Coverity Version 2021.06 and Later Versions

CWE Top 25 (2019*) CWE Java C# C/C++ CUDA Obj-C JavaScript/TypeScript Kotlin Node.js Android Swift Python 3.x PHP Scala VB.NET Ruby Go Apex
1. Improper Restriction of Operations within the Bounds of a Memory Buffer 119
2. Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 79
3. Improper Input Validation 20
4. Information Exposure 200
5. Out-of-bounds Read 125
6. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) 89
7. Use After Free 416
8. Integer Overflow or Wraparound 190
9. Cross-Site Request Forgery (CSRF) 352
10. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 22
11. Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) 78
12. Out-of-bounds Write 787
13. Improper Authentication 287
14. NULL Pointer Dereference 476
15. Incorrect Permission Assignment for Critical Resource 732
16. Unrestricted Upload of File with Dangerous Type 434
17. Improper Restriction of XML External Entity Reference 611
18. Improper Control of Generation of Code (‘Code Injection’) 94
19. Use of Hard-coded Credentials 798
20. Uncontrolled Resource Consumption 400
21. Missing Release of Resource after Effective Lifetime 772
22. Untrusted Search Path 426
23. Deserialization of Untrusted Data 502
24. Improper Privilege Management 269
25. Improper Certificate Validation 295

*This table refers to Coverity support for CWE Top 25 (version 2019). The MITRE CWE Top 25 (version 2019) can be found online.