Synopsys to acquire WhiteHat Security | An application security pioneer and market-segment leading provider of DAST solutions Learn More

close search bar

Sorry, not available in this language yet

close language selection
  • English
  • 日本語
  • 简体中文

Coverity Coverage for Common Weakness Enumeration (CWE)

Coverity version 2021.12.0

At its core, Common Weakness Enumeration (CWE) is a community-developed list of software weaknesses. CWE provides a taxonomy to categorize and describe software weaknesses—giving developers and security practitioners a common language for software security.

MITRE owns and maintains the project. To learn more about CWE, click here.

Search below to see Coverity's CWE support of languages in your codebase.

  Print to PDF

Interested in a specific language or platform?



Language/Platform CWE Coverity Checker
Android 22
  • PATH_MANIPULATION
Android 78
  • OS_CMD_INJECTION
Android 79
  • XSS
Android 89
  • SQLI
Android 94
  • SQLIREGEX_INJECTION
Android 99
  • URL_MANIPULATION
Android 209
  • SENSITIVE_DATA_LEAK
Android 215
  • ANDROID_DEBUG_MODE
Android 259
  • HARDCODED_CREDENTIALS
Android 296
  • BAD_CERT_VERIFICATION
Android 297
  • BAD_CERT_VERIFICATION
Android 299
  • BAD_CERT_VERIFICATION
Android 311
  • SENSITIVE_DATA_LEAK
Android 312
  • SENSITIVE_DATA_LEAK
Android 313
  • SENSITIVE_DATA_LEAK
Android 317
  • SENSITIVE_DATA_LEAK
Android 319
  • SENSITIVE_DATA_LEAK
Android 321
  • HARDCODED_CREDENTIALS
Android 327
  • RISKY_CRYPTO
Android 328
  • RISKY_CRYPTO
Android 330
  • MOBILE_ID_MISUSE
Android 336
  • PREDICTABLE_RANDOM_SEED
Android 337
  • PREDICTABLE_RANDOM_SEED
Android 470
  • UNSAFE_REFLECTION
Android 502
  • UNSAFE_DESERIALIZATION
Android 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Android 532
  • SENSITIVE_DATA_LEAK
Android 538
  • UNRESTRICTED_ACCESS_TO_FILE
  • EXPOSED_PREFERENCES
Android 611
  • ML_EXTERNAL_ENTITY
Android 759
  • WEAK_PASSWORD_HASH
Android 760
  • WEAK_PASSWORD_HASH
Android 776
  • XML_EXTERNAL_ENTITY
Android 798
  • HARDCODED_CREDENTIALS
Android 827
  • XML_EXTERNAL_ENTITY
Android 916
  • WEAK_PASSWORD_HASH
Android 921
  • UNRESTRICTED_ACCESS_TO_FILE
Android 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Android 927
  • IMPLICIT_INTENT
  • SENSITIVE_DATA_LEAK
  • MISSING_PERMISSION_FOR_BROADCAST
Android 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Android 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
Apex 79
  • PMD.ApexXSSFromEscapeFalse
  • PMD.ApexXSSFromURLParam
  • PMD.VfHtmlStyleTagXss
Apex 89
  • PMD.ApexSOQLInjection
Apex 242
  • PMD.ApexDangerousMethods
Apex 259
  • PMD.ApexSuggestUsingNamedCred
Apex 269
  • PMD.ApexCRUDViolation
Apex 274
  • PMD.ApexSharingViolations
Apex 319
  • PMD.ApexInsecureEndpoint
Apex 321
  • PMD.ApexBadCrypto
Apex 352
  • PMD.VfCsrf
Apex 601
  • PMD.ApexOpenRedirect
Apex 917
  • PMD.VfUnescapeEl
C# 11
  • CONFIG.ENABLED_DEBUG_MODE
  • CONFIG.ENABLED_TRACE_MODE
C# 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
C# 13
  • CONFIG.CONNECTION_STRING_PASSWORD
C# 22
  • PATH_MANIPULATION
C# 73
  • UNRESTRICTED_DISPATCH
C# 78
  • OS_CMD_INJECTION
C# 79
  • XSS
C# 89
  • SQLI
  • SQL_NOT_CONSTANT
C# 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
C# 91
  • XML_INJECTION
C# 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
C# 95
  • SCRIPT_CODE_INJECTION
C# 117
  • LOG_INJECTION
C# 190
  • OVERFLOW_BEFORE_WIDEN
C# 200
  • ASPNET_MVC_VERSION_HEADER
  • CONFIG.ASPNET_VERSION_HEADER
  • CONFIG.COOKIES_MISSING_HTTPONLY
  • CORS_MISCONFIGURATION_AUDIT
C# 209
  • SENSITIVE_DATA_LEAK
C# 259
  • HARDCODED_CREDENTIALS
C# 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
C# 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
C# 285
  • MISSING_AUTHZ
C# 300
  • CORS_MISCONFIGURATION
C# 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 314
  • SENSITIVE_DATA_LEAK
C# 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 317
  • SENSITIVE_DATA_LEAK
C# 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 321
  • HARDCODED_CREDENTIALS
C# 327
  • RISKY_CRYPTO
C# 328
  • RISKY_CRYPTO
C# 330
  • INSECURE_RANDOM
C# 352
  • CSRF
C# 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
C# 369
  • DIVIDE_BY_ZERO
C# 390
  • MISSING_THROW
C# 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
C# 403
  • RESOURCE_LEAK
C# 404
  • RESOURCE_LEAK
C# 470
  • UNSAFE_NAMED_QUERY
C# 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C# 480
  • CONSTANT_EXPRESSION_RESULT
C# 502
  • UNSAFE_DESERIALIZATION
C# 519
  • CONFIG.ASP_VIEWSTATE_MAC
C# 532
  • SENSITIVE_DATA_LEAK
C# 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
C# 561
  • DEADCODE
  • UNREACHABLE
C# 563
  • UNUSED_VALUE
C# 569
  • CONSTANT_EXPRESSION_RESULT
C# 570
  • BAD_EQ_TYPES
C# 573
  • CALL_SUPER
  • MISSING_RESTORE
C# 595
  • BAD_EQ
C# 601
  • OPEN_REDIRECT
C# 610
  • HEADER_INJECTION
C# 611
  • XML_EXTERNAL_ENTITY
C# 614
  • INSECURE_COOKIE
C# 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
C# 643
  • XPATH_INJECTION
C# 670
  • STRAY_SEMICOLON
C# 683
  • SWAPPED_ARGUMENTS
C# 759
  • WEAK_PASSWORD_HASH
C# 760
  • WEAK_PASSWORD_HASH
C# 776
  • XML_EXTERNAL_ENTITY
C# 778
  • UNLOGGED_SECURITY_EXCEPTION
C# 783
  • CONSTANT_EXPRESSION_RESULT
C# 798
  • HARDCODED_CREDENTIALS
C# 827
  • UNSAFE_XML_PARSE_CONFIG
  • XML_EXTERNAL_ENTITY
C# 833
  • LOCK_INVERSION
C# 835
  • INFINITE_LOOP
C# 863
