{"CWE-125 Out-of-bounds Read": 0, "CWE-566 Authorization Bypass Through User-Controlled SQL Primary Key": 1, "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')": 2, "CWE-352 Cross-Site Request Forgery (CSRF)": 3, "CWE-20 Improper Input Validation": 4, "CWE-613 Insufficient Session Expiration": 5, "CWE-416 Use After Free": 6, "CWE-286 Incorrect User Management": 7, "CWE-284 Improper Access Control": 8, "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')": 9, "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')": 10, "CWE-434 Unrestricted Upload of File with Dangerous Type": 11, "CWE-290 Authentication Bypass by Spoofing": 12, "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')": 13, "CWE-863 Incorrect Authorization": 14, "CWE-798 Use of Hard-coded Credentials": 15, "CWE-203 Observable Discrepancy": 16, "CWE-259 Use of Hard-coded Password": 17, "CWE-502 Deserialization of Untrusted Data": 18, "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')": 19, "CWE-823 Use of Out-of-range Pointer Offset": 20, "CWE-94 Improper Control of Generation of Code ('Code Injection')": 21, "CWE-252 Unchecked Return Value": 22, "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')": 23, "CWE-862 Missing Authorization": 24, "CWE-306: Missing Authentication for Critical Function": 25, "CWE-287 Improper Authentication": 26, "CWE-35: Path Traversal: '.../...//'": 27, "CWE-400 Uncontrolled Resource Consumption": 28, "CWE-121 Stack-based Buffer Overflow": 29, "CWE-288 Authentication Bypass Using an Alternate Path or Channel": 30, "CWE-787 Out-of-bounds Write": 31, "CWE-426 Untrusted Search Path": 32, "CWE-276 Incorrect Default Permissions": 33, "CWE-122 Heap-based Buffer Overflow": 34, "CWE-1052 Excessive Use of Hard-Coded Literals in Initialization": 35, "CWE-256 Plaintext Storage of a Password": 36, "CWE-908 Use of Uninitialized Resource": 37, "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition": 38, "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')": 39, "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')": 40, "CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)": 41, "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine": 42, "CWE-732 Incorrect Permission Assignment for Critical Resource": 43, "CWE-476 NULL Pointer Dereference": 44, "CWE-345 Insufficient Verification of Data Authenticity": 45, "CWE-306 Missing Authentication for Critical Function": 46, "CWE-358 Improperly Implemented Security Check for Standard": 47, "CWE-1223 Race Condition for Write-Once Attributes": 48, "CWE-474 Use of Function with Inconsistent Implementations": 49, "CWE-680 Integer Overflow to Buffer Overflow": 50, "CWE-31 Path Traversal: 'dir\\..\\..\\filename'": 51, "CWE-269 Improper Privilege Management": 52, "CWE-250 Execution with Unnecessary Privileges": 53, "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')": 54, "CWE-611 Improper Restriction of XML External Entity Reference": 55, "CWE-277 Insecure Inherited Permissions": 56, "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor": 57, "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer": 58, "CWE-1275 Sensitive Cookie with Improper SameSite Attribute": 59, "CWE-366 Race Condition within a Thread": 60, "CWE-457 Use of Uninitialized Variable": 61, "CWE-1262 Improper Access Control for Register Interface": 62, "CWE-364 Signal Handler Race Condition": 63, "CWE-807 Reliance on Untrusted Inputs in a Security Decision": 64, "CWE-755 Improper Handling of Exceptional Conditions": 65, "CWE-451 User Interface (UI) Misrepresentation of Critical Information": 66, "CWE-285 Improper Authorization": 67, "CWE-1287 Improper Validation of Specified Type of Input": 68, "Potential use-after-free due to AlignedBuffer self-move": 69, "CWE-691 Insufficient Control Flow Management": 70, "CWE-374 Passing Mutable Objects to an Untrusted Method": 