{"CWE-20: Improper Input Validation": 0, "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer": 1, "CWE-327: Use of a Broken or Risky Cryptographic Algorithm": 2, "CWE-252: Unchecked Return Value": 3, "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor": 4, "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')": 5, "CWE-287: Improper Authentication": 6, "CWE-384: Session Fixation": 7, "CWE-94: Improper Control of Generation of Code ('Code Injection')": 8, "CWE-59: Improper Link Resolution Before File Access ('Link Following')": 9, "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')": 10, "CWE-665: Improper Initialization": 11, "CWE-798: Use of Hard-coded Credentials": 12, "CWE-209: Generation of Error Message Containing Sensitive Information": 13, "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')": 14, "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')": 15, "CWE-434: Unrestricted Upload of File with Dangerous Type": 16, "CWE-401: Missing Release of Memory after Effective Lifetime": 17, "CWE-400: Uncontrolled Resource Consumption": 18, "CWE-284: Improper Access Control": 19, "CWE-668: Exposure of Resource to Wrong Sphere": 20, "CWE-770: Allocation of Resources Without Limits or Throttling": 21, "CWE-532: Insertion of Sensitive Information into Log File": 22, "CWE-269: Improper Privilege Management": 23, "CWE-294: Authentication Bypass by Capture-replay": 24, "CWE-669: Incorrect Resource Transfer Between Spheres": 25, "CWE-134: Use of Externally-Controlled Format String": 26, "CWE-787: Out-of-bounds Write": 27, "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')": 28, "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')": 29, "CWE-352: Cross-Site Request Forgery (CSRF)": 30, "CWE-190: Integer Overflow or Wraparound": 31, "CWE-415: Double Free": 32, "CWE-772: Missing Release of Resource after Effective Lifetime": 33, "CWE-476: NULL Pointer Dereference": 34, "CWE-369: Divide By Zero": 35, "CWE-326: Inadequate Encryption Strength": 36, "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')": 37, "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')": 38, "CWE-193: Off-by-one Error": 39, "CWE-319: Cleartext Transmission of Sensitive Information": 40, "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')": 41, "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')": 42, "CWE-306: Missing Authentication for Critical Function": 43, "CWE-295: Improper Certificate Validation": 44, "CWE-191: Integer Underflow (Wrap or Wraparound)": 45, "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')": 46, "CWE-502: Deserialization of Untrusted Data": 47, "CWE-863: Incorrect Authorization": 48, "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')": 49, "CWE-732: Incorrect Permission Assignment for Critical Resource": 50, "CWE-918: Server-Side Request Forgery (SSRF)": 51, "CWE-331: Insufficient Entropy": 52, "CWE-416: Use After Free": 53, "CWE-1188: Initialization of a Resource with an Insecure Default": 54, "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)": 55, "CWE-426: Untrusted Search Path": 56, "CWE-91: XML Injection (aka Blind XPath Injection)": 57, "CWE-312: Cleartext Storage of Sensitive Information": 58, "CWE-613: Insufficient Session Expiration": 59, "CWE-129: Improper Validation of Array Index": 60, "CWE-909: Missing Initialization of Resource": 61, "CWE-116: Improper Encoding or Escaping of Output": 62, "CWE-640: Weak Password Recovery Mechanism for Forgotten Password": 63, "CWE-755: Improper Handling of Exceptional Conditions": 64, "CWE-916: Use of Password Hash With Insufficient Computational Effort": 65, "CWE-307: Improper Restriction of Excessive Authentication Attempts": 66, "CWE-824: Access of Uninitialized Pointer": 67, "CWE-704: Incorrect Type Conversion or Cast": 68, "CWE-611: Improper Restriction of XML External Entity Reference": 69, "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')": 70, "CWE-681: Incorrect Conversion between Numeric Types": 71, "CWE-311: Missing