Coverity Static Analysis (SAST) Support for CWE Top 25

Silicon Design & Verification
Silicon IP
Software Integrity
About Us

Support
- SolvNetPlus
- Software Integrity Customer Community
Global Sites

Silicon Design & Verification
Products
Solutions
Resources
Services
Community
Training

Design
3DIC Design
AMS Simulation
RTL Design and Synthesis
Physical Implementation
Physical Verification
Signoff
Test Automation
Flow Automation
Custom Design
FPGA Design

System Simulation & Modeling
Electro-Mechanical
Wire Harness
Automotive
Aerospace

Verification
Simulation
Static & Formal Verification
Debug & Coverage
Verification IP
Virtual Prototyping
Emulation
Prototyping
SoC Verification Automation
FPGA Verification

3D Image Processing
Simpleware 3D Modeling Software
Clinical Applications for 3D Images
Life Sciences Applications for 3D Images
Materials & Manufacturing

Silicon Engineering
Technology Computer Aided Design (TCAD)
Atomic-Scale Modeling
Mask Synthesis
Mask Data Prep
Yield Management

Optical Design Solutions
LightTools
CODE V
LucidShape
Optical Scattering Measurements

Photonic Solutions
RSoft Photonic Device Tools
Photonic System Tools
PIC Design Suite
OptoCompiler

Platform
Fusion Design Platform
Custom Design Platform
Verification Continuum
Silicon Lifecycle Management Platform

Design
3DIC
Aerospace & Defense
Artificial Intelligence
Automotive
DTCO

Cloud
Synopsys in the Cloud

Verification
Aerospace & Defense
Automotive
Low Power
Networking
Cloud

Optical Design Solutions
Lighting Simulation Software
Optical Design Software
Automotive Lighting Design Software
Optical Measurements
Optical Engineering Services

Platform
Fusion Design Platform
Custom Design Platform
Verification Continuum
Silicon Engineering
Silicon Lifecycle Management Platform

Photonic Solutions
RSoft Photonic Device Tools
Photonic System Tools
PIC Design Software
OptoCompiler

Design
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers

Verification
Articles
Blogs
Datasheets
Events
News
Newsletters
Success Stories
Videos
Webinars
White Papers

Silicon Engineering
Articles
Datasheets
Events
News
Newsletters
Webinars

System Design Solutions
SoC Design
Functional Safety Services
Arm Core Hardening & Optimization
Methodology Consulting & Flow Deployment
Physical Design & Assistance
Hosted Collaboration Services

Support
Support Center Locations
Licensing
Installation
Compute Platforms

SolvNet
Documentation
Open a Support Case
Download Center

Community
Community Overview

SNUG
Conferences
Keynotes
Proceedings
Sponsors

Partners
Arm
GLOBALFOUNDRIES
Intel Custom Foundry
Samsung
TSMC

Academic Programs
Electronic Design
Optical Design
Static Analysis

Company Blogs
A View from the Top
Hitting the Mark
InFormal Chat
VIP Central
Looking Past the Horizon
Optical and Photonic Solutions
All Blogs

Training and Education
Course Catalog and Registration
Course Options

Silicon IP
Products
Markets
Newsletter
Customer Success
News
Resources

Download Brochure

Interface IP
USB
PCI Express
DDR
MIPI
CXL
CCIX
High-Speed SerDes PHYs
Ethernet
Die-to-Die
HDMI
Mobile Storage
Bluetooth
Multi-Protocol PHYs
VESA DSC
IP Prototyping Kits
Interface IP Subsystems

Processor Solutions
ARC Processor IP
Embedded Vision Processor IP
Development Tools
Operating Systems
Ecosystem
ASIP Tools

Memories & Libraries
Logic Libraries
Memory Compilers
Duet Packages
HPC Design Kit
PVT Sensors
Non-Volatile Memory

Security IP
Root of Trust
Cryptography IP
Interface Security Modules
Security Protocol Accelerator

Analog IP
Data Converters

IP Subsystems
ARC Data Fusion IP Subsystem
ARC Sensor & Control IP Subsystem
Interface IP Subsystems

IP Accelerated
SoC Architecture
IP Subsystems
Signal/Power Integrity Analysis & IP Hardening
IP Prototyping Kits
Silicon Bring-Up Support