  • CONFIG.DEAD_AUTHORIZATION_RULE
C# 916
  • WEAK_PASSWORD_HASH
C# 942
  • CORS_MISCONFIGURATION_AUDIT
C# 1004
  • INSECURE_COOKIE
C# 1275
  • INSECURE_COOKIE
C/C++ 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
C/C++ 22
  • PATH_MANIPULATION
C/C++ 78
  • OS_CMD_INJECTION
C/C++ 88
  • HEADER_INJECTION
C/C++ 89
  • SQLI
C/C++ 99
  • URL_MANIPULATION
C/C++ 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
C/C++ 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
C/C++ 125
  • INTEGER_OVERFLOW
  • OVERRUN
C/C++ 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
C/C++ 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
C/C++ 134
  • FORMAT_STRING_INJECTION
  • PW.NON_CONST_PRINTF_FORMAT_STRING
C/C++ 170
  • BUFFER_SIZE
  • READLINK
  • SIZECHECK
  • STRING_NULL
C/C++ 188
  • ATOMICITY
  • INCOMPATIBLE_CAST
C/C++ 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
C/C++ 194
  • SIGN_EXTENSION
C/C++ 195
  • MISRA_CAST
C/C++ 197
  • CHAR_IO
  • MISRA_CAST
  • NO_EFFECT
  • Y2K38_SAFETY
C/C++ 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
C/C++ 209
  • SENSITIVE_DATA_LEAK
C/C++ 243
  • CHROOT
C/C++ 248
  • UNCAUGHT_EXCEPT
C/C++ 252
  • CHECKED_RETURN
C/C++ 253
  • BAD_COMPARE
C/C++ 259
  • HARDCODED_CREDENTIALS
C/C++ 290
  • WEAK_GUARD
C/C++ 291
  • WEAK_GUARD
C/C++ 293
  • WEAK_GUARD
C/C++ 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ 314
  • SENSITIVE_DATA_LEAK
C/C++ 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ 317
  • SENSITIVE_DATA_LEAK
C/C++ 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ 321
  • HARDCODED_CREDENTIALS
C/C++ 327
  • RISKY_CRYPTO
C/C++ 328
  • RISKY_CRYPTO
C/C++ 350
  • WEAK_GUARD
C/C++ 366
  • MISSING_LOCK
C/C++ 367
  • TOCTOU
C/C++ 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
  • TAINTED_SCALAR
C/C++ 377
  • SECURE_TEMP
C/C++ 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
C/C++ 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
C/C++ 400
  • STACK_USE
C/C++ 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
C/C++ 404
  • RESOURCE_LEAK
C/C++ 415
  • USE_AFTER_FREE
C/C++ 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_COPY_OR_ASSIGN
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
C/C++ 456
  • NO_EFFECT
C/C++ 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
  • USE_AFTER_MOVE
C/C++ 459
  • DELETE_ARRAY
C/C++ 465
  • NO_EFFECT
C/C++ 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
C/C++ 475
  • PRINTF_ARGS
C/C++ 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C/C++ 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
C/C++ 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
C/C++ 482
  • NO_EFFECT
C/C++ 483
  • NESTING_INDENT_MISMATCH
C/C++ 484
  • MISSING_BREAK
C/C++ 532
  • SENSITIVE_DATA_LEAK
C/C++ 561
  • DEADCODE
  • UNREACHABLE
C/C++ 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
C/C++ 563
  • UNUSED_VALUE
C/C++ 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
C/C++ 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
C/C++ 590
  • BAD_FREE
C/C++ 597
  • BAD_COMPARE
C/C++ 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
C/C++ 617
  • LOCK
C/C++ 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
C/C++ 643
  • XPATH_INJECTION
C/C++ 662
  • ATOMICITY
C/C++ 665
  • NO_EFFECT
C/C++ 667
  • LOCK
  • SLEEP
C/C++ 670
  • STRAY_SEMICOLON
C/C++ 672
  • USE_AFTER_FREE
C/C++ 676
  • DC.PREDICTABLE_KEY_PASSWORD
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • SECURE_CODING
C/C++ 681
  • MISRA_CAST
C/C++ 683
  • SWAPPED_ARGUMENTS
C/C++ 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
C/C++ 686
  • PRINTF_ARGS
C/C++ 687
  • NEGATIVE_RETURNS
C/C++ 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
C/C++ 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • HFA
  • MISSING_COPY_OR_ASSIGN
  • MISSING_RETURN
  • SELF_ASSIGN
C/C++ 758
  • DELETE_VOID
  • EVALUATION_ORDER
C/C++ 759
  • WEAK_PASSWORD_HASH
C/C++ 760
  • WEAK_PASSWORD_HASH
C/C++ 762
  • ALLOC_FREE_MISMATCH
C/C++ 764
  • LOCK
C/C++ 765
  • LOCK
C/C++ 770
  • TAINTED_SCALAR
C/C++ 772
  • VIRTUAL_DTOR
C/C++ 775
  • RESOURCE_LEAK
C/C++ 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • PRECEDENCE_ERROR
  • SIZEOF_MISMATCH
C/C++ 798
  • HARDCODED_CREDENTIALS
C/C++ 833
  • ORDER_REVERSAL
C/C++ 835
  • INFINITE_LOOP
C/C++ 843
  • WRITE_CONST_FIELD
C/C++ 916
  • WEAK_PASSWORD_HASH
CUDA 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
CUDA 22
  • PATH_MANIPULATION
CUDA 78
  • OS_CMD_INJECTION
CUDA 88
  • HEADER_INJECTION
CUDA 89
  • SQLI
CUDA 99
  • URL_MANIPULATION
CUDA 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
CUDA 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
CUDA 125
  • INTEGER_OVERFLOW
  • OVERRUN
CUDA 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
CUDA 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
CUDA 134
  • FORMAT_STRING_INJECTION
  • PW.NON_CONST_PRINTF_FORMAT_STRING
CUDA 170
  • BUFFER_SIZE
  • READLINK
  • SIZECHECK
  • STRING_NULL
CUDA 188
  • ATOMICITY
  • INCOMPATIBLE_CAST
CUDA 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
CUDA 194
  • SIGN_EXTENSION
CUDA 195
  • MISRA_CAST
CUDA 197
  • CHAR_IO
  • MISRA_CAST
  • NO_EFFECT
  • Y2K38_SAFETY
CUDA 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
CUDA 209
  • SENSITIVE_DATA_LEAK
CUDA 243
  • CHROOT
CUDA 248
  • UNCAUGHT_EXCEPT
CUDA 252
  • CHECKED_RETURN
CUDA 253
  • BAD_COMPARE
CUDA 259
