position No No No
CWE:798 Use of Hard-coded Credentials Yes Yes Yes
CWE:799 Improper Control of Interaction Frequency No No No
CWE:800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors Yes Yes Yes
CWE:801 2010 Top 25 - Insecure Interaction Between Components Yes Yes Yes
CWE:802 2010 Top 25 - Risky Resource Management Yes Yes Yes
CWE:803 2010 Top 25 - Porous Defenses Yes Yes Yes
CWE:804 Guessable CAPTCHA No No No
CWE:805 Buffer Access with Incorrect Length Value Yes No No
CWE:806 Buffer Access Using Size of Source Buffer Yes No No
CWE:807 Reliance on Untrusted Inputs in a Security Decision Yes No No
CWE:808 2010 Top 25 - Weaknesses On the Cusp Yes Yes Yes
CWE:809 Weaknesses in OWASP Top Ten (2010) Yes Yes Yes
CWE:810 OWASP Top Ten 2010 Category A1 - Injection Yes Yes Yes
CWE:811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) Yes Yes Yes
CWE:812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management Yes Yes Yes
CWE:813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References Yes Yes Yes
CWE:814 OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF) No No No
CWE:815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration Yes Yes Yes
CWE:816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage Yes Yes Yes
CWE:817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access Yes Yes No
CWE:818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection Yes Yes Yes
CWE:819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards No Yes Yes
CWE:820 Missing Synchronization Yes Yes Yes
CWE:821 Incorrect Synchronization Yes Yes Yes
CWE:822 Untrusted Pointer Dereference Yes No No
CWE:823 Use of Out-of-range Pointer Offset Yes No No
CWE:824 Access of Uninitialized Pointer Yes No No
CWE:825 Expired Pointer Dereference Yes No No
CWE:826 Premature Release of Resource During Expected Lifetime Yes No No
CWE:827 Improper Control of Document Type Definition No No No
CWE:828 Signal Handler with Functionality that is not Asynchronous-Safe Yes No No
CWE:829 Inclusion of Functionality from Untrusted Control Sphere No No No
CWE:830 Inclusion of Web Functionality from an Untrusted Source No No No
CWE:831 Signal Handler Function Associated with Multiple Signals No No No
CWE:832 Unlock of a Resource that is not Locked Yes No No
CWE:833 Deadlock Yes Yes Yes
CWE:834 Excessive Iteration Yes Yes Yes
CWE:835 Loop with Unreachable Exit Condition ('Infinite Loop') Yes No No
CWE:836 Use of Password Hash Instead of Password for Authentication No No No
CWE:837 Improper Enforcement of a Single, Unique Action No No No
CWE:838 Inappropriate Encoding for Output Context No No No
CWE:839 Numeric Range Comparison Without Minimum Check Yes No No
CWE:840 Business Logic Errors Yes Yes Yes
CWE:841 Improper Enforcement of Behavioral Workflow No No No
CWE:842 Placement of User into Incorrect Group No No No
CWE:843 Access of Resource Using Incompatible Type ('Type Confusion') Yes No No
CWE:844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) Yes Yes Yes
CWE:845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS) Yes Yes Yes
CWE:846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL) Yes Yes Yes
CWE:847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) Yes Yes Yes
CWE:848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM) Yes Yes Yes
CWE:849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ) No Yes Yes
CWE:850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) Yes Yes Yes
CWE:851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) Yes Yes Yes
CWE:852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) Yes Yes Yes
CWE:853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK) Yes Yes Yes
CWE:854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI) Yes Yes Yes
CWE:855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) Yes Yes Yes
CWE:856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM) No No No
CWE:857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) Yes Yes Yes
CWE:858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER) Yes Yes Yes
CWE:859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC) Yes Yes Yes
CWE:860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) Yes Yes No
CWE:861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC) Yes Yes Yes
CWE:862 Missing Authorization No No No
CWE:863 Incorrect Authorization Yes No No
CWE:864 2011 Top 25 - Insecure Interaction Between Components Yes Yes Yes
CWE:865 2011 Top 25 - Risky Resource Management Yes Yes Yes
CWE:866 2011 Top 25 - Porous Defenses Yes Yes Yes
CWE:867 2011 Top 25 - Weaknesses On the Cusp Yes Yes Yes
CWE:868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version) Yes Yes Yes
CWE:869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE) No No No
CWE:870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) Yes No No
CWE:871 CERT C++ Secure Coding Section 03 - Expressions (EXP) Yes Yes Yes
CWE:872 CERT C++ Secure Coding Section 04 - Integers (INT) Yes Yes Yes
CWE:873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) Yes Yes Yes
CWE:874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR) Yes Yes Yes
CWE:875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR) Yes Yes Yes
CWE:876 CERT C++ Secure Coding Section 08 - Memory Management (MEM) Yes Yes Yes
