Coverity Support for CWE Top 25

CWE Top 25 (2019*)	CWE	Java	C#	C/C++	CUDA	Obj-C	JavaScript/TypeScript	Kotlin	Node.js	Android	Swift	Python 3.x	PHP	Scala	VB.NET	Ruby	Go	Apex
1. Improper Restriction of Operations Within the Bounds of a Memory Buffer	119
2. Improper Neutralization of Input During Web Page Generation ("Cross-Site Scripting")	79
3. Improper Input Validation	20
4. Information Exposure	200
5. Out-of-Bounds Read	125
6. Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")	89
7. Use After Free	416
8. Integer Overflow or Wraparound	190
9. Cross-Site Request Forgery (CSRF)	352
10. Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")	22
11. Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")	78
12. Out-of-Bounds Write	787
13. Improper Authentication	287
14. NULL Pointer Dereference	476
15. Incorrect Permission Assignment for Critical Resource	732
16. Unrestricted Upload of File with Dangerous Type	434
17. Improper Restriction of XML External Entity Reference	611
18. Improper Control of Generation of Code ("Code Injection")	94
19. Use of Hard-Coded Credentials	798
20. Uncontrolled Resource Consumption	400
21. Missing Release of Resource After Effective Lifetime	772
22. Untrusted Search Path	426
23. Deserialization of Untrusted Data	502
24. Improper Privilege Management	269
25. Improper Certificate Validation	295

*This table refers to Coverity support for CWE Top 25 (version 2019). The MITRE CWE Top 25 (version 2019) can be found online.