Encryption of Sensitive Data": 72, "CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking": 73, "CWE-617: Reachable Assertion": 74, "CWE-494: Download of Code Without Integrity Check": 75, "CWE-330: Use of Insufficiently Random Values": 76, "CWE-404: Improper Resource Shutdown or Release": 77, "CWE-522: Insufficiently Protected Credentials": 78, "CWE-125: Out-of-bounds Read": 79, "CWE-276: Incorrect Default Permissions": 80, "CWE-682: Incorrect Calculation": 81, "CWE-346: Origin Validation Error": 82, "CWE-273: Improper Check for Dropped Privileges": 83, "CWE-693: Protection Mechanism Failure": 84, "CWE-347: Improper Verification of Cryptographic Signature": 85, "CWE-565: Reliance on Cookies without Validation and Integrity Checking": 86, "CWE-697: Incorrect Comparison": 87, "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')": 88, "CWE-377: Insecure Temporary File": 89, "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition": 90, "CWE-521: Weak Password Requirements": 91, "CWE-862: Missing Authorization": 92, "CWE-428: Unquoted Search Path or Element": 93, "CWE-354: Improper Validation of Integrity Check Value": 94, "CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)": 95, "CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')": 96, "CWE-829: Inclusion of Functionality from Untrusted Control Sphere": 97, "CWE-459: Incomplete Cleanup": 98, "CWE-427: Uncontrolled Search Path Element": 99, "CWE-203: Observable Discrepancy": 100, "CWE-345: Insufficient Verification of Data Authenticity": 101, "CWE-1021: Improper Restriction of Rendered UI Layers or Frames": 102, "CWE-763: Release of Invalid Pointer or Reference": 103, "CWE-290: Authentication Bypass by Spoofing": 104, "CWE-281: Improper Preservation of Permissions": 105, "CWE-285: Improper Authorization": 106, "CWE-332: Insufficient Entropy in PRNG": 107, "CWE-754: Improper Check for Unusual or Exceptional Conditions": 108, "CWE-670: Always-Incorrect Control Flow Implementation": 109, "CWE-131: Incorrect Calculation of Buffer Size": 110, "CWE-297: Improper Validation of Certificate with Host Mismatch": 111, "CWE-358: Improperly Implemented Security Check for Standard": 112, "CWE-639: Authorization Bypass Through User-Controlled Key": 113, "CWE-118: Incorrect Access of Indexable Resource ('Range Error')": 114, "CWE-913: Improper Control of Dynamically-Managed Code Resources": 115, "CWE-552: Files or Directories Accessible to External Parties": 116, "CWE-425: Direct Request ('Forced Browsing')": 117, "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')": 118, "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')": 119, "CWE-184: Incomplete List of Disallowed Inputs": 120, "CWE-534: DEPRECATED: Information Exposure Through Debug Log Files": 121, "CWE-123: Write-what-where Condition": 122, "CWE-185: Incorrect Regular Expression": 123, "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')": 124, "CWE-407: Inefficient Algorithmic Complexity": 125, "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory": 126, "CWE-172: Encoding Error": 127, "CWE-908: Use of Uninitialized Resource": 128, "CWE-834: Excessive Iteration": 129, "CWE-749: Exposed Dangerous Method or Function": 130, "CWE-662: Improper Synchronization": 131, "CWE-99: Improper Control of Resource Identifiers ('Resource Injection')": 132, "CWE-664: Improper Control of a Resource Through its Lifetime": 133, "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime": 134, "CWE-122: Heap-based Buffer Overflow": 135, "CWE-610: Externally Controlled Reference to a Resource in Another Sphere": 136, "CWE-922: Insecure Storage of Sensitive Information": 137, "CWE-672: Operation on a Resource after Expiration or Release": 138, "CWE-674: Uncontrolled Recursion": 139, "CWE-642: External Control of Critical State Data": 140, "CWE-769: DEPRECATED: Uncontrolled File Descriptor Consumption": 141, "CWE-920: Improper Restriction of Power Consumption": 142, "CWE-300: Channel Accessible by Non-Endpoint": 143, "CWE-943: Improper