CWE:877 CERT C++ Secure Coding Section 09 - Input Output (FIO) Yes Yes Yes
CWE:878 CERT C++ Secure Coding Section 10 - Environment (ENV) Yes Yes Yes
CWE:879 CERT C++ Secure Coding Section 11 - Signals (SIG) Yes Yes Yes
CWE:880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR) Yes Yes Yes
CWE:881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP) Yes No No
CWE:882 CERT C++ Secure Coding Section 14 - Concurrency (CON) Yes Yes Yes
CWE:883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC) Yes Yes Yes
CWE:884 CWE Cross-section Yes Yes Yes
CWE:885 SFP Primary Cluster: Risky Values Yes Yes Yes
CWE:886 SFP Primary Cluster: Unused entities Yes Yes Yes
CWE:887 SFP Primary Cluster: API Yes Yes Yes
CWE:888 Software Fault Pattern (SFP) Clusters Yes Yes Yes
CWE:889 SFP Primary Cluster: Exception Management Yes Yes Yes
CWE:890 SFP Primary Cluster: Memory Access Yes Yes Yes
CWE:891 SFP Primary Cluster: Memory Management Yes No No
CWE:892 SFP Primary Cluster: Resource Management Yes Yes Yes
CWE:893 SFP Primary Cluster: Path Resolution Yes Yes Yes
CWE:894 SFP Primary Cluster: Synchronization Yes Yes Yes
CWE:895 SFP Primary Cluster: Information Leak Yes Yes Yes
CWE:896 SFP Primary Cluster: Tainted Input Yes Yes Yes
CWE:897 SFP Primary Cluster: Entry Points Yes Yes Yes
CWE:898 SFP Primary Cluster: Authentication Yes Yes Yes
CWE:899 SFP Primary Cluster: Access Control Yes Yes Yes
CWE:900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors Yes Yes Yes
CWE:901 SFP Primary Cluster: Privilege Yes No No
CWE:902 SFP Primary Cluster: Channel Yes Yes Yes
CWE:903 SFP Primary Cluster: Cryptography Yes Yes Yes
CWE:904 SFP Primary Cluster: Malware Yes No No
CWE:905 SFP Primary Cluster: Predictability Yes Yes Yes
CWE:906 SFP Primary Cluster: UI Yes Yes Yes
CWE:907 SFP Primary Cluster: Other Yes Yes Yes
CWE:908 Use of Uninitialized Resource Yes No No
CWE:909 Missing Initialization of Resource Yes Yes Yes
CWE:910 Use of Expired File Descriptor Yes No No
CWE:911 Improper Update of Reference Count No No No
CWE:912 Hidden Functionality Yes No No
CWE:913 Improper Control of Dynamically-Managed Code Resources No Yes Yes
CWE:914 Improper Control of Dynamically-Identified Variables No No No
CWE:915 Improperly Controlled Modification of Dynamically-Determined Object Attributes No Yes Yes
CWE:916 Use of Password Hash With Insufficient Computational Effort Yes Yes Yes
CWE:917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') No Yes No
CWE:918 Server-Side Request Forgery (SSRF) No No No
CWE:919 Weaknesses in Mobile Applications Yes Yes Yes
CWE:920 Improper Restriction of Power Consumption No No No
CWE:921 Storage of Sensitive Data in a Mechanism without Access Control No No No
CWE:922 Insecure Storage of Sensitive Information Yes Yes Yes
CWE:923 Improper Restriction of Communication Channel to Intended Endpoints No No No
CWE:924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel No No No
CWE:925 Improper Verification of Intent by Broadcast Receiver No No No
CWE:926 Improper Export of Android Application Components No No No
CWE:927 Use of Implicit Intent for Sensitive Communication No No No
CWE:928 Weaknesses in OWASP Top Ten (2013) Yes Yes Yes
CWE:929 OWASP Top Ten 2013 Category A1 - Injection Yes Yes Yes
CWE:930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management Yes Yes Yes
CWE:931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS) Yes Yes Yes
CWE:932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References Yes Yes Yes
CWE:933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration Yes Yes Yes
CWE:934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure Yes Yes Yes
CWE:935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control Yes Yes No
CWE:936 OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF) No No No
CWE:937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities No No No
CWE:938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards No Yes Yes
CWE:939 Improper Authorization in Handler for Custom URL Scheme No No No
CWE:940 Improper Verification of Source of a Communication Channel No No No
CWE:941 Incorrectly Specified Destination in a Communication Channel No No No
CWE:942 Permissive Cross-domain Policy with Untrusted Domains No No No
CWE:943 Improper Neutralization of Special Elements in Data Query Logic Yes Yes Yes
CWE:944 SFP Secondary Cluster: Access Management Yes Yes Yes
CWE:945 SFP Secondary Cluster: Insecure Resource Access Yes Yes No
CWE:946 SFP Secondary Cluster: Insecure Resource Permissions Yes Yes No
CWE:947 SFP Secondary Cluster: Authentication Bypass Yes Yes Yes
CWE:948 SFP Secondary Cluster: Digital Certificate No No No
CWE:949 SFP Secondary Cluster: Faulty Endpoint Authentication Yes Yes No
CWE:950 SFP Secondary Cluster: Hardcoded Sensitive Data Yes Yes Yes
CWE:951 SFP Secondary Cluster: Insecure Authentication Policy No Yes Yes
CWE:952 SFP Secondary Cluster: Missing Authentication No No No
CWE:953 SFP Secondary Cluster: Missing Endpoint Authentication No No No
CWE:954 SFP Secondary Cluster: Multiple Binds to the Same Port Yes No No
CWE:955 SFP Secondary Cluster: Unrestricted Authentication No No No
CWE:956 SFP Secondary Cluster: Channel Attack Yes No No
CWE:957 SFP Secondary Cluster: Protocol Error Yes Yes Yes