71, "CWE-386 Symbolic Name not Mapping to Correct Object": 72, "CWE-94: Improper Control of Generation of Code ('Code Injection')": 73, "CWE-1021 Improper Restriction of Rendered UI Layers or Frames": 74, "CWE-190 Integer Overflow or Wraparound": 75, "CWE-272 Least Privilege Violation": 76, "CWE-134 Use of Externally-Controlled Format String": 77, "CWE-319 Cleartext Transmission of Sensitive Information": 78, "CWE-939 Improper Authorization in Handler for Custom URL Scheme": 79, "CWE-311 Missing Encryption of Sensitive Data": 80, "CWE-772 Missing Release of Resource after Effective Lifetime": 81, "CWE-822 Untrusted Pointer Dereference": 82, "CWE-195 Signed to Unsigned Conversion Error": 83, "CWE-327: Use of a Broken or Risky Cryptographic Algorithm": 84, "CWE-1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks": 85, "CWE-521 Weak Password Requirements": 86, "CWE-639 Authorization Bypass Through User-Controlled Key": 87, "CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')": 88, "CWE-918 Server-Side Request Forgery (SSRF)": 89, "CWE-940 Improper Verification of Source of a Communication Channel": 90, "CWE-281 Improper Preservation of Permissions": 91, "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')": 92, "CWE-327 Use of a Broken or Risky Cryptographic Algorithm": 93, "CWE-599 Missing Validation of OpenSSL Certificate": 94, "CWE-266 Incorrect Privilege Assignment": 95, "CWE-1188 Insecure Default Initialization of Resource": 96, "CWE-617 Reachable Assertion": 97, "CWE-616 Incomplete Identification of Uploaded File Variables (PHP)": 98, "CWE-231 Improper Handling of Extra Values": 99, "CWE-790 Improper Filtering of Special Elements": 100, "CWE-783 Operator Precedence Logic Error": 101, "CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')": 102, "CWE-404 Improper Resource Shutdown or Release": 103, "CWE-489 Active Debug Code": 104, "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory": 105, "CWE-129 Improper Validation of Array Index": 106, "CWE-117 Improper Output Neutralization for Logs": 107, "CWE-428 Unquoted Search Path or Element": 108, "CWE-233 Improper Handling of Parameters": 109, "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)": 110, "CWE-463 Deletion of Data Structure Sentinel": 111, "CWE-26 Path Traversal: '/dir/../filename'": 112, "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')": 113, "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')": 114, "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')": 115, "CWE-241: Improper Handling of Unexpected Data Type": 116, "CWE-241 Improper Handling of Unexpected Data Type": 117, "CWE-427 Uncontrolled Search Path Element": 118, "CWE-665 Improper Initialization": 119, "CWE-1333: Inefficient Regular Expression Complexity": 120, "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')": 121, "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')": 122, "CWE-707 Improper Neutralization": 123, "CWE-229 Improper Handling of Values": 124, "CWE-692 Incomplete Denylist to Cross-Site Scripting": 125, "CWE-326 Inadequate Encryption Strength": 126, "CWE-787: Out-of-bounds Write": 127, "CWE-20: Improper Input Validation": 128, "CWE-284: Improper Access Control": 129, "CWE-522 Insufficiently Protected Credentials": 130, "CWE-57 Path Equivalence: 'fakedir/../realdir/filename'": 131, "CWE-606 Unchecked Input for Loop Condition": 132, "CWE-377 Insecure Temporary File": 133, "CWE-378 Creation of Temporary File With Insecure Permissions": 134, "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints": 135, "CWE-29 Path Traversal: '\\..