  • HARDCODED_CREDENTIALS
CUDA 290
  • WEAK_GUARD
CUDA 291
  • WEAK_GUARD
CUDA 293
  • WEAK_GUARD
CUDA 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 314
  • SENSITIVE_DATA_LEAK
CUDA 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 317
  • SENSITIVE_DATA_LEAK
CUDA 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 321
  • HARDCODED_CREDENTIALS
CUDA 327
  • RISKY_CRYPTO
CUDA 328
  • RISKY_CRYPTO
CUDA 350
  • WEAK_GUARD
CUDA 366
  • MISSING_LOCK
CUDA 367
  • TOCTOU
CUDA 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
  • TAINTED_SCALAR
CUDA 377
  • SECURE_TEMP
CUDA 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
CUDA 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
CUDA 400
  • STACK_USE
CUDA 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
CUDA 404
  • RESOURCE_LEAK
CUDA 415
  • USE_AFTER_FREE
CUDA 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_COPY_OR_ASSIGN
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
CUDA 456
  • NO_EFFECT
CUDA 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
  • USE_AFTER_MOVE
CUDA 459
  • DELETE_ARRAY
CUDA 465
  • NO_EFFECT
CUDA 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
CUDA 475
  • PRINTF_ARGS
CUDA 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
CUDA 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
CUDA 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
CUDA 482
  • NO_EFFECT
CUDA 483
  • NESTING_INDENT_MISMATCH
CUDA 484
  • MISSING_BREAK
CUDA 532
  • SENSITIVE_DATA_LEAK
CUDA 561
  • DEADCODE
  • UNREACHABLE
CUDA 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
CUDA 563
  • UNUSED_VALUE
CUDA 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
CUDA 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
CUDA 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
CUDA 590
  • BAD_FREE
CUDA 597
  • BAD_COMPARE
CUDA 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
CUDA 617
  • LOCK
CUDA 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
CUDA 643
  • XPATH_INJECTION
CUDA 662
  • ATOMICITY
CUDA 665
  • NO_EFFECT
CUDA 667
  • LOCK
  • SLEEP
CUDA 670
  • STRAY_SEMICOLON
CUDA 672
  • USE_AFTER_FREE
CUDA 676
  • DC.PREDICTABLE_KEY_PASSWORD
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • SECURE_CODING
CUDA 681
  • MISRA_CAST
CUDA 683
  • SWAPPED_ARGUMENTS
CUDA 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
CUDA 686
  • PRINTF_ARGS
CUDA 687
  • NEGATIVE_RETURNS
CUDA 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
CUDA 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • MISSING_COPY_OR_ASSIGN
  • MISSING_RETURN
  • SELF_ASSIGN
CUDA 758
  • DELETE_VOID
  • EVALUATION_ORDER
CUDA 759
  • WEAK_PASSWORD_HASH
CUDA 760
  • WEAK_PASSWORD_HASH
CUDA 762
  • ALLOC_FREE_MISMATCH
CUDA 764
  • LOCK
CUDA 765
  • LOCK
CUDA 770
  • TAINTED_SCALAR
CUDA 772
  • VIRTUAL_DTOR
CUDA 775
  • RESOURCE_LEAK
CUDA 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • PRECEDENCE_ERROR
  • SIZEOF_MISMATCH
CUDA 798
  • HARDCODED_CREDENTIALS
CUDA 833
  • ORDER_REVERSAL
CUDA 835
  • INFINITE_LOOP
CUDA 843
  • WRITE_CONST_FIELD
CUDA 916
  • WEAK_PASSWORD_HASH
Go 22
  • PATH_MANIPULATION
Go 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Go 79
  • INSECURE_CSP
  • XSS
Go 88
  • HEADER_INJECTION
Go 89
  • SQLI
Go 94
  • NOSQL_QUERY_INJECTION
  • TEMPLATE_INJECTION
Go 99
  • URL_MANIPULATION
Go 119
  • UNSAFE_FUNCTIONALITY
Go 200
  • CORS_MISCONFIGURATION_AUDIT
  • INSECURE_NETWORK_BIND
Go 209
  • SENSITIVE_DATA_LEAK
Go 252
  • CHECKED_RETURN
  • SUPPRESSED_ERROR
Go 259
  • HARDCODED_CREDENTIALS
Go 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
  • INSECURE_FILE_PERMISSIONS
Go 285
  • OAUTH2_MISCONFIGURATION
Go 287
  • STATIC_API_KEY
Go 295
  • BAD_CERT_VERIFICATION
Go 300
  • CORS_MISCONFIGURATION
Go 304
  • ANONYMOUS_DB_CONNECTION
Go 313
  • SENSITIVE_DATA_LEAK
Go 314
  • SENSITIVE_DATA_LEAK
Go 315
  • SENSITIVE_DATA_LEAK
Go 317
  • SENSITIVE_DATA_LEAK
Go 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
Go 321
  • HARDCODED_CREDENTIALS
Go 327
  • RISKY_CRYPTO
Go 328
  • RISKY_CRYPTO
Go 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
Go 352
  • CONFIG.BEEGO_CSRF_PROTECTION_DISABLED
Go 366
  • GUARDED_BY_VIOLATION
Go 369
  • DIVIDE_BY_ZERO
Go 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Go 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Go 480
  • CONSTANT_EXPRESSION_RESULT
Go 502
  • DISTRUSTED_DATA_DESERIALIZATION
Go 522
  • UNSAFE_BASIC_AUTH
Go 532
  • SENSITIVE_DATA_LEAK
Go 548
  • EXPOSED_DIRECTORY_LISTING
Go 561
  • DEADCODE
Go 563
  • UNUSED_VALUE
Go 565
  • CONFIG.COOKIE_SIGNING_DISABLED
Go 569
  • CONSTANT_EXPRESSION_RESULT
Go 601
  • OPEN_REDIRECT
Go 611
  • XML_EXTERNAL_ENTITY
Go 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
Go 614
  • INSECURE_COOKIE
Go 617
  • LOCK
Go 643
  • XPATH_INJECTION
Go 662
  • ATOMICITY
Go 667
  • LOCK
  • SLEEP
Go 764
  • LOCK
Go 765
  • LOCK
Go 776
  • XML_EXTERNAL_ENTITY
Go 778
  • INSUFFICIENT_LOGGING
Go 783
  • CONSTANT_EXPRESSION_RESULT
Go 798
  • HARDCODED_CREDENTIALS
Go 833
  • LOCK_INVERSION
Go 835
  • INFINITE_LOOP
Go 942
  • CORS_MISCONFIGURATION_AUDIT
  • SOCKET_ACCEPT_ALL_ORIGINS
Go 1004
  • INSECURE_COOKIE
Go 1275
  • INSECURE_COOKIE
Java 20
  • WEAK_URL_SANITIZATION
  • WEAK_XML_SCHEMA
Java 22
  • JSP_DYNAMIC_INCLUDE
  • PATH_MANIPULATION
Java 23
  • FB.PT_RELATIVE_PATH_TRAVERSAL
Java 36