CWE:958 SFP Secondary Cluster: Broken Cryptography Yes Yes Yes
CWE:959 SFP Secondary Cluster: Weak Cryptography Yes Yes Yes
CWE:960 SFP Secondary Cluster: Ambiguous Exception Type Yes Yes Yes
CWE:961 SFP Secondary Cluster: Incorrect Exception Behavior Yes Yes Yes
CWE:962 SFP Secondary Cluster: Unchecked Status Condition Yes Yes Yes
CWE:963 SFP Secondary Cluster: Exposed Data Yes Yes Yes
CWE:964 SFP Secondary Cluster: Exposure Temporary File Yes No No
CWE:965 SFP Secondary Cluster: Insecure Session Management No Yes No
CWE:966 SFP Secondary Cluster: Other Exposures Yes Yes Yes
CWE:967 SFP Secondary Cluster: State Disclosure Yes No No
CWE:968 SFP Secondary Cluster: Covert Channel Yes No No
CWE:969 SFP Secondary Cluster: Faulty Memory Release Yes No No
CWE:970 SFP Secondary Cluster: Faulty Buffer Access Yes No No
CWE:971 SFP Secondary Cluster: Faulty Pointer Use Yes Yes Yes
CWE:972 SFP Secondary Cluster: Faulty String Expansion Yes No No
CWE:973 SFP Secondary Cluster: Improper NULL Termination Yes No No
CWE:974 SFP Secondary Cluster: Incorrect Buffer Length Computation Yes No No
CWE:975 SFP Secondary Cluster: Architecture Yes Yes Yes
CWE:976 SFP Secondary Cluster: Compiler Yes No No
CWE:977 SFP Secondary Cluster: Design Yes Yes Yes
CWE:978 SFP Secondary Cluster: Implementation Yes Yes Yes
CWE:979 SFP Secondary Cluster: Failed Chroot Jail Yes No No
CWE:980 SFP Secondary Cluster: Link in Resource Name Resolution Yes Yes Yes
CWE:981 SFP Secondary Cluster: Path Traversal Yes Yes Yes
CWE:982 SFP Secondary Cluster: Failure to Release Resource Yes Yes Yes
CWE:983 SFP Secondary Cluster: Faulty Resource Use Yes Yes Yes
CWE:984 SFP Secondary Cluster: Life Cycle Yes Yes Yes
CWE:985 SFP Secondary Cluster: Unrestricted Consumption Yes Yes Yes
CWE:986 SFP Secondary Cluster: Missing Lock Yes Yes Yes
CWE:987 SFP Secondary Cluster: Multiple Locks/Unlocks Yes Yes Yes
CWE:988 SFP Secondary Cluster: Race Condition Window Yes Yes No
CWE:989 SFP Secondary Cluster: Unrestricted Lock No Yes Yes
CWE:990 SFP Secondary Cluster: Tainted Input to Command Yes Yes Yes
CWE:991 SFP Secondary Cluster: Tainted Input to Environment Yes Yes Yes
CWE:992 SFP Secondary Cluster: Faulty Input Transformation Yes Yes Yes
CWE:993 SFP Secondary Cluster: Incorrect Input Handling Yes No No
CWE:994 SFP Secondary Cluster: Tainted Input to Variable Yes Yes Yes
CWE:995 SFP Secondary Cluster: Feature Yes No No
CWE:996 SFP Secondary Cluster: Security No No No
CWE:997 SFP Secondary Cluster: Information Loss Yes Yes Yes
CWE:998 SFP Secondary Cluster: Glitch in Computation Yes Yes Yes
CWE:999 DEPRECATED: Weaknesses without Software Fault Patterns No No No
CWE:1000 Research Concepts Yes Yes Yes
CWE:1001 SFP Secondary Cluster: Use of an Improper API Yes Yes Yes
CWE:1002 SFP Secondary Cluster: Unexpected Entry Points Yes Yes Yes
CWE:1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Yes Yes Yes
CWE:1004 Sensitive Cookie Without 'HttpOnly' Flag No No No
CWE:1005 7PK - Input Validation and Representation Yes Yes Yes
CWE:1006 Bad Coding Practices Yes Yes Yes
CWE:1007 Insufficient Visual Distinction of Homoglyphs Presented to User Yes No No
CWE:1008 Architectural Concepts Yes Yes Yes
CWE:1009 Audit Yes Yes Yes
CWE:1010 Authenticate Actors Yes Yes Yes
CWE:1011 Authorize Actors Yes Yes Yes
CWE:1012 Cross Cutting Yes Yes Yes
CWE:1013 Encrypt Data Yes Yes Yes
CWE:1014 Identify Actors No Yes No
CWE:1015 Limit Access Yes Yes Yes
CWE:1016 Limit Exposure No Yes Yes
CWE:1017 Lock Computer No No No
CWE:1018 Manage User Sessions No Yes Yes
CWE:1019 Validate Inputs Yes Yes Yes
CWE:1020 Verify Message Integrity Yes Yes Yes
CWE:1021 Improper Restriction of Rendered UI Layers or Frames No No No
CWE:1022 Use of Web Link to Untrusted Target with window.opener Access No No No
CWE:1023 Incomplete Comparison with Missing Factors Yes Yes Yes
CWE:1024 Comparison of Incompatible Types No Yes Yes
CWE:1025 Comparison Using Wrong Factors Yes Yes Yes
CWE:1026 Weaknesses in OWASP Top Ten (2017) Yes Yes Yes
CWE:1027 OWASP Top Ten 2017 Category A1 - Injection Yes Yes Yes
CWE:1028 OWASP Top Ten 2017 Category A2 - Broken Authentication Yes Yes Yes
CWE:1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure Yes Yes Yes
CWE:1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) Yes Yes Yes
CWE:1031 OWASP Top Ten 2017 Category A5 - Broken Access Control Yes Yes Yes
CWE:1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration Yes Yes Yes
CWE:1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) Yes Yes Yes
CWE:1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization Yes Yes Yes
CWE:1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Yes Yes Yes
CWE:1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring Yes No No
CWE:1037 Processor Optimization Removal or Modification of Security-critical Code Yes No No
CWE:1038 Insecure Automated Optimizations Yes No No
CWE:1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations No No No
CWE:1040 Quality Weaknesses with Indirect Security Impacts Yes Yes Yes
CWE:1041 Use of Redundant Code Yes Yes Yes
CWE:1042 Static Member Data Element outside of a Singleton Class Element No No No
CWE:1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements No No No
