| CWE ID | Description |
| CWE-20 | Improper Input Validation |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-94 | Improper Control of Generation of Code ('Code Injection') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-138 | Improper Neutralization of Special Elements |
| CWE-159 | Failure to Sanitize Special Element |
| CWE-172 | Encoding Error |
| CWE-185 | Incorrect Regular Expression |
| CWE-192 | Integer Coercion Error |
| CWE-200 | Information Exposure |
| CWE-203 | Information Exposure Through Discrepancy |
| CWE-216 | Containment Errors (Container Errors) |
| CWE-221 | Information Loss or Omission |
| CWE-228 | Improper Handling of Syntactically Invalid Structure |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-269 | Improper Privilege Management |
| CWE-271 | Privilege Dropping / Lowering Errors |
| CWE-282 | Improper Ownership Management |
| CWE-284 | Improper Access Control |
| CWE-285 | Improper Authorization |
| CWE-286 | Incorrect User Management |
| CWE-287 | Improper Authentication |
| CWE-300 | Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
| CWE-326 | Inadequate Encryption Strength |
| CWE-330 | Use of Insufficiently Random Values |
| CWE-340 | Predictability Problems |
| CWE-345 | Insufficient Verification of Data Authenticity |
| CWE-359 | Exposure of Private Information ('Privacy Violation') |
| CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| CWE-390 | Detection of Error Condition Without Action |
| CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') |
| CWE-405 | Asymmetric Resource Consumption (Amplification) |
| CWE-424 | Improper Protection of Alternate Path |
| CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities |
| CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information |
| CWE-506 | Embedded Malicious Code |
| CWE-514 | Covert Channel |
| CWE-573 | Improper Following of Specification by Caller |
| CWE-592 | DEPRECATED: Authentication Bypass Issues |
| CWE-610 | Externally Controlled Reference to a Resource in Another Sphere |
| CWE-636 | Not Failing Securely ('Failing Open') |
| CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
| CWE-638 | Not Using Complete Mediation |
| CWE-642 | External Control of Critical State Data |
| CWE-657 | Violation of Secure Design Principles |
| CWE-664 | Improper Control of a Resource Through its Lifetime |
| CWE-665 | Improper Initialization |
| CWE-668 | Exposure of Resource to Wrong Sphere |
| CWE-669 | Incorrect Resource Transfer Between Spheres |
| CWE-670 | Always-Incorrect Control Flow Implementation |
| CWE-671 | Lack of Administrator Control over Security |
| CWE-673 | External Influence of Sphere Definition |
| CWE-675 | Duplicate Operations on Resource |
| CWE-681 | Incorrect Conversion between Numeric Types |
| CWE-682 | Incorrect Calculation |
| CWE-684 | Incorrect Provision of Specified Functionality |
| CWE-691 | Insufficient Control Flow Management |
| CWE-693 | Protection Mechanism Failure |
| CWE-696 | Incorrect Behavior Order |
| CWE-697 | Incorrect Comparison |
| CWE-703 | Improper Check or Handling of Exceptional Conditions |
| CWE-704 | Incorrect Type Conversion or Cast |
| CWE-705 | Incorrect Control Flow Scoping |
| CWE-706 | Use of Incorrectly-Resolved Name or Reference |
| CWE-707 | Improper Enforcement of Message or Data Structure |
| CWE-710 | Improper Adherence to Coding Standards |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| CWE-755 | Improper Handling of Exceptional Conditions |
| CWE-756 | Missing Custom Error Page |
| CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') |
| CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
| CWE-790 | Improper Filtering of Special Elements |
| CWE-799 | Improper Control of Interaction Frequency |
| CWE-829 | Inclusion of Functionality from Untrusted Control Sphere |
| CWE-862 | Missing Authorization |
| CWE-863 | Incorrect Authorization |
| CWE-912 | Hidden Functionality |
| CWE-913 | Improper Control of Dynamically-Managed Code Resources |
| CWE-922 | Insecure Storage of Sensitive Information |
| CWE-923 | Improper Restriction of Communication Channel to Intended Endpoints |
| CWE-924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
| CWE-943 | Improper Neutralization of Special Elements in Data Query Logic |
| CWE-1038 | Insecure Automated Optimizations |
| CWE-1039 | Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations |