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL
Java 73
  • UNRESTRICTED_DISPATCH
Java 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Java 79
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER
  • SIGMA.dangerously_exposed_interface_android
  • SIGMA.markdown_allow_dangerous_html_react
  • SIGMA.unsafe_innerhtml_manipulation_react
  • SIGMA.unsafe_innerhtml_manipulation_vue_jsx
  • SIGMA.weak_xss_protection_servlet
  • XSS
Java 81
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR
Java 89
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
  • JSP_SQL_INJECTION
  • SQLI
  • SQL_NOT_CONSTANT
Java 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
Java 91
  • XML_INJECTION
Java 94
  • JAVA_CODE_INJECTION
  • JCR_INJECTION
  • NOSQL_QUERY_INJECTION
  • OGNL_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
Java 95
  • SCRIPT_CODE_INJECTION
Java 99
  • URL_MANIPULATION
Java 113
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER
  • SIGMA.http_header_validation_disabled_netty
Java 117
  • LOG_INJECTION
Java 183
  • SIGMA.http_firewall_allows_special_char_spring_backslash
  • SIGMA.http_firewall_allows_special_char_spring_percent
  • SIGMA.http_firewall_allows_special_char_spring_period
  • SIGMA.http_firewall_allows_special_char_spring_semicolon
  • SIGMA.http_firewall_allows_special_char_spring_slash
  • SIGMA.http_firewall_insecure_default_spring
Java 185
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN
  • REGEX_CONFUSION
Java 190
  • OVERFLOW_BEFORE_WIDEN
Java 192
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION
  • FB.ICAST_BAD_SHIFT_AMOUNT
  • FB.ICAST_IDIV_CAST_TO_DOUBLE
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG
  • FB.ICAST_INT_2_LONG_AS_INSTANT
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT
Java 200
  • CONFIG.JAVAEE_MISSING_HTTPONLY
  • SENSITIVE_DATA_LEAK
Java 209
  • SENSITIVE_DATA_LEAK
  • SIGMA.verbose_error_message_spring_boot_exception_code
Java 215
  • ANDROID_DEBUG_MODE
Java 218
  • FB.EI_EXPOSE_STATIC_REP2
  • FB.MS_CANNOT_BE_FINAL
  • FB.MS_EXPOSE_REP
  • FB.MS_FINAL_PKGPROTECT
  • FB.MS_MUTABLE_ARRAY
  • FB.MS_MUTABLE_COLLECTION
  • FB.MS_MUTABLE_COLLECTION_PKGPROTECT
  • FB.MS_MUTABLE_HASHTABLE
  • FB.MS_OOI_PKGPROTECT
  • FB.MS_PKGPROTECT
  • FB.MS_SHOULD_BE_FINAL
  • FB.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
Java 227
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY
Java 242
  • DC.DANGEROUS
Java 252
  • CHECKED_RETURN
Java 253
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
  • ORM_LOAD_NULL_CHECK
Java 258
  • SIGMA.empty_password_core_java_sql
Java 259
  • FB.DMI_CONSTANT_DB_PASSWORD
  • FB.DMI_EMPTY_DB_PASSWORD
  • HARDCODED_CREDENTIALS
Java 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
Java 261
  • SIGMA.weak_password_hash_spring_security_code
Java 284
  • SIGMA.cors_with_credentials_null_origin_core_java
  • SIGMA.cors_with_credentials_null_origin_servlet
  • SIGMA.cors_with_credentials_null_origin_spring_corsconfiguration
  • SIGMA.cors_with_credentials_null_origin_spring_corsregistration
  • SIGMA.webview_file_access_android
Java 285
  • MISSING_AUTHZ
Java 287
  • SIGMA.unsafe_xml_canonicalization_spring_saml_code
Java 290
  • WEAK_GUARD
Java 291
  • WEAK_GUARD
Java 293
  • WEAK_GUARD
Java 295
  • BAD_CERT_VERIFICATION
  • SIGMA.certificate_verification_disabled_core_java
Java 296
  • BAD_CERT_VERIFICATION
Java 297
  • BAD_CERT_VERIFICATION
Java 299
  • BAD_CERT_VERIFICATION
Java 311
  • SIGMA.encryption_disabled_spring_security
  • SIGMA.null_cipher_used_core_java
Java 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 314
  • SENSITIVE_DATA_LEAK
Java 315
  • SENSITIVE_DATA_LEAK
  • SIGMA.sensitive_data_in_cookie_servlet
  • UNENCRYPTED_SENSITIVE_DATA
Java 317
  • SENSITIVE_DATA_LEAK
Java 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • SIGMA.cors_with_credentials_http_origin_core_java
  • SIGMA.cors_with_credentials_http_origin_servlet
  • SIGMA.cors_with_credentials_http_origin_spring_corsconfiguration
  • SIGMA.cors_with_credentials_http_origin_spring_corsregistration
  • SIGMA.login_over_http_spring_security
  • SIGMA.missing_tls_apache_http
  • SIGMA.missing_tls_apache_telnet
  • SIGMA.missing_tls_core_java_httprequest
  • SIGMA.missing_tls_core_java_httpurlconnection
  • SIGMA.missing_tls_java_unirest
  • SIGMA.missing_tls_spring_ftp
  • SIGMA.missing_tls_spring_resttemplate
  • UNENCRYPTED_SENSITIVE_DATA
Java 321
  • HARDCODED_CREDENTIALS
Java 326
  • SIGMA.insecure_cipher_core_java_block_cipher
  • SIGMA.insecure_cipher_core_java_block_cipher_mode
  • SIGMA.insecure_cipher_core_java_stream_cipher
  • SIGMA.insufficient_asymmetric_key_size_core_java
  • SIGMA.insufficient_symmetric_key_size_core_java
Java 327
  • RISKY_CRYPTO
  • SIGMA.deprecated_http_client_apache_default_http_client
  • SIGMA.deprecated_http_client_apache_system_default_http_client
  • SIGMA.improper_use_of_symmetric_cryptography_hazelcast_code
  • SIGMA.insecure_tls_version_core_java
  • SIGMA.unspecified_cipher_transformation_core_java
  • SIGMA.weak_hash_apache_commons_codec
  • SIGMA.weak_hash_core_java
Java 328
  • RISKY_CRYPTO
Java 330
  • INSECURE_RANDOM
  • MOBILE_ID_MISUSE
Java 336
  • PREDICTABLE_RANDOM_SEED
Java 337
  • PREDICTABLE_RANDOM_SEED
Java 345
  • SIGMA.jwt_algorithm_none_auth0_jwt
Java 346
  • SIGMA.cors_preflight_age_too_long_core_java
  • SIGMA.cors_preflight_age_too_long_servlet