CWE:1044 Architecture with Number of Horizontal Layers Outside of Expected Range No No No
CWE:1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor No No No
CWE:1046 Creation of Immutable Text Using String Concatenation No No No
CWE:1047 Modules with Circular Dependencies No No No
CWE:1048 Invokable Control Element with Large Number of Outward Calls No No No
CWE:1049 Excessive Data Query Operations in a Large Data Table No No No
CWE:1050 Excessive Platform Resource Consumption within a Loop No No No
CWE:1051 Initialization with Hard-Coded Network Resource Configuration Data No No No
CWE:1052 Excessive Use of Hard-Coded Literals in Initialization No No No
CWE:1053 Missing Documentation for Design No No No
CWE:1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer No No No
CWE:1055 Multiple Inheritance from Concrete Classes Yes No No
CWE:1056 Invokable Control Element with Variadic Parameters Yes No No
CWE:1057 Data Access Operations Outside of Expected Data Manager Component No No No
CWE:1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element No No No
CWE:1059 Insufficient Technical Documentation No No No
CWE:1060 Excessive Number of Inefficient Server-Side Data Accesses No No No
CWE:1061 Insufficient Encapsulation Yes Yes Yes
CWE:1062 Parent Class with References to Child Class No No No
CWE:1063 Creation of Class Instance within a Static Code Block No No No
CWE:1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters Yes No No
CWE:1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers No No No
CWE:1066 Missing Serialization Control Element No No No
CWE:1067 Excessive Execution of Sequential Searches of Data Resource No No No
CWE:1068 Inconsistency Between Implementation and Documented Design No No No
CWE:1069 Empty Exception Block No No No
CWE:1070 Serializable Data Element Containing non-Serializable Item Elements No No No
CWE:1071 Empty Code Block Yes Yes Yes
CWE:1072 Data Resource Access without Use of Connection Pooling No No No
CWE:1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses No No No
CWE:1074 Class with Excessively Deep Inheritance No No No
CWE:1075 Unconditional Control Flow Transfer outside of Switch Block Yes No No
CWE:1076 Insufficient Adherence to Expected Conventions Yes Yes Yes
CWE:1077 Floating Point Comparison with Incorrect Operator Yes Yes Yes
CWE:1078 Inappropriate Source Code Style or Formatting Yes Yes Yes
CWE:1079 Parent Class without Virtual Destructor Method Yes No No
CWE:1080 Source Code File with Excessive Number of Lines of Code Yes No No
CWE:1081 Entries with Maintenance Notes Yes Yes Yes
CWE:1082 Class Instance Self Destruction Control Element No No No
CWE:1083 Data Access from Outside Expected Data Manager Component No No No
CWE:1084 Invokable Control Element with Excessive File or Data Access Operations No No No
CWE:1085 Invokable Control Element with Excessive Volume of Commented-out Code Yes No No
CWE:1086 Class with Excessive Number of Child Classes No No No
CWE:1087 Class with Virtual Method without a Virtual Destructor Yes No No
CWE:1088 Synchronous Access of Remote Resource without Timeout No No No
CWE:1089 Large Data Table with Excessive Number of Indices No No No
CWE:1090 Method Containing Access of a Member Element from Another Class No No No
CWE:1091 Use of Object without Invoking Destructor Method Yes No No
CWE:1092 Use of Same Invokable Control Element in Multiple Architectural Layers No No No
CWE:1093 Excessively Complex Data Representation Yes No No
CWE:1094 Excessive Index Range Scan for a Data Resource No No No
CWE:1095 Loop Condition Value Update within the Loop No No No
CWE:1096 Singleton Class Instance Creation without Proper Locking or Synchronization No No No
CWE:1097 Persistent Storable Data Element without Associated Comparison Control Element No Yes Yes
CWE:1098 Data Element containing Pointer Item without Proper Copy Control Element No No No
CWE:1099 Inconsistent Naming Conventions for Identifiers Yes No No
CWE:1100 Insufficient Isolation of System-Dependent Functions No No No
CWE:1101 Reliance on Runtime Component in Generated Code No No No
CWE:1102 Reliance on Machine-Dependent Data Representation No No No
CWE:1103 Use of Platform-Dependent Third Party Components No No No
CWE:1104 Use of Unmaintained Third Party Components No No No
CWE:1105 Insufficient Encapsulation of Machine-Dependent Functionality Yes No No
CWE:1106 Insufficient Use of Symbolic Constants Yes No No
CWE:1107 Insufficient Isolation of Symbolic Constant Definitions No No No
CWE:1108 Excessive Reliance on Global Variables No No No
CWE:1109 Use of Same Variable for Multiple Purposes No No No
CWE:1110 Incomplete Design Documentation No No No
CWE:1111 Incomplete I/O Documentation No No No
CWE:1112 Incomplete Documentation of Program Execution No No No
CWE:1113 Inappropriate Comment Style No No No
CWE:1114 Inappropriate Whitespace Style No No No
CWE:1115 Source Code Element without Standard Prologue No No No
CWE:1116 Inaccurate Comments No No No
CWE:1117 Callable with Insufficient Behavioral Summary No No No
CWE:1118 Insufficient Documentation of Error Handling Techniques No No No
CWE:1119 Excessive Use of Unconditional Branching No No No
CWE:1120 Excessive Code Complexity Yes No No