SoC Infrastructure IP
DesignWare Library
Foundation Cores
Verification IP

Market Solutions
Artificial Intelligence
Automotive
Internet of Things
Data Center
5G Mobile

Read
News
Articles
Datasheets
DesignWare Technical Bulletin
Success Stories
White Papers

Watch
Videos
Webinars

Community
embARC.org
PCI Express IP Blog: "Express Yourself"
USB IP Blog: "To USB or Not to USB"
DDR IP Blog: "Committed to Memory"

Software Integrity
Tools & Services
Integrations
Solutions
Training
Customers
Resources
Partners
Blog

Contact Sales

Platform
Polaris DevSecOps Platform
Intelligent Orchestration
Code Dx

Tools
Static Analysis (SAST)
Software Composition Analysis (SCA)
Interactive Application Security Testing (IAST)
API Security Testing
Protocol Fuzzing

Services
Security Testing Services
AppSec Program Strategy
Threat & Risk Assessments
Security Training
Open Source Audits

By Role
Dev and DevOps Teams
Security Teams
Legal Teams

By Need
Application Security Testing
DevSecOps
Cloud & Container Security
Open Source Security & License Management
M&A Due Diligence
Quality & Security Standards Compliance

By Industry
Financial Services
IoT & Embedded
Automotive
Telecommunications
Aerospace & Defense
Public Sector
Medical Device

Software Security Training
eLearning
Instructor Led Training
Course Catalog

Product Education

Community

Resource Center
Case Studies
Datasheets
eBooks
Glossary
Reports
Webinars
White Papers

Blog
Agile, CI/CD & DevOps News
Application Security News
Cloud Security News
Container Security News
Fuzz Testing News
IAST News
IoT Security News
Medical Device Security News
Software Compliance News
SAST News
Software Composition Analysis News
Web Application Security News

Cybersecurity Research Center
Overview
Research

Company
About Us
Investor Relations
Community
Newsroom
Resources
Careers & Culture

About Us
Company Overview
Management Team
Corporate Social Responsibility
Board of Directors
Corporate Governance & Ethics
Worldwide Locations

Investor Relations
Recent Financial News
Financials
Investor Presentations
Governance & Values

Community
Synopsys Users Group (SNUG)
BSIMM
Academic Programs
Partners
Software Integrity Community

Newsroom
News Releases
Spokesperson Bios & Images
Synopsys Logos
Media Contacts

Resources
Events
Webinars
Newsletters
Blogs

Careers
Search for Jobs
Inclusion and Diversity
Culture & Values
Careers Worldwide
Internships

< Silicon Design & Verification

Silicon Design & Verification

< Products

Design

3DIC Design AMS Simulation RTL Design and Synthesis Physical Implementation Physical Verification Signoff Test Automation Flow Automation Custom Design FPGA Design

< Products

System Simulation & Modeling

Electro-Mechanical Wire Harness Automotive Aerospace

< Products

Verification

Simulation Static & Formal Verification Debug & Coverage Verification IP Virtual Prototyping Emulation Prototyping SoC Verification Automation FPGA Verification

< Products

3D Image Processing

Simpleware 3D Modeling Software Clinical Applications for 3D Images Life Sciences Applications for 3D Images Materials & Manufacturing

< Products

Silicon Engineering

Technology Computer Aided Design (TCAD) Atomic-Scale Modeling Mask Synthesis Mask Data Prep Yield Management

< Products

Optical Design Solutions

LightTools CODE V LucidShape Optical Scattering Measurements

< Products

Photonic Solutions

RSoft Photonic Device Tools Photonic System Tools PIC Design Suite OptoCompiler

< Products

Platform

Fusion Design Platform Custom Design Platform Verification Continuum Silicon Lifecycle Management Platform

< Silicon Design & Verification

Products

Design System Simulation & Modeling Verification 3D Image Processing Silicon Engineering Optical Design Solutions Photonic Solutions Platform

< Solutions

Design

3DIC Aerospace & Defense Artificial Intelligence Automotive DTCO

< Solutions

Cloud

Synopsys in the Cloud

< Solutions

Verification

Aerospace & Defense Automotive Low Power Networking Cloud

< Solutions

Optical Design Solutions

Lighting Simulation Software Optical Design Software Automotive Lighting Design Software Optical Measurements Optical Engineering Services

