CWE Top 25 (2019*) | CWE | Java | C# | C/C++ | CUDA | Obj-C | JavaScript/TypeScript | Kotlin | Node.js | Android | Swift | Python 3.x | PHP | Scala | VB.NET | Ruby | Go | Apex |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1. Improper Restriction of Operations Within the Bounds of a Memory Buffer | 119 | |||||||||||||||||
2. Improper Neutralization of Input During Web Page Generation ("Cross-Site Scripting") | 79 | |||||||||||||||||
3. Improper Input Validation | 20 | |||||||||||||||||
4. Information Exposure | 200 | |||||||||||||||||
5. Out-of-Bounds Read | 125 | |||||||||||||||||
6. Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection") | 89 | |||||||||||||||||
7. Use After Free | 416 | |||||||||||||||||
8. Integer Overflow or Wraparound | 190 | |||||||||||||||||
9. Cross-Site Request Forgery (CSRF) | 352 | |||||||||||||||||
10. Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") | 22 | |||||||||||||||||
11. Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection") | 78 | |||||||||||||||||
12. Out-of-Bounds Write | 787 | |||||||||||||||||
13. Improper Authentication | 287 | |||||||||||||||||
14. NULL Pointer Dereference | 476 | |||||||||||||||||
15. Incorrect Permission Assignment for Critical Resource | 732 | |||||||||||||||||
16. Unrestricted Upload of File with Dangerous Type | 434 | |||||||||||||||||
17. Improper Restriction of XML External Entity Reference | 611 | |||||||||||||||||
18. Improper Control of Generation of Code ("Code Injection") | 94 | |||||||||||||||||
19. Use of Hard-Coded Credentials | 798 | |||||||||||||||||
20. Uncontrolled Resource Consumption | 400 | |||||||||||||||||
21. Missing Release of Resource After Effective Lifetime | 772 | |||||||||||||||||
22. Untrusted Search Path | 426 | |||||||||||||||||
23. Deserialization of Untrusted Data | 502 | |||||||||||||||||
24. Improper Privilege Management | 269 | |||||||||||||||||
25. Improper Certificate Validation | 295 |
*This table refers to Coverity support for CWE Top 25 (version 2019). The MITRE CWE Top 25 (version 2019) can be found online.