CWE:1121 Excessive McCabe Cyclomatic Complexity Yes No No
CWE:1122 Excessive Halstead Complexity No No No
CWE:1123 Excessive Use of Self-Modifying Code No No No
CWE:1124 Excessively Deep Nesting No No No
CWE:1125 Excessive Attack Surface No No No
CWE:1126 Declaration of Variable with Unnecessarily Wide Scope Yes Yes Yes
CWE:1127 Compilation with Insufficient Warnings or Errors Yes No No
CWE:1128 CISQ Quality Measures (2016) Yes Yes Yes
CWE:1129 CISQ Quality Measures (2016) - Reliability Yes Yes Yes
CWE:1130 CISQ Quality Measures (2016) - Maintainability Yes Yes Yes
CWE:1131 CISQ Quality Measures (2016) - Security Yes Yes Yes
CWE:1132 CISQ Quality Measures (2016) - Performance Efficiency Yes No No
CWE:1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java Yes Yes Yes
CWE:1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS) Yes Yes Yes
CWE:1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL) Yes Yes Yes
CWE:1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP) Yes Yes Yes
CWE:1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) Yes Yes Yes
CWE:1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR) No No No
CWE:1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ) No Yes Yes
CWE:1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET) Yes Yes Yes
CWE:1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR) Yes Yes Yes
CWE:1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA) Yes Yes Yes
CWE:1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK) Yes Yes Yes
CWE:1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI) No Yes Yes
CWE:1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS) Yes Yes Yes
CWE:1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM) No No No
CWE:1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO) Yes Yes Yes
CWE:1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER) Yes Yes Yes
CWE:1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC) Yes Yes No
CWE:1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV) Yes Yes No
CWE:1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI) No No No
CWE:1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC) Yes Yes Yes
CWE:1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD) No Yes No
CWE:1154 Weaknesses Addressed by the SEI CERT C Coding Standard Yes Yes Yes
CWE:1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) Yes No No
CWE:1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) Yes No No
CWE:1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) Yes Yes Yes
CWE:1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) Yes Yes Yes
CWE:1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) Yes Yes Yes
CWE:1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) Yes No No
CWE:1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) Yes Yes Yes
CWE:1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) Yes Yes Yes
CWE:1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) Yes Yes Yes
CWE:1164 Irrelevant Code Yes Yes Yes
CWE:1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) Yes Yes Yes
CWE:1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) Yes Yes Yes
CWE:1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) Yes Yes Yes
CWE:1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API) Yes No No
CWE:1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON) Yes Yes Yes
CWE:1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) Yes Yes Yes
CWE:1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) Yes Yes Yes
CWE:1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) Yes No No
CWE:1173 Improper Use of Validation Framework No Yes No
CWE:1174 ASP.NET Misconfiguration: Improper Model Validation No No No
CWE:1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON) No No No
CWE:1176 Inefficient CPU Computation No Yes Yes
CWE:1177 Use of Prohibited Code Yes Yes Yes
CWE:1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard Yes Yes Yes
CWE:1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS) Yes Yes Yes
CWE:1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL) Yes Yes Yes
CWE:1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP) Yes Yes Yes
CWE:1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT) Yes Yes Yes
CWE:1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR) No No No
CWE:1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP) No No No
CWE:1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO) No No No
CWE:1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC) Yes Yes Yes
CWE:1187 DEPRECATED: Use of Uninitialized Resource No No No
CWE:1188 Initialization of a Resource with an Insecure Default Yes No No
CWE:1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC) No No No
CWE:1190 DMA Device Enabled Too Early in Boot Phase No No No
CWE:1191 On-Chip Debug and Test Interface With Improper Access Control No No No
CWE:1192 Improper Identifier for IP Block used in System-On-Chip (SOC) No No No
CWE:1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control No No No
CWE:1194 Hardware Design Yes Yes Yes
CWE:1195 Manufacturing and Life Cycle Management Concerns No No No
CWE:1196 Security Flow Issues No No No
CWE:1197 Integration Issues No No No
CWE:1198 Privilege Separation and Access Control Issues No No No