  • SIGMA.cors_preflight_age_too_long_spring_corsconfiguration
  • SIGMA.cors_preflight_age_too_long_spring_corsregistration
Java 347
  • SIGMA.jwt_untrusted_decode_io_jsonwebtoken
Java 350
  • WEAK_GUARD
Java 352
  • CSRF
  • SIGMA.csrf_protection_disabled_spring_security_code
Java 359
  • SENSITIVE_DATA_LEAK
Java 366
  • FB.IS2_INCONSISTENT_SYNC
  • FB.IS_FIELD_NOT_GUARDED
  • FB.IS_INCONSISTENT_SYNC
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE
  • FB.STCAL_STATIC_CALENDAR_INSTANCE
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
Java 369
  • DIVIDE_BY_ZERO
Java 374
  • FB.EI_EXPOSE_REP
  • FB.EI_EXPOSE_REP2
Java 382
  • FB.DM_EXIT
Java 384
  • SESSION_FIXATION
  • SIGMA.session_fixation_protection_disabled_spring_security
Java 390
  • MISSING_THROW
Java 391
  • FB.DE_MIGHT_DROP
  • FB.DE_MIGHT_IGNORE
Java 396
  • FB.REC_CATCH_EXCEPTION
Java 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
Java 400
  • SIGMA.unlimited_concurrent_sessions_spring_security
Java 403
  • RESOURCE_LEAK
Java 404
  • RESOURCE_LEAK
Java 427
  • UNSAFE_JNI
Java 440
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION
  • FB.DMI_ARGUMENTS_WRONG_ORDER
  • FB.DMI_BAD_MONTH
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE
  • FB.DMI_BLOCKING_METHODS_ON_URL
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES
  • FB.DMI_COLLECTION_OF_URLS
  • FB.DMI_DOH
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN
  • FB.DMI_RANDOM_USED_ONLY_ONCE
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED
  • FB.DMI_UNSUPPORTED_METHOD
  • FB.DMI_USELESS_SUBSTRING
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL
  • FB.RV_01_TO_INT
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE
  • FB.RV_EXCEPTION_NOT_THROWN
  • FB.RV_NEGATING_RESULT_OF_COMPARETO
  • FB.RV_REM_OF_HASHCODE
  • FB.RV_REM_OF_RANDOM_INT
  • FB.RV_RETURN_VALUE_IGNORED
  • FB.RV_RETURN_VALUE_IGNORED2
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
Java 463
  • SIGMA.cbc_insecure_padding_core_java
Java 470
  • UNSAFE_NAMED_QUERY
  • UNSAFE_REFLECTION
Java 476
  • FB.BC_NULL_INSTANCEOF
  • FB.NP_ALWAYS_NULL
  • FB.NP_ALWAYS_NULL_EXCEPTION
  • FB.NP_ARGUMENT_MIGHT_BE_NULL
  • FB.NP_BOOLEAN_RETURN_NULL
  • FB.NP_CLONE_COULD_RETURN_NULL
  • FB.NP_CLOSING_NULL
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE
  • FB.NP_DOES_NOT_HANDLE_NULL
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
  • FB.NP_GUARANTEED_DEREF
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
  • FB.NP_NONNULL_PARAM_VIOLATION
  • FB.NP_NONNULL_RETURN_VIOLATION
  • FB.NP_NULL_INSTANCEOF
  • FB.NP_NULL_ON_SOME_PATH
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE
  • FB.NP_NULL_PARAM_DEREF
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL
  • FB.NP_OPTIONAL_RETURN_NULL
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE
  • FB.NP_STORE_INTO_NONNULL_FIELD
  • FB.NP_TOSTRING_COULD_RETURN_NULL
  • FB.NP_UNWRITTEN_FIELD
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
  • UNINIT_NONNULL
Java 480
  • CONSTANT_EXPRESSION_RESULT
Java 481
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT
Java 483
  • NESTING_INDENT_MISMATCH
Java 484
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW
  • FB.SF_SWITCH_FALLTHROUGH
  • MISSING_BREAK
Java 489
  • SIGMA.debug_enabled_spring_security_filter
  • SIGMA.deprecated_xss_header_spring_security_code
Java 501
  • TRUST_BOUNDARY_VIOLATION
Java 502
  • SIGMA.ldap_entry_poisoning_core_java
  • SIGMA.unsafe_deserialization_activemq_settrustallpackages
  • SIGMA.unsafe_deserialization_activemq_settrustedpackages
  • SIGMA.unsafe_deserialization_apache_xmlrpc
  • SIGMA.unsafe_deserialization_core_java_xmldecoder
  • SIGMA.unsafe_deserialization_jackson_objectmapper
  • UNSAFE_DESERIALIZATION
Java 532
  • SENSITIVE_DATA_LEAK
Java 538
  • SIGMA.shared_preferences_data_exposure_android
  • UNRESTRICTED_ACCESS_TO_FILE
Java 543
  • BAD_LOCK_OBJECT
  • FB.LI_LAZY_INIT_STATIC
  • FB.LI_LAZY_INIT_UPDATE_STATIC
  • LOCK_EVASION
  • SINGLETON_RACE
Java 561
  • DEADCODE
  • UNREACHABLE
Java 563
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN
  • FB.DLS_DEAD_LOCAL_STORE
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL
  • FB.DLS_OVERWRITTEN_INCREMENT
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN
  • UNUSED_VALUE
Java 567
  • SERVLET_ATOMICITY
Java 568
  • CALL_SUPER
Java 569
  • CONSTANT_EXPRESSION_RESULT
Java 570
  • FB.BC_IMPOSSIBLE_CAST
  • FB.BC_IMPOSSIBLE_DOWNCAST
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
  • FB.BC_IMPOSSIBLE_INSTANCEOF
Java 571
  • FB.BC_VACUOUS_INSTANCEOF
Java 572
  • FB.RU_INVOKE_RUN
Java 573
  • ATTRIBUTE_NAME_CONFLICT
  • CALL_SUPER
  • INVALIDATE_ITERATOR
  • MISSING_RESTORE
Java 579
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
Java 580
  • CALL_SUPER
  • FB.CN_IDIOM
  • FB.CN_IDIOM_NO_SUPER_CALL
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE
  • FB.OVERRIDING_METHODS_MUST_INVOKE_SUPER
Java 583
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED
Java 585
  • FB.ESYNC_EMPTY_SYNC
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD
Java 586
  • FB.FI_EMPTY
  • FB.FI_EXPLICIT_INVOCATION
  • FB.FI_FINALIZER_NULLS_FIELDS
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS
  • FB.FI_MISSING_SUPER_CALL
  • FB.FI_NULLIFY_SUPER
  • FB.FI_USELESS
Java 595
  • FB.EQ_ABSTRACT_SELF
  • FB.EQ_ALWAYS_FALSE
  • FB.EQ_ALWAYS_TRUE