Neutralization of Special Elements in Data Query Logic": 144, "CWE-121: Stack-based Buffer Overflow": 145, "CWE-1187: DEPRECATED: Use of Uninitialized Resource": 146, "CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')": 147, "CWE-178: Improper Handling of Case Sensitivity": 148, "CWE-667: Improper Locking": 149, "CWE-706: Use of Incorrectly-Resolved Name or Reference": 150, "CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling": 151, "CWE-1236: Improper Neutralization of Formula Elements in a CSV File": 152, "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer": 153, "CWE-288: Authentication Bypass Using an Alternate Path or Channel": 154, "CWE-266: Incorrect Privilege Assignment": 155, "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes": 156, "CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')": 157, "CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel": 158, "CWE-405: Asymmetric Resource Consumption (Amplification)": 159, "CWE-436: Interpretation Conflict": 160, "CWE-471: Modification of Assumed-Immutable Data (MAID)": 161, "CWE-707: Improper Neutralization": 162, "CWE-838: Inappropriate Encoding for Output Context": 163, "CWE-256: Plaintext Storage of a Password": 164, "CWE-321: Use of Hard-coded Cryptographic Key": 165, "CWE-317: Cleartext Storage of Sensitive Information in GUI": 166, "CWE-573: Improper Following of Specification by Caller": 167, "CWE-305: Authentication Bypass by Primary Weakness": 168, "CWE-117: Improper Output Neutralization for Logs": 169, "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)": 170, "CWE-61: UNIX Symbolic Link (Symlink) Following": 171, "CWE-23: Relative Path Traversal": 172, "CWE-216: DEPRECATED: Containment Errors (Container Errors)": 173, "CWE-313: Cleartext Storage in a File or on Disk": 174, "CWE-778: Insufficient Logging": 175, "CWE-73: External Control of File Name or Path": 176, "CWE-325: Missing Cryptographic Step": 177, "CWE-268: Privilege Chaining": 178, "CWE-440: Expected Behavior Violation": 179, "CWE-280: Improper Handling of Insufficient Permissions or Privileges ": 180, "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)": 181, "CWE-250: Execution with Unnecessary Privileges": 182, "CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data": 183, "CWE-805: Buffer Access with Incorrect Length Value": 184, "CWE-261: Weak Encoding for Password": 185, "CWE-684: Incorrect Provision of Specified Functionality": 186, "CWE-114: Process Control": 187, "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action": 188, "CWE-364: Signal Handler Race Condition": 189, "CWE-385: Covert Timing Channel": 190, "CWE-201: Insertion of Sensitive Information Into Sent Data": 191, "CWE-680: Integer Overflow to Buffer Overflow": 192, "CWE-506: Embedded Malicious Code": 193, "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')": 194, "CWE-694: Use of Multiple Resources with Duplicate Identifier": 195, "CWE-208: Observable Timing Discrepancy": 196, "CWE-303: Incorrect Implementation of Authentication Algorithm": 197, "CWE-248: Uncaught Exception": 198, "CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')": 199, "CWE-912: Hidden Functionality": 200, "CWE-1286: Improper Validation of Syntactic Correctness of Input": 201, "CWE-130: Improper Handling of Length Parameter Inconsistency": 202, "CWE-342: Predictable Exact Value from Previous Values": 203, "CWE-299: Improper Check for Certificate Revocation": 204, "CWE-270: Privilege Context Switching Error": 205, "CWE-822: Untrusted Pointer Dereference": 206, "CWE-214: Invocation of Process Using Visible Sensitive Information": 207, "CWE-323: Reusing a Nonce, Key Pair in Encryption": 208, "CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities": 209, "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input": 210, "CWE-183: Permissive List of Allowed Inputs": 211, "CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context": 212, "CWE-507: Trojan Horse": 213, "CWE-823: Use of Out-of-range Pointer