< Solutions

Platform

Fusion Design Platform Custom Design Platform Verification Continuum Silicon Engineering Silicon Lifecycle Management Platform

< Solutions

Photonic Solutions

RSoft Photonic Device Tools Photonic System Tools PIC Design Software OptoCompiler

< Silicon Design & Verification

Solutions

Design Cloud Verification Optical Design Solutions Platform Photonic Solutions

< Resources

Design

Articles Blogs Datasheets Events News Newsletters Success Stories Videos Webinars White Papers

< Resources

Verification

Articles Blogs Datasheets Events News Newsletters Success Stories Videos Webinars White Papers

< Resources

Silicon Engineering

Articles Datasheets Events News Newsletters Webinars

< Silicon Design & Verification

Resources

Design Verification Silicon Engineering

< Services

System Design Solutions

SoC Design Functional Safety Services Arm Core Hardening & Optimization Methodology Consulting & Flow Deployment Physical Design & Assistance Hosted Collaboration Services

< Services

Support

Support Center Locations Licensing Installation Compute Platforms

< Services

SolvNet

Documentation Open a Support Case Download Center

< Silicon Design & Verification

Services

System Design Solutions Support SolvNet

< Community

Community

Community Overview

< Community

SNUG

Conferences Keynotes Proceedings Sponsors

< Community

Partners

Arm GLOBALFOUNDRIES Intel Custom Foundry Samsung TSMC

< Community

Academic Programs

Electronic Design Optical Design Static Analysis

< Community

Company Blogs

A View from the Top Hitting the Mark InFormal Chat VIP Central Looking Past the Horizon Optical and Photonic Solutions All Blogs

< Silicon Design & Verification

Community

Community SNUG Partners Academic Programs Company Blogs

< Training

Training and Education

Course Catalog and Registration Course Options

< Silicon Design & Verification

Training

Training and Education

< main menu

Silicon Design & Verification

Silicon Design & Verification + Products + Solutions + Resources + Services + Community + Training

< Silicon IP

Silicon IP

< Products

Interface IP

USB PCI Express DDR MIPI CXL CCIX High-Speed SerDes PHYs Ethernet Die-to-Die HDMI Mobile Storage Bluetooth Multi-Protocol PHYs VESA DSC IP Prototyping Kits Interface IP Subsystems

< Products

Processor Solutions

ARC Processor IP Embedded Vision Processor IP Development Tools Operating Systems Ecosystem ASIP Tools

< Products

Memories & Libraries

Logic Libraries Memory Compilers Duet Packages HPC Design Kit PVT Sensors Non-Volatile Memory

< Products

Security IP

Root of Trust Cryptography IP Interface Security Modules Security Protocol Accelerator

< Products

Analog IP

Data Converters

< Products

IP Subsystems

ARC Data Fusion IP Subsystem ARC Sensor & Control IP Subsystem Interface IP Subsystems

< Products

IP Accelerated

SoC Architecture IP Subsystems Signal/Power Integrity Analysis & IP Hardening IP Prototyping Kits Silicon Bring-Up Support

< Products

SoC Infrastructure IP

DesignWare Library Foundation Cores Verification IP

< Silicon IP

Products

Interface IP Processor Solutions Memories & Libraries Security IP Analog IP IP Subsystems IP Accelerated SoC Infrastructure IP

< Markets

Market Solutions

Artificial Intelligence Automotive Internet of Things Data Center 5G Mobile

< Silicon IP

Markets

Market Solutions

< Silicon IP

Newsletter

< Silicon IP

Customer Success

< Silicon IP

News

< Resources

Read

News Articles Datasheets DesignWare Technical Bulletin Success Stories White Papers

< Resources

Watch

Videos Webinars

< Resources

Community

embARC.org PCI Express IP Blog: "Express Yourself" USB IP Blog: "To USB or Not to USB" DDR IP Blog: "Committed to Memory"

< Silicon IP

Resources

+ Read + Watch + Community

< main menu

Silicon IP

Silicon IP + Products + Markets Newsletter Customer Success News + Resources

< Software Integrity

Software Integrity

< Tools & Services

Platform

Polaris DevSecOps Platform Intelligent Orchestration Code Dx

< Tools & Services

Tools

Static Analysis (SAST) Software Composition Analysis (SCA) Interactive Application Security Testing (IAST) API Security Testing Protocol Fuzzing