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS
  • FB.EQ_COMPARING_CLASS_NAMES
  • FB.EQ_DOESNT_OVERRIDE_EQUALS
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT
  • FB.EQ_OTHER_NO_OBJECT
  • FB.EQ_OTHER_USE_OBJECT
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC
  • FB.EQ_SELF_NO_OBJECT
  • FB.EQ_SELF_USE_OBJECT
  • FB.EQ_UNUSUAL
Java 597
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ
  • FB.ES_COMPARING_STRINGS_WITH_EQ
Java 598
  • SIGMA.unsafe_authentication_filter_spring_security
Java 601
  • OPEN_REDIRECT
Java 609
  • FB.DC_DOUBLECHECK
  • FB.DC_PARTIALLY_CONSTRUCTED
Java 610
  • HEADER_INJECTION
Java 611
  • XML_EXTERNAL_ENTITY
Java 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
Java 614
  • INSECURE_COOKIE
  • SIGMA.missing_secure_attribute_remember_me_cookie_spring_security_code
  • SIGMA.missing_secure_attribute_servlet
Java 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
Java 625
  • WEAK_URL_SANITIZATION
Java 643
  • XPATH_INJECTION
Java 650
  • CONFIG.HTTP_VERB_TAMPERING
  • SIGMA.http_firewall_allow_any_http_method_spring
Java 662
  • ATOMICITY
Java 670
  • STRAY_SEMICOLON
Java 672
  • USE_AFTER_FREE
Java 674
  • FB.IL_INFINITE_RECURSIVE_LOOP
Java 683
  • SWAPPED_ARGUMENTS
Java 693
  • CONFIG.ANDROID_GRADLE_OBFUSCATION_NOT_ENABLED
Java 732
  • SIGMA.insecure_file_permission_core_java
Java 757
  • SIGMA.insecure_tls_renegotiation_core_java
Java 759
  • WEAK_PASSWORD_HASH
Java 760
  • WEAK_PASSWORD_HASH
Java 770
  • WEAK_XML_SCHEMA
Java 776
  • XML_EXTERNAL_ENTITY
Java 778
  • UNLOGGED_SECURITY_EXCEPTION
Java 779
  • SIGMA.debug_logging_enabled_spring_security_code
Java 780
  • SIGMA.rsa_no_padding_core_java
Java 783
  • CONSTANT_EXPRESSION_RESULT
Java 798
  • HARDCODED_CREDENTIALS
  • SIGMA.hardcoded_credentials_uri_core_java
Java 827
  • XML_EXTERNAL_ENTITY
Java 833
  • DC.DEADLOCK
  • LOCK_INVERSION
Java 835
  • INFINITE_LOOP
Java 916
  • WEAK_PASSWORD_HASH
Java 917
  • EL_INJECTION
Java 921
  • UNRESTRICTED_ACCESS_TO_FILE
Java 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Java 927
  • IMPLICIT_INTENT
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Java 942
  • SIGMA.cors_no_credentials_permissive_origin_core_java
  • SIGMA.cors_no_credentials_permissive_origin_servlet
  • SIGMA.cors_no_credentials_permissive_origin_spring_corsconfiguration
  • SIGMA.cors_no_credentials_permissive_origin_spring_corsregistration
  • SIGMA.cors_with_credentials_all_origin_core_java
  • SIGMA.cors_with_credentials_all_origin_servlet
  • SIGMA.cors_with_credentials_all_origin_spring_corsconfiguration
  • SIGMA.cors_with_credentials_all_origin_spring_corsregistration
  • SIGMA.cors_with_credentials_subdomain_origin_core_java
  • SIGMA.cors_with_credentials_subdomain_origin_servlet
  • SIGMA.cors_with_credentials_subdomain_origin_spring_corsconfiguration
  • SIGMA.cors_with_credentials_subdomain_origin_spring_corsregistration
Java 1004
  • SIGMA.missing_httponly_attribute_servlet
Java 1022
  • SIGMA.reverse_tabnabbing_react
Java 1023
  • HIBERNATE_BAD_HASHCODE
Java 1275
  • SIGMA.missing_samesite_attribute_cookie_servlet
JavaScript 20
  • COOKIE_INJECTION
  • SIGMA.parameters_validation_disabled_node_aws_sdk
  • WEAK_URL_SANITIZATION
JavaScript 22
  • PATH_MANIPULATION
JavaScript 73
  • SIGMA.file_upload_misconfiguration_of_file_path_busboy
  • SIGMA.file_upload_misconfiguration_of_file_path_express
  • SIGMA.file_upload_misconfiguration_of_file_path_multer
  • SIGMA.file_upload_misconfiguration_of_safe_file_names_express
JavaScript 74
  • CSS_INJECTION
JavaScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
JavaScript 79
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
  • ANGULAR_SCE_DISABLED
  • DOM_XSS
  • SIGMA.content_security_policy_disabled_express_helmet
  • SIGMA.insecure_xss_filter_express_helmet
  • SIGMA.no_sniff_disabled_express_helmet
  • SIGMA.xss_filter_disabled_express_helmet
  • XSS
JavaScript 88
  • HEADER_INJECTION
JavaScript 89
  • SQLI
JavaScript 94
  • ANGULAR_EXPRESSION_INJECTION
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
JavaScript 95
  • SCRIPT_CODE_INJECTION
JavaScript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
JavaScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • DNS_PREFETCHING
  • SIGMA.cors_origin_string_express_cors
  • SIGMA.dns_prefetch_control_disabled_express_helmet
  • SIGMA.insecure_referrer_policy_express_helmet
JavaScript 201
  • EXPRESS_X_POWERED_BY_ENABLED
  • SIGMA.verbose_server_banner_express
JavaScript 209
  • SENSITIVE_DATA_LEAK
JavaScript 219
  • INSECURE_COOKIE
JavaScript 248
  • SIGMA.missing_global_exception_handler_winston
JavaScript 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
  • CONFIG.HARDCODED_TOKEN
JavaScript 272
  • SIGMA.cors_configured_globally_express_cors
  • SIGMA.cors_configured_globally_koa
JavaScript 284
  • SIGMA.cors_with_credentials_null_origin_express_cors
  • SIGMA.cors_with_credentials_null_origin_koa
  • SIGMA.cors_with_credentials_null_origin_nestjs
JavaScript 285
  • MISSING_AUTHZ
JavaScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
JavaScript 295
  • BAD_CERT_VERIFICATION
  • SIGMA.certificate_verification_disabled_node_https
  • SIGMA.certificate_verification_disabled_node_libcurl
  • SIGMA.certificate_verification_disabled_node_mysql
  • SIGMA.certificate_verification_disabled_node_mysql2
  • SIGMA.certificate_verification_disabled_node_request_reject_unauthorized
