CWE ID | Description |
CWE-20 | Improper Input Validation |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
CWE-114 | Process Control |
CWE-116 | Improper Encoding or Escaping of Output |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-138 | Improper Neutralization of Special Elements |
CWE-159 | Improper Handling of Invalid Use of Special Elements |
CWE-172 | Encoding Error |
CWE-185 | Incorrect Regular Expression |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-216 | DEPRECATED: Containment Errors (Container Errors) |
CWE-221 | Information Loss or Omission |
CWE-228 | Improper Handling of Syntactically Invalid Structure |
CWE-269 | Improper Privilege Management |
CWE-271 | Privilege Dropping / Lowering Errors |
CWE-282 | Improper Ownership Management |
CWE-285 | Improper Authorization |
CWE-286 | Incorrect User Management |
CWE-287 | Improper Authentication |
CWE-300 | Channel Accessible by Non-Endpoint |
CWE-311 | Missing Encryption of Sensitive Data |
CWE-326 | Inadequate Encryption Strength |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
CWE-330 | Use of Insufficiently Random Values |
CWE-340 | Generation of Predictable Numbers or Identifiers |
CWE-345 | Insufficient Verification of Data Authenticity |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CWE-377 | Insecure Temporary File |
CWE-400 | Uncontrolled Resource Consumption |
CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') |
CWE-404 | Improper Resource Shutdown or Release |
CWE-405 | Asymmetric Resource Consumption (Amplification) |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) |
CWE-407 | Inefficient Algorithmic Complexity |
CWE-424 | Improper Protection of Alternate Path |
CWE-436 | Interpretation Conflict |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') |
CWE-446 | UI Discrepancy for Security Feature |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information |
CWE-506 | Embedded Malicious Code |
CWE-514 | Covert Channel |
CWE-522 | Insufficiently Protected Credentials |
CWE-573 | Improper Following of Specification by Caller |
CWE-592 | DEPRECATED: Authentication Bypass Issues |
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere |
CWE-636 | Not Failing Securely ('Failing Open') |
CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
CWE-638 | Not Using Complete Mediation |
CWE-642 | External Control of Critical State Data |
CWE-657 | Violation of Secure Design Principles |
CWE-662 | Improper Synchronization |
CWE-665 | Improper Initialization |
CWE-666 | Operation on Resource in Wrong Phase of Lifetime |
CWE-667 | Improper Locking |
CWE-668 | Exposure of Resource to Wrong Sphere |
CWE-669 | Incorrect Resource Transfer Between Spheres |
CWE-670 | Always-Incorrect Control Flow Implementation |
CWE-671 | Lack of Administrator Control over Security |
CWE-672 | Operation on a Resource after Expiration or Release |
CWE-673 | External Influence of Sphere Definition |
CWE-674 | Uncontrolled Recursion |
CWE-675 | Duplicate Operations on Resource |
CWE-684 | Incorrect Provision of Specified Functionality |
CWE-696 | Incorrect Behavior Order |
CWE-704 | Incorrect Type Conversion or Cast |
CWE-705 | Incorrect Control Flow Scoping |
CWE-706 | Use of Incorrectly-Resolved Name or Reference |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
CWE-754 | Improper Check for Unusual or Exceptional Conditions |
CWE-755 | Improper Handling of Exceptional Conditions |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
CWE-790 | Improper Filtering of Special Elements |
CWE-799 | Improper Control of Interaction Frequency |
CWE-834 | Excessive Iteration |
CWE-862 | Missing Authorization |
CWE-863 | Incorrect Authorization |
CWE-912 | Hidden Functionality |
CWE-913 | Improper Control of Dynamically-Managed Code Resources |
CWE-922 | Insecure Storage of Sensitive Information |
CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints |
CWE-943 | Improper Neutralization of Special Elements in Data Query Logic |
CWE-1023 | Incomplete Comparison with Missing Factors |
CWE-1038 | Insecure Automated Optimizations |
CWE-1039 | Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
CWE-1059 | Incomplete Documentation |
CWE-1061 | Insufficient Encapsulation |
CWE-1076 | Insufficient Adherence to Expected Conventions |
CWE-1078 | Inappropriate Source Code Style or Formatting |
CWE-1093 | Excessively Complex Data Representation |
CWE-1120 | Excessive Code Complexity |
CWE-1164 | Irrelevant Code |
CWE-1176 | Inefficient CPU Computation |
CWE-1177 | Use of Prohibited Code |
CWE-1229 | Creation of Emergent Resource |
CWE-1263 | Insufficient Physical Protection Mechanism |
CWE-1271 | Missing Known Value on Reset for Registers Holding Security Settings |