CWE ID Description
CWE-20 Improper Input Validation
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-118 Improper Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-138 Improper Neutralization of Special Elements
CWE-159 Failure to Sanitize Special Element
CWE-172 Encoding Error
CWE-185 Incorrect Regular Expression
CWE-200 Information Exposure
CWE-203 Information Exposure Through Discrepancy
CWE-216 Containment Errors (Container Errors)
CWE-221 Information Loss or Omission
CWE-227 Improper Fulfillment of API Contract ('API Abuse')
CWE-228 Improper Handling of Syntactically Invalid Structure
CWE-250 Execution with Unnecessary Privileges
CWE-271 Privilege Dropping / Lowering Errors
CWE-282 Improper Ownership Management
CWE-284 Improper Access Control
CWE-285 Improper Authorization
CWE-286 Incorrect User Management
CWE-287 Improper Authentication
CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CWE-326 Inadequate Encryption Strength
CWE-330 Use of Insufficiently Random Values
CWE-335 PRNG Seed Error
CWE-340 Predictability Problems
CWE-345 Insufficient Verification of Data Authenticity
CWE-359 Exposure of Private Information ('Privacy Violation')
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-390 Detection of Error Condition Without Action
CWE-398 Indicator of Poor Code Quality
CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-405 Asymmetric Resource Consumption (Amplification)
CWE-424 Improper Protection of Alternate Path
CWE-435 Interaction Error
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
CWE-485 Insufficient Encapsulation
CWE-506 Embedded Malicious Code
CWE-514 Covert Channel
CWE-573 Improper Following of Specification by Caller
CWE-592 Authentication Bypass Issues
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
CWE-636 Not Failing Securely ('Failing Open')
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
CWE-638 Not Using Complete Mediation
CWE-642 External Control of Critical State Data
CWE-657 Violation of Secure Design Principles
CWE-664 Improper Control of a Resource Through its Lifetime
CWE-668 Exposure of Resource to Wrong Sphere
CWE-669 Incorrect Resource Transfer Between Spheres
CWE-670 Always-Incorrect Control Flow Implementation
CWE-671 Lack of Administrator Control over Security
CWE-673 External Influence of Sphere Definition
CWE-675 Duplicate Operations on Resource
CWE-682 Incorrect Calculation
CWE-691 Insufficient Control Flow Management
CWE-693 Protection Mechanism Failure
CWE-696 Incorrect Behavior Order
CWE-697 Insufficient Comparison
CWE-703 Improper Check or Handling of Exceptional Conditions
CWE-704 Incorrect Type Conversion or Cast
CWE-705 Incorrect Control Flow Scoping
CWE-706 Use of Incorrectly-Resolved Name or Reference
CWE-707 Improper Enforcement of Message or Data Structure
CWE-710 Coding Standards Violation
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-754 Improper Check for Unusual or Exceptional Conditions
CWE-755 Improper Handling of Exceptional Conditions
CWE-756 Missing Custom Error Page
CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-790 Improper Filtering of Special Elements
CWE-799 Improper Control of Interaction Frequency
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
CWE-862 Missing Authorization
CWE-863 Incorrect Authorization
CWE-912 Hidden Functionality
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-922 Insecure Storage of Sensitive Information
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
Back to Top