  • SIGMA.certificate_verification_disabled_node_request_strict_ssl
  • SIGMA.certificate_verification_disabled_node_restify
  • SIGMA.certificate_verification_disabled_node_tls
  • SIGMA.certificate_verification_disabled_node_ws
  • SIGMA.certificate_verification_disabled_sequelize
  • SIGMA.certificate_verification_disabled_sequelize_mssql
  • SIGMA.certificate_verification_disabled_socket_io
  • SIGMA.credentials_validation_disabled_node_aws_sdk
  • SIGMA.expect_ct_disabled_express_helmet
  • SIGMA.hpkp_max_age_too_long_express
  • SIGMA.hpkp_max_age_too_long_koa
  • SIGMA.hpkp_report_uri_missing_tls_express
  • SIGMA.hpkp_report_uri_missing_tls_koa
JavaScript 305
  • SIGMA.insufficient_token_entropy_hapi_crumb
JavaScript 306
  • SIGMA.middleware_applied_globally_express_multer
JavaScript 313
  • SENSITIVE_DATA_LEAK
JavaScript 314
  • SENSITIVE_DATA_LEAK
JavaScript 315
  • SENSITIVE_DATA_LEAK
JavaScript 317
  • SENSITIVE_DATA_LEAK
JavaScript 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • SIGMA.cors_with_credentials_http_origin_express_cors
  • SIGMA.cors_with_credentials_http_origin_koa
  • SIGMA.cors_with_credentials_http_origin_nestjs
  • SIGMA.hsts_http_header_subdomains_disabled_express_helmet
  • SIGMA.hsts_http_header_subdomains_disabled_express_hsts
  • SIGMA.missing_tls_axios
  • SIGMA.missing_tls_got
  • SIGMA.missing_tls_hapi_session_mongo
  • SIGMA.missing_tls_node_aws_sdk
  • SIGMA.missing_tls_node_ftp
  • SIGMA.missing_tls_node_grpc
  • SIGMA.missing_tls_node_http
  • SIGMA.missing_tls_node_rest_client
  • SIGMA.missing_tls_node_telnet
  • SIGMA.missing_tls_node_telnet_client
  • SIGMA.missing_tls_sequelize
  • SIGMA.missing_tls_socket_io_client
  • SIGMA.missing_tls_websocket
  • SIGMA.missing_tls_ws
JavaScript 320
  • SIGMA.empty_encryption_key_node_crypto
JavaScript 327
  • RISKY_CRYPTO
  • SA.RISKY_CRYPTO
  • SIGMA.insecure_tls_cipher_suite_node_https
  • SIGMA.insecure_tls_cipher_suite_node_request
  • SIGMA.insecure_tls_cipher_suite_node_tls
  • SIGMA.insecure_tls_version_node_https
  • SIGMA.insecure_tls_version_node_request
  • SIGMA.insecure_tls_version_node_tls
  • SIGMA.weak_hash_node_crypto
JavaScript 328
  • RISKY_CRYPTO
JavaScript 330
  • INSECURE_RANDOM
JavaScript 345
  • SIGMA.jwt_algorithm_none_jsonwebtoken
JavaScript 346
  • SIGMA.cors_preflight_age_too_long_express_cors
  • SIGMA.cors_preflight_age_too_long_koa
  • SIGMA.cors_preflight_age_too_long_nestjs
  • UNCHECKED_ORIGIN
JavaScript 347
  • SIGMA.jwt_untrusted_decode_jsonwebtoken
JavaScript 352
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
  • SIGMA.csrf_protection_disabled_express_csurf
JavaScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
JavaScript 400
  • SIGMA.excessive_http_buffer_size_socket_io
  • SIGMA.file_upload_misconfiguration_filesize_graphql_js
  • SIGMA.file_upload_misconfiguration_max_files_graphql_js
  • SIGMA.file_upload_misconfiguration_of_fields_busboy
  • SIGMA.file_upload_misconfiguration_of_fields_express
  • SIGMA.file_upload_misconfiguration_of_fields_multer
  • SIGMA.file_upload_misconfiguration_of_filesize_busboy
  • SIGMA.file_upload_misconfiguration_of_filesize_express
  • SIGMA.file_upload_misconfiguration_of_filesize_multer
  • SIGMA.file_upload_misconfiguration_of_temp_files_express
JavaScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
JavaScript 480
  • CONSTANT_EXPRESSION_RESULT
JavaScript 483
  • NESTING_INDENT_MISMATCH
JavaScript 484
  • MISSING_BREAK
JavaScript 489
  • CONFIG.ENABLED_DEBUG_MODE
  • SIGMA.debug_enabled_apollo_graphql_js
JavaScript 497
  • SIGMA.hide_powered_by_disabled_express_helmet
JavaScript 502
  • UNSAFE_DESERIALIZATION
JavaScript 523
  • SIGMA.hsts_http_header_short_max_age_express_helmet
JavaScript 532
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
  • SENSITIVE_DATA_LEAK
  • SIGMA.query_logging_enabled_sequelize
JavaScript 548
  • SIGMA.exposed_directory_listing_hapi_inert
JavaScript 561
  • DEADCODE
  • UNREACHABLE
JavaScript 565
  • SIGMA.cookie_session_signing_disabled_express
JavaScript 569
  • CONSTANT_EXPRESSION_RESULT
JavaScript 601
  • OPEN_REDIRECT
JavaScript 611
  • SIGMA.xml_external_entity_enabled_libxmljs
  • XML_EXTERNAL_ENTITY
JavaScript 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
  • SIGMA.excessive_session_lifetime_connect_mongo
  • SIGMA.excessive_session_lifetime_connect_redis
  • SIGMA.excessive_session_lifetime_express_client_sessions
  • SIGMA.excessive_session_lifetime_express_cookie_session
  • SIGMA.excessive_session_lifetime_express_session
  • SIGMA.excessive_session_lifetime_google_cloud_datastore
  • SIGMA.excessive_token_lifetime_node_aws_sdk
  • SIGMA.insufficient_presigned_url_timeout_node_aws_sdk
  • SIGMA.insufficient_presigned_url_timeout_node_google_cloud_storage
  • SIGMA.jwt_ignored_expiration_time_hapi
  • SIGMA.jwt_ignored_expiration_time_jsonwebtoken
  • SIGMA.jwt_ignored_start_time_hapi
  • SIGMA.jwt_ignored_start_time_jsonwebtoken
  • SIGMA.jwt_non_expiring_token_jsonwebtoken
  • SIGMA.jwt_revoke_missing_express_jwt
JavaScript 614
  • INSECURE_COOKIE
  • SIGMA.missing_secure_attribute_session_cookie_express
JavaScript 625
  • WEAK_URL_SANITIZATION
JavaScript 628
  • EXPLICIT_THIS_EXPECTED
JavaScript 657
  • SIGMA.introspection_enabled_apollo_graphql_js
JavaScript 665
  • NO_EFFECT
JavaScript 668
  • SIGMA.broad_domain_attribute_cookie_express