CWE:1199 General Circuit and Logic Design Concerns No No No
CWE:1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors Yes Yes Yes
CWE:1201 Core and Compute Issues No No No
CWE:1202 Memory and Storage Issues Yes No No
CWE:1203 Peripherals, On-chip Fabric, and Interface/IO Problems No No No
CWE:1204 Generation of Weak Initialization Vector (IV) Yes Yes Yes
CWE:1205 Security Primitives and Cryptography Issues Yes Yes Yes
CWE:1206 Power, Clock, Thermal, and Reset Concerns No No No
CWE:1207 Debug and Test Problems Yes Yes Yes
CWE:1208 Cross-Cutting Problems No Yes Yes
CWE:1209 Failure to Disable Reserved Bits No No No
CWE:1210 Audit / Logging Errors Yes Yes Yes
CWE:1211 Authentication Errors Yes Yes No
CWE:1212 Authorization Errors Yes No No
CWE:1213 Random Number Issues Yes Yes Yes
CWE:1214 Data Integrity Issues No Yes No
CWE:1215 Data Validation Issues Yes Yes No
CWE:1216 Lockout Mechanism Errors No No No
CWE:1217 User Session Errors No Yes Yes
CWE:1218 Memory Buffer Errors Yes No No
CWE:1219 File Handling Issues Yes Yes Yes
CWE:1220 Insufficient Granularity of Access Control No No No
CWE:1221 Incorrect Register Defaults or Module Parameters No No No
CWE:1222 Insufficient Granularity of Address Regions Protected by Register Locks No No No
CWE:1223 Race Condition for Write-Once Attributes No No No
CWE:1224 Improper Restriction of Write-Once Bit Fields No No No
CWE:1225 Documentation Issues No No No
CWE:1226 Complexity Issues Yes No No
CWE:1227 Encapsulation Issues Yes No No
CWE:1228 API / Function Errors Yes Yes Yes
CWE:1229 Creation of Emergent Resource Yes No No
CWE:1230 Exposure of Sensitive Information Through Metadata Yes No No
CWE:1231 Improper Prevention of Lock Bit Modification No No No
CWE:1232 Improper Lock Behavior After Power State Transition No No No
CWE:1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection No No No
CWE:1234 Hardware Internal or Debug Modes Allow Override of Locks No No No
CWE:1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations No Yes No
CWE:1236 Improper Neutralization of Formula Elements in a CSV File No No No
CWE:1237 SFP Primary Cluster: Faulty Resource Release Yes No No
CWE:1238 SFP Primary Cluster: Failure to Release Memory Yes No No
CWE:1239 Improper Zeroization of Hardware Register No No No
CWE:1240 Use of a Cryptographic Primitive with a Risky Implementation No No No
CWE:1241 Use of Predictable Algorithm in Random Number Generator No No No
CWE:1242 Inclusion of Undocumented Features or Chicken Bits No No No
CWE:1243 Sensitive Non-Volatile Information Not Protected During Debug No No No
CWE:1244 Internal Asset Exposed to Unsafe Debug Access Level or State No No No
CWE:1245 Improper Finite State Machines (FSMs) in Hardware Logic No No No
CWE:1246 Improper Write Handling in Limited-write Non-Volatile Memories No No No
CWE:1247 Improper Protection Against Voltage and Clock Glitches No No No
CWE:1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications No No No
CWE:1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System No No No
CWE:1250 Improper Preservation of Consistency Between Independent Representations of Shared State No No No
CWE:1251 Mirrored Regions with Different Values No No No
CWE:1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations No No No
CWE:1253 Incorrect Selection of Fuse Values No No No
CWE:1254 Incorrect Comparison Logic Granularity No No No
CWE:1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks No No No
CWE:1256 Improper Restriction of Software Interfaces to Hardware Features No No No
CWE:1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions No No No
CWE:1258 Exposure of Sensitive System Information Due to Uncleared Debug Information No No No
CWE:1259 Improper Restriction of Security Token Assignment No No No
CWE:1260 Improper Handling of Overlap Between Protected Memory Ranges No No No
CWE:1261 Improper Handling of Single Event Upsets No No No
CWE:1262 Improper Access Control for Register Interface No No No
CWE:1263 Improper Physical Access Control No No No
CWE:1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels No No No
CWE:1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls No No No
CWE:1266 Improper Scrubbing of Sensitive Data from Decommissioned Device No No No
CWE:1267 Policy Uses Obsolete Encoding No No No
CWE:1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents No No No
CWE:1269 Product Released in Non-Release Configuration No No No
CWE:1270 Generation of Incorrect Security Tokens No No No
CWE:1271 Uninitialized Value on Reset for Registers Holding Security Settings No No No
CWE:1272 Sensitive Information Uncleared Before Debug/Power State Transition No No No
CWE:1273 Device Unlock Credential Sharing No No No
CWE:1274 Improper Access Control for Volatile Memory Containing Boot Code No No No
CWE:1275 Sensitive Cookie with Improper SameSite Attribute No No No
CWE:1276 Hardware Child Block Incorrectly Connected to Parent System No No No
CWE:1277 Firmware Not Updateable No No No
CWE:1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques No No No
CWE:1279 Cryptographic Operations are run Before Supporting Units are Ready No No No
CWE:1280 Access Control Check Implemented After Asset is Accessed No No No