Offset": 214, "CWE-112: Missing XML Validation": 215, "CWE-170: Improper Null Termination": 216, "CWE-788: Access of Memory Location After End of Buffer": 217, "CWE-115: Misinterpretation of Input": 218, "CWE-228: Improper Handling of Syntactically Invalid Structure": 219, "CWE-760: Use of a One-Way Hash with a Predictable Salt": 220, "CWE-271: Privilege Dropping / Lowering Errors": 221, "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')": 222, "CWE-87: Improper Neutralization of Alternate XSS Syntax": 223, "CWE-334: Small Space of Random Values": 224, "CWE-259: Use of Hard-coded Password": 225, "CWE-603: Use of Client-Side Authentication": 226, "CWE-279: Incorrect Execution-Assigned Permissions": 227, "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')": 228, "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere": 229, "CWE-1076: Insufficient Adherence to Expected Conventions": 230, "CWE-35: Path Traversal: '.../...//'": 231, "CWE-789: Memory Allocation with Excessive Size Value": 232, "CWE-472: External Control of Assumed-Immutable Web Parameter": 233, "CWE-36: Absolute Path Traversal": 234, "CWE-202: Exposure of Sensitive Information Through Data Queries": 235, "CWE-126: Buffer Over-read": 236, "CWE-489: Active Debug Code": 237, "CWE-302: Authentication Bypass by Assumed-Immutable Data": 238, "CWE-64: Windows Shortcut Following (.LNK)": 239, "CWE-540: Inclusion of Sensitive Information in Source Code": 240, "CWE-379: Creation of Temporary File in Directory with Insecure Permissions": 241, "CWE-759: Use of a One-Way Hash without a Salt": 242, "CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax": 243, "CWE-378: Creation of Temporary File With Insecure Permissions": 244, "CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere": 245, "CWE-598: Use of GET Request Method With Sensitive Query Strings": 246, "CWE-240: Improper Handling of Inconsistent Structural Elements": 247, "CWE-42: Path Equivalence: 'filename.' (Trailing Dot)": 248, "CWE-620: Unverified Password Change": 249, "CWE-283: Unverified Ownership": 250, "CWE-708: Incorrect Ownership Assignment": 251, "CWE-539: Use of Persistent Cookies Containing Sensitive Information": 252, "CWE-257: Storing Passwords in a Recoverable Format": 253, "CWE-353: Missing Support for Integrity Check": 254, "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor": 255, "CWE-657: Violation of Secure Design Principles": 256, "CWE-1284: Improper Validation of Specified Quantity in Input": 257, "CWE-457: Use of Uninitialized Variable": 258, "CWE-807: Reliance on Untrusted Inputs in a Security Decision": 259, "CWE-548: Exposure of Information Through Directory Listing": 260, "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints": 261, "CWE-267: Privilege Defined With Unsafe Actions": 262, "CWE-316: Cleartext Storage of Sensitive Information in Memory": 263, "CWE-710: Improper Adherence to Coding Standards": 264, "CWE-688: Function Call With Incorrect Variable or Reference as Argument": 265, "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag": 266, "CWE-315: Cleartext Storage of Sensitive Information in a Cookie": 267, "CWE-124: Buffer Underwrite ('Buffer Underflow')": 268, "CWE-799: Improper Control of Interaction Frequency": 269, "CWE-1278: Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques": 270, "CWE-194: Unexpected Sign Extension": 271, "CWE-15: External Control of System or Configuration Setting": 272, "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)": 273, "CWE-328: Use of Weak Hash": 274, "CWE-590: Free of Memory not on the Heap": 275, "CWE-641: Improper Restriction of Names for Files and Other Resources": 276, "CWE-277: Insecure Inherited Permissions": 277, "CWE-304: Missing Critical Step in Authentication": 278, "CWE-525: Use of Web Browser Cache Containing Sensitive Information": 279, "CWE-26: Path Traversal: '/dir/../filename'": 280, "CWE-242: Use of Inherently Dangerous Function": 281, "CWE-1333: Inefficient Regular Expression Complexity": 282} |