< Tools & Services

Services

Security Testing Services AppSec Program Strategy Threat & Risk Assessments Security Training Open Source Audits

< Software Integrity

Tools & Services

Platform Tools Services

< Software Integrity

Integrations

< Solutions

By Role

Dev and DevOps Teams Security Teams Legal Teams

< Solutions

By Need

Application Security Testing DevSecOps Cloud & Container Security Open Source Security & License Management M&A Due Diligence Quality & Security Standards Compliance

< Solutions

By Industry

Financial Services IoT & Embedded Automotive Telecommunications Aerospace & Defense Public Sector Medical Device

< Software Integrity

Solutions

+ By Role + By Need + By Industry

< Training

Software Security Training

eLearning Instructor Led Training Course Catalog

< Training

Product Education

< Training

Community

< Software Integrity

Training

Software Security Training Product Education Community

< Software Integrity

Customers

< Resources

Resource Center

Case Studies Datasheets eBooks Glossary Reports Webinars White Papers

< Resources

Blog

Agile, CI/CD & DevOps News Application Security News Cloud Security News Container Security News Fuzz Testing News IAST News IoT Security News Medical Device Security News Software Compliance News SAST News Software Composition Analysis News Web Application Security News

< Resources

Cybersecurity Research Center

Overview Research

< Software Integrity

Resources

Resource Center Blog Cybersecurity Research Center

< Software Integrity

Partners

< Software Integrity

Blog

< main menu

Software Integrity

Software Integrity + Tools & Services Integrations + Solutions + Training Customers + Resources Partners Blog

< About Us

Company

< About Us

About Us

Company Overview Management Team Corporate Social Responsibility Board of Directors Corporate Governance & Ethics Worldwide Locations

< About Us

About Us

< Investor Relations

Investor Relations

Recent Financial News Financials Investor Presentations Governance & Values

< About Us

Investor Relations

< Community

Community

Synopsys Users Group (SNUG) BSIMM Academic Programs Partners Software Integrity Community

< About Us

Community

< Newsroom

Newsroom

News Releases Spokesperson Bios & Images Synopsys Logos Media Contacts

< About Us

Newsroom

< Resources

Resources

Events Webinars Newsletters Blogs

< About Us

Resources

< Careers & Culture

Careers

Search for Jobs Inclusion and Diversity Culture & Values Careers Worldwide Internships

< About Us

Careers & Culture

Careers

< main menu

About Us

Company + About Us + Investor Relations + Community + Newsroom + Resources + Careers & Culture

All Synopsys

+ Silicon Design & Verification + Silicon IP + Software Integrity + About Us

Support

SolvNetPlus Software Integrity Customer Community

Global Sites

日本語简体中文繁體中文 Русский

CWE Top 25 (2019*)	CWE	Java	C#	C/C++	CUDA	Obj-C	JavaScript/TypeScript	Kotlin	Node.js	Android	Swift	Python 3.x	PHP	Scala	VB.NET	Ruby	Go	Apex
1. Improper Restriction of Operations within the Bounds of a Memory Buffer	119
2. Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)	79
3. Improper Input Validation	20
4. Information Exposure	200
5. Out-of-bounds Read	125
6. Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	89
7. Use After Free	416
8. Integer Overflow or Wraparound	190
9. Cross-Site Request Forgery (CSRF)	352
10. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)	22
11. Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)	78
12. Out-of-bounds Write	787
13. Improper Authentication	287
14. NULL Pointer Dereference	476
15. Incorrect Permission Assignment for Critical Resource	732
16. Unrestricted Upload of File with Dangerous Type	434
17. Improper Restriction of XML External Entity Reference	611
18. Improper Control of Generation of Code (‘Code Injection’)	94
19. Use of Hard-coded Credentials	798
20. Uncontrolled Resource Consumption	400
21. Missing Release of Resource after Effective Lifetime	772
22. Untrusted Search Path	426
23. Deserialization of Untrusted Data	502
24. Improper Privilege Management	269
25. Improper Certificate Validation	295

Coverity Support for CWE Top 25

Coverity Version 2021.06 and Later Versions

Legal

Follow