CWE:1281 Sequence of Processor Instructions Leads to Unexpected Behavior No No No
CWE:1282 Assumed-Immutable Data is Stored in Writable Memory No No No
CWE:1283 Mutable Attestation or Measurement Reporting Data No No No
CWE:1284 Improper Validation of Specified Quantity in Input Yes No No
CWE:1285 Improper Validation of Specified Index, Position, or Offset in Input Yes No No
CWE:1286 Improper Validation of Syntactic Correctness of Input No No No
CWE:1287 Improper Validation of Specified Type of Input No No No
CWE:1288 Improper Validation of Consistency within Input No No No
CWE:1289 Improper Validation of Unsafe Equivalence in Input No No No
CWE:1290 Incorrect Decoding of Security Identifiers No No No
CWE:1291 Public Key Re-Use for Signing both Debug and Production Code No No No
CWE:1292 Incorrect Conversion of Security Identifiers No No No
CWE:1293 Missing Source Correlation of Multiple Independent Data No No No
CWE:1294 Insecure Security Identifier Mechanism No No No
CWE:1295 Debug Messages Revealing Unnecessary Information Yes No No
CWE:1296 Incorrect Chaining or Granularity of Debug Components No No No
CWE:1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors No No No
CWE:1298 Hardware Logic Contains Race Conditions No No No
CWE:1299 Missing Protection Mechanism for Alternate Hardware Interface No No No
CWE:1300 Improper Protection of Physical Side Channels No No No
CWE:1301 Insufficient or Incomplete Data Removal within Hardware Component No No No
CWE:1302 Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) No No No
CWE:1303 Non-Transparent Sharing of Microarchitectural Resources No No No
CWE:1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation No No No
CWE:1305 CISQ Quality Measures (2020) Yes Yes Yes
CWE:1306 CISQ Quality Measures - Reliability Yes Yes Yes
CWE:1307 CISQ Quality Measures - Maintainability Yes Yes Yes
CWE:1308 CISQ Quality Measures - Security Yes Yes Yes
CWE:1309 CISQ Quality Measures - Efficiency Yes Yes Yes
CWE:1310 Missing Ability to Patch ROM Code No No No
CWE:1311 Improper Translation of Security Attributes by Fabric Bridge No No No
CWE:1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall No No No
CWE:1313 Hardware Allows Activation of Test or Debug Logic at Runtime No No No
CWE:1314 Missing Write Protection for Parametric Data Values No No No
CWE:1315 Improper Setting of Bus Controlling Capability in Fabric End-point No No No
CWE:1316 Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges No No No
CWE:1317 Improper Access Control in Fabric Bridge No No No
CWE:1318 Missing Support for Security Features in On-chip Fabrics or Buses No No No
CWE:1319 Improper Protection against Electromagnetic Fault Injection (EM-FI) No No No
CWE:1320 Improper Protection for Outbound Error Messages and Alert Signals No No No
CWE:1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') No No No
CWE:1322 Use of Blocking Code in Single-threaded, Non-blocking Context No No No
CWE:1323 Improper Management of Sensitive Trace Data No No No
CWE:1324 DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface No No No
CWE:1325 Improperly Controlled Sequential Memory Allocation No No No
CWE:1326 Missing Immutable Root of Trust in Hardware No No No
CWE:1327 Binding to an Unrestricted IP Address No No No
CWE:1328 Security Version Number Mutable to Older Versions No No No
CWE:1329 Reliance on Component That is Not Updateable No No No
CWE:1330 Remanent Data Readable after Memory Erase No No No
CWE:1331 Improper Isolation of Shared Resources in Network On Chip (NoC) No No No
CWE:1332 Improper Handling of Faults that Lead to Instruction Skips No No No
CWE:1333 Inefficient Regular Expression Complexity No No No
CWE:1334 Unauthorized Error Injection Can Degrade Hardware Redundancy No No No
CWE:1335 Incorrect Bitwise Shift of Integer Yes No No
CWE:1336 Improper Neutralization of Special Elements Used in a Template Engine No No No
CWE:1337 Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses Yes Yes Yes
CWE:1338 Improper Protections Against Hardware Overheating No No No
CWE:1339 Insufficient Precision or Accuracy of a Real Number No Yes Yes
CWE:1340 CISQ Data Protection Measures Yes Yes Yes
CWE:1341 Multiple Releases of Same Resource or Handle Yes No No
CWE:1342 Information Exposure through Microarchitectural State after Transient Execution No No No
CWE:1343 Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List No No No
CWE:1344 Weaknesses in OWASP Top Ten (2021) Yes Yes Yes
CWE:1345 OWASP Top Ten 2021 Category A01:2021 - Broken Access Control Yes Yes Yes
CWE:1346 OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures Yes Yes Yes
CWE:1347 OWASP Top Ten 2021 Category A03:2021 - Injection Yes Yes Yes
CWE:1348 OWASP Top Ten 2021 Category A04:2021 - Insecure Design Yes Yes Yes
CWE:1349 OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration Yes Yes Yes
CWE:1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses Yes Yes Yes
CWE:1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments No No No
CWE:1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components Yes Yes Yes
CWE:1353 OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures Yes Yes Yes
CWE:1354 OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures Yes Yes Yes