\\filename'": 136, "CWE-289 Authentication Bypass by Alternate Name": 137, "CWE-303 Incorrect Implementation of Authentication Algorithm": 138, "CWE-328 Use of Weak Hash": 139, "CWE-693 Protection Mechanism Failure": 140, "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)": 141, "CWE-591 Sensitive Data Storage in Improperly Locked Memory": 142, "CWE-805 Buffer Access with Incorrect Length Value": 143, "CWE-368 Context Switching Race Condition": 144, "CWE-321 Use of Hard-coded Cryptographic Key": 145, "CWE-130 Improper Handling of Length Parameter Inconsistency": 146, "CWE-1236 Improper Neutralization of Formula Elements in a CSV File": 147, "CWE-346 Origin Validation Error": 148, "CWE-453 Insecure Default Variable Initialization": 149, "CWE-782 Exposed IOCTL with Insufficient Access Control": 150, "CWE-124 Buffer Underwrite ('Buffer Underflow')": 151, "CWE-670 Always-Incorrect Control Flow Implementation": 152, "CWE-204 Observable Response Discrepancy": 153, "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')": 154, "CWE-494 Download of Code Without Integrity Check": 155, "CWE-73 External Control of File Name or Path": 156, "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences": 157, "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor": 158, "CWE-653 Improper Isolation or Compartmentalization": 159, "CWE-425 Direct Request ('Forced Browsing')": 160, "CWE-922 Insecure Storage of Sensitive Information": 161, "CWE-770 Allocation of Resources Without Limits or Throttling": 162, "CWE-918: Server-Side Request Forgery (SSRF)": 163, "CWE-316 Cleartext Storage of Sensitive Information in Memory": 164, "CWE-1385 Missing Origin Validation in WebSockets": 165, "CWE-280 Improper Handling of Insufficient Permissions or Privileges": 166, "CWE-690 Unchecked Return Value to NULL Pointer Dereference": 167, "CWE-598 Use of GET Request Method With Sensitive Query Strings": 168, "CWE-384 Session Fixation": 169, "CWE-556 ASP.NET Misconfiguration: Use of Identity Impersonation": 170, "CWE-297 Improper Validation of Certificate with Host Mismatch": 171, "CWE-278 Insecure Preserved Inherited Permissions": 172, "CWE-305 Authentication Bypass by Primary Weakness": 173, "CWE-279 Incorrect Execution-Assigned Permissions": 174, "CWE-294 Authentication Bypass by Capture-replay": 175, "CWE-676 Use of Potentially Dangerous Function": 176, "CWE-788 Access of Memory Location After End of Buffer": 177, "CWE-1333 Inefficient Regular Expression Complexity": 178, "CWE-786 Access of Memory Location Before Start of Buffer": 179, "CWE-116 Improper Encoding or Escaping of Output": 180, "CWE-1325 Improperly Controlled Sequential Memory Allocation": 181, "CWE-126: Buffer Over-read": 182, "CWE-703 Improper Check or Handling of Exceptional Conditions": 183, "CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference": 184, "CWE-353 Missing Support for Integrity Check": 185, "CWE-473 PHP External Variable Modification": 186, "CWE-28 Path Traversal: '..\\filedir'": 187, "CWE-620 Unverified Password Change": 188, "CWE-830 Inclusion of Web Functionality from an Untrusted Source": 189, "CWE-1391 Use of Weak Credentials": 190, "CWE-548 Exposure of Information Through Directory Listing": 191, "CWE-347 Improper Verification of Cryptographic Signature": 192, "CWE-1289 Improper Validation of Unsafe Equivalence in Input": 193, "CWE-295 Improper Certificate Validation": 194, "CWE-1246 Improper Write Handling in Limited-write Non-Volatile Memories": 195, "CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking": 196, "CWE-416: Use After Free": 197, "CWE-779 Logging of Excessive Data": 198, "CWE-193 Off-by-one Error": 199, "CWE-253 Incorrect Check of Function Return Value": 200, "CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information": 201, "CWE-324 Use of a Key Past its Expiration Date": 202, "CWE-123 Write-what-where Condition": 203, "CWE-1259 Improper Restriction of Security Token Assignment": 204, "CWE-379 Creation of Temporary File in Directory with Insecure Permissions": 205, "CWE-323 Reusing a Nonce, Key Pair in Encryption": 206, "CWE-35 Path Traversal: '.../...