CWE:1355 OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures Yes Yes Yes
CWE:1356 OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF) No No No
CWE:1357 Reliance on Insufficiently Trustworthy Component No No No
CWE:1358 Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS Yes Yes Yes
CWE:1359 ICS Communications Yes Yes Yes
CWE:1360 ICS Dependencies (& Architecture) Yes Yes Yes
CWE:1361 ICS Supply Chain Yes Yes Yes
CWE:1362 ICS Engineering (Constructions/Deployment) Yes Yes Yes
CWE:1363 ICS Operations (& Maintenance) Yes Yes Yes
CWE:1364 ICS Communications: Zone Boundary Failures Yes Yes Yes
CWE:1365 ICS Communications: Unreliability Yes Yes No
CWE:1366 ICS Communications: Frail Security in Protocols Yes Yes Yes
CWE:1367 ICS Dependencies (& Architecture): External Physical Systems No No No
CWE:1368 ICS Dependencies (& Architecture): External Digital Systems Yes Yes Yes
CWE:1369 ICS Supply Chain: IT/OT Convergence/Expansion Yes Yes Yes
CWE:1370 ICS Supply Chain: Common Mode Frailties Yes Yes Yes
CWE:1371 ICS Supply Chain: Poorly Documented or Undocumented Features Yes Yes Yes
CWE:1372 ICS Supply Chain: OT Counterfeit and Malicious Corruption Yes Yes Yes
CWE:1373 ICS Engineering (Construction/Deployment): Trust Model Problems Yes Yes No
CWE:1374 ICS Engineering (Construction/Deployment): Maker Breaker Blindness No No No
CWE:1375 ICS Engineering (Construction/Deployment): Gaps in Details/Data Yes Yes Yes
CWE:1376 ICS Engineering (Construction/Deployment): Security Gaps in Commissioning Yes Yes No
CWE:1377 ICS Engineering (Construction/Deployment): Inherent Predictability in Design No No No
CWE:1378 ICS Operations (& Maintenance): Gaps in obligations and training No No No
CWE:1379 ICS Operations (& Maintenance): Human factors in ICS environments Yes No No
CWE:1380 ICS Operations (& Maintenance): Post-analysis changes No No No
CWE:1381 ICS Operations (& Maintenance): Exploitable Standard Operational Procedures No No No
CWE:1382 ICS Operations (& Maintenance): Emerging Energy Technologies Yes Yes Yes
CWE:1383 ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements Yes Yes Yes
CWE:1384 Improper Handling of Physical or Environmental Conditions No No No
CWE:1385 Missing Origin Validation in WebSockets No No No
CWE:1386 Insecure Operation on Windows Junction / Mount Point No No No
CWE:1387 Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses Yes Yes Yes
CWE:1388 Physical Access Issues and Concerns No No No
CWE:1389 Incorrect Parsing of Numbers with Different Radices Yes No No
CWE:1390 Weak Authentication Yes Yes Yes
CWE:1391 Use of Weak Credentials Yes Yes Yes
CWE:1392 Use of Default Credentials No No No
CWE:1393 Use of Default Password No No No
CWE:1394 Use of Default Cryptographic Key No No No
CWE:1395 Dependency on Vulnerable Third-Party Component No No No
CWE:1396 Comprehensive Categorization: Access Control Yes Yes Yes
CWE:1397 Comprehensive Categorization: Comparison Yes Yes Yes
CWE:1398 Comprehensive Categorization: Component Interaction Yes Yes Yes
CWE:1399 Comprehensive Categorization: Memory Safety Yes Yes Yes
CWE:1400 Comprehensive Categorization for Software Assurance Trends Yes Yes Yes
CWE:1401 Comprehensive Categorization: Concurrency Yes Yes Yes
CWE:1402 Comprehensive Categorization: Encryption Yes Yes Yes
CWE:1403 Comprehensive Categorization: Exposed Resource Yes Yes Yes
CWE:1404 Comprehensive Categorization: File Handling Yes Yes Yes
CWE:1405 Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions Yes Yes Yes
CWE:1406 Comprehensive Categorization: Improper Input Validation Yes Yes Yes
CWE:1407 Comprehensive Categorization: Improper Neutralization Yes Yes Yes
CWE:1408 Comprehensive Categorization: Incorrect Calculation Yes Yes Yes
CWE:1409 Comprehensive Categorization: Injection Yes Yes Yes
CWE:1410 Comprehensive Categorization: Insufficient Control Flow Management Yes Yes Yes
CWE:1411 Comprehensive Categorization: Insufficient Verification of Data Authenticity No Yes No
CWE:1412 Comprehensive Categorization: Poor Coding Practices Yes Yes Yes
CWE:1413 Comprehensive Categorization: Protection Mechanism Failure Yes Yes Yes
CWE:1414 Comprehensive Categorization: Randomness Yes Yes Yes
CWE:1415 Comprehensive Categorization: Resource Control Yes Yes Yes
CWE:1416 Comprehensive Categorization: Resource Lifecycle Management Yes Yes Yes
CWE:1417 Comprehensive Categorization: Sensitive Information Exposure Yes Yes Yes
CWE:1418 Comprehensive Categorization: Violation of Secure Design Principles Yes Yes Yes
CWE:1419 Incorrect Initialization of Resource Yes No No
CWE:1420 Exposure of Sensitive Information during Transient Execution No No No
CWE:1421 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution No No No
CWE:1422 Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution No No No
CWE:1423 Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution No No No
CWE:1424 Weaknesses Addressed by ISA/IEC 62443 Requirements Yes Yes Yes
CWE:1425 Weaknesses in the 2023 CWE Top 25 Most Dangerous Software Weaknesses Yes Yes Yes
CWE:1426 Improper Validation of Generative AI Output No No No
CWE:2000 Comprehensive CWE Dictionary Yes Yes Yes
Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more
White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X