//'": 207, "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')": 208, "CWE-369 Divide By Zero": 209, "CWE-1286 Improper Validation of Syntactic Correctness of Input": 210, "CWE-415 Double Free": 211, "CWE-791 Incomplete Filtering of Special Elements": 212, "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')": 213, "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')": 214, "CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')": 215, "CWE-228 Improper Handling of Syntactically Invalid Structure": 216, "CWE-300 Channel Accessible by Non-Endpoint": 217, "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')": 218, "CWE-208 Observable Timing Discrepancy": 219, "CWE-419 Unprotected Primary Channel": 220, "CWE-491 Public cloneable() Method Without Final ('Object Hijack')": 221, "CWE-552 Files or Directories Accessible to External Parties": 222, "CWE-307 Improper Restriction of Excessive Authentication Attempts": 223, "CWE-351 Insufficient Type Distinction": 224, "CWE-431 Missing Handler": 225, "CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges": 226, "CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page": 227, "CWE-407 Inefficient Algorithmic Complexity": 228, "CWE-674 Uncontrolled Recursion": 229, "CWE-202 Exposure of Sensitive Information Through Data Queries": 230, "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')": 231, "CWE-592 DEPRECATED: Authentication Bypass Issues": 232, "CWE-760 Use of a One-Way Hash with a Predictable Salt": 233, "CWE-640 Weak Password Recovery Mechanism for Forgotten Password": 234, "CWE-178 Improper Handling of Case Sensitivity": 235, "CWE-829 Inclusion of Functionality from Untrusted Control Sphere": 236, "CWE-258 Empty Password in Configuration File": 237, "CWE-261 Weak Encoding for Password": 238, "CWE-312 Cleartext Storage of Sensitive Information": 239, "CWE-1263 Improper Physical Access Control": 240, "CWE-789 Memory Allocation with Excessive Size Value": 241, "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel": 242, "CWE-91 XML Injection (aka Blind XPath Injection)": 243, "CWE-401 Missing Release of Memory after Effective Lifetime": 244, "CWE-1220 Insufficient Granularity of Access Control": 245, "CWE-459 Incomplete Cleanup": 246, "CWE-126 Buffer Over-read": 247, "CWE-1393 Use of Default Password": 248, "CWE-234 Failure to Handle Missing Parameter": 249, "CWE-1335 Incorrect Bitwise Shift of Integer": 250, "CWE-59 Improper Link Resolution Before File Access ('Link Following')": 251, "CWE-920 Improper Restriction of Power Consumption": 252, "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action": 253, "CWE-942 Permissive Cross-domain Policy with Untrusted Domains": 254, "CWE-706 Use of Incorrectly-Resolved Name or Reference": 255, "CWE-257 Storing Passwords in a Recoverable Format": 256, "CWE-331 Insufficient Entropy": 257, "CWE-1390 Weak Authentication": 258, "CWE-86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages": 259, "CWE-916 Use of Password Hash With Insufficient Computational Effort": 260, "CWE-436 Interpretation Conflict": 261, "CWE-354 Improper Validation of Integrity Check Value": 262, "CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions": 263, "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer": 264, "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere": 265, "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')": 266, "CWE-248 Uncaught Exception": 267, "CWE-502: Deserialization of Untrusted Data": 268, "CWE-1007 Insufficient Visual Distinction of Homoglyphs Presented to User": 269, "CWE-434: Unrestricted Upload of File with Dangerous Type": 270, "CWE-667 Improper Locking": 271, "CWE-911 Improper Update of Reference Count": 272, "CWE-129: Improper Validation of Array Index": 273, "CWE-330 Use of Insufficiently Random Values": 274, "CWE-682 Incorrect Calculation": 275, "CWE-287: Improper Authentication": 276} |