  • SIGMA.root_path_attribute_cookie_express
  • UNRESTRICTED_MESSAGE_TARGET
JavaScript 670
  • STRAY_SEMICOLON
JavaScript 688
  • IDENTIFIER_TYPO
JavaScript 693
  • SIGMA.hsts_disabled_express_helmet
  • SIGMA.ie_no_open_disabled_express_helmet
  • SIGMA.permitted_cross_domain_policies_disabled_express_helmet
  • SIGMA.referrer_policy_disabled_express_helmet
JavaScript 757
  • SIGMA.insecure_tls_renegotiation_node_https
  • SIGMA.insecure_tls_renegotiation_node_request
  • SIGMA.insecure_tls_renegotiation_node_tls
JavaScript 760
  • INSECURE_SALT
JavaScript 776
  • XML_EXTERNAL_ENTITY
JavaScript 778
  • INSUFFICIENT_LOGGING
JavaScript 783
  • CONSTANT_EXPRESSION_RESULT
JavaScript 798
  • HARDCODED_CREDENTIALS
  • SIGMA.hardcoded_secret_express_jwt
  • SIGMA.hardcoded_secret_passport
JavaScript 829
  • MISSING_IFRAME_SANDBOX
JavaScript 862
  • SIGMA.allow_all_authz_policy_node_aws_sdk_s3_bucket
  • SIGMA.allow_all_authz_policy_node_aws_sdk_s3_object
  • SIGMA.allow_all_authz_policy_node_google_cloud_storage_bucket
JavaScript 921
  • SIGMA.file_upload_misconfiguration_of_storage_multer
JavaScript 922
  • LOCALSTORAGE_WRITE
  • SIGMA.unsafe_session_storage_express_session
JavaScript 942
  • INSECURE_COOKIE
  • SIGMA.cors_no_credentials_permissive_origin_apollo_graphql
  • SIGMA.cors_no_credentials_permissive_origin_express_cors
  • SIGMA.cors_no_credentials_permissive_origin_koa
  • SIGMA.cors_no_credentials_permissive_origin_nestjs
  • SIGMA.cors_with_credentials_all_origin_express_cors
  • SIGMA.cors_with_credentials_all_origin_koa
  • SIGMA.cors_with_credentials_all_origin_nestjs
  • SIGMA.socket_accepts_all_origins_socket_io
JavaScript 1004
  • INSECURE_COOKIE
  • SIGMA.missing_httponly_attribute_session_cookie_express
JavaScript 1021
  • SIGMA.csp_frame_ancestors_disabled_express_helmet
JavaScript 1187
  • UNSAFE_BUFFER_METHOD
JavaScript 1275
  • SIGMA.missing_samesite_attribute_session_cookie_express
JavaScript 1327
  • SIGMA.insecure_network_bind_apollo_graphql_js
Kotlin 22
  • PATH_MANIPULATION
Kotlin 78
  • OS_CMD_INJECTION
Kotlin 89
  • SQLI
Kotlin 94
  • REGEX_INJECTION
Kotlin 99
  • URL_MANIPULATION
Kotlin 200
  • SENSITIVE_DATA_LEAK
Kotlin 209
  • SENSITIVE_DATA_LEAK
Kotlin 215
  • ANDROID_DEBUG_MODE
Kotlin 259
  • HARDCODED_CREDENTIALS
Kotlin 296
  • BAD_CERT_VERIFICATION
Kotlin 297
  • BAD_CERT_VERIFICATION
Kotlin 299
  • BAD_CERT_VERIFICATION
Kotlin 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 314
  • SENSITIVE_DATA_LEAK
Kotlin 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 317
  • SENSITIVE_DATA_LEAK
Kotlin 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 321
  • HARDCODED_CREDENTIALS
Kotlin 327
  • RISKY_CRYPTO
Kotlin 328
  • RISKY_CRYPTO
Kotlin 330
  • INSECURE_RANDOM
  • MOBILE_ID_MISUSE
Kotlin 336
  • PREDICTABLE_RANDOM_SEED
Kotlin 337
  • PREDICTABLE_RANDOM_SEED
Kotlin 359
  • SENSITIVE_DATA_LEAK
Kotlin 427
  • UNSAFE_JNI
Kotlin 502
  • UNSAFE_DESERIALIZATION
Kotlin 532
  • SENSITIVE_DATA_LEAK
Kotlin 538
  • EXPOSED_PREFERENCES
  • UNRESTRICTED_ACCESS_TO_FILE
Kotlin 610
  • HEADER_INJECTION
Kotlin 611
  • XML_EXTERNAL_ENTITY
Kotlin 643
  • XPATH_INJECTION
Kotlin 693
  • CONFIG.ANDROID_GRADLE_OBFUSCATION_NOT_ENABLED
Kotlin 759
  • WEAK_PASSWORD_HASH
Kotlin 760
  • WEAK_PASSWORD_HASH
Kotlin 776
  • XML_EXTERNAL_ENTITY
Kotlin 778
  • UNLOGGED_SECURITY_EXCEPTION
Kotlin 798
  • HARDCODED_CREDENTIALS
Kotlin 827
  • XML_EXTERNAL_ENTITY
Kotlin 916
  • WEAK_PASSWORD_HASH
Kotlin 921
  • UNRESTRICTED_ACCESS_TO_FILE
Kotlin 926
  • ANDROID_CAPABILITY_LEAK
Kotlin 927
  • IMPLICIT_INTENT
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Objective-C/C++ 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
Objective-C/C++ 22
  • PATH_MANIPULATION
Objective-C/C++ 78
  • OS_CMD_INJECTION
Objective-C/C++ 88
  • HEADER_INJECTION
Objective-C/C++ 89
  • SQLI
Objective-C/C++ 99
  • URL_MANIPULATION
Objective-C/C++ 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
Objective-C/C++ 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
Objective-C/C++ 125
  • INTEGER_OVERFLOW
  • OVERRUN
Objective-C/C++ 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
Objective-C/C++ 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
Objective-C/C++ 134
  • FORMAT_STRING_INJECTION
Objective-C/C++ 170
  • BUFFER_SIZE
  • READLINK
  • SIZECHECK
  • STRING_NULL
Objective-C/C++ 188
  • INCOMPATIBLE_CAST
Objective-C/C++ 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
Objective-C/C++ 194
  • SIGN_EXTENSION
Objective-C/C++ 195
  • MISRA_CAST
Objective-C/C++ 197
  • CHAR_IO
  • MISRA_CAST
  • NO_EFFECT
Objective-C/C++ 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
Objective-C/C++ 209
  • SENSITIVE_DATA_LEAK
Objective-C/C++ 243
  • CHROOT
Objective-C/C++ 248
  • UNCAUGHT_EXCEPT
Objective-C/C++ 252
  • CHECKED_RETURN
Objective-C/C++ 253
  • BAD_COMPARE
Objective-C/C++ 259
  • HARDCODED_CREDENTIALS
Objective-C/C++ 290
  • WEAK_GUARD
Objective-C/C++ 291
  • WEAK_GUARD
Objective-C/C++ 293
  • WEAK_GUARD
Objective-C/C++ 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Objective-C/C++ 314
  • SENSITIVE_DATA_LEAK
Objective-C/C++ 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Objective-C/C++ 317
  • SENSITIVE_DATA_LEAK
Objective-C/C++ 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Objective-C/C++ 321
  • HARDCODED_CREDENTIALS
Objective-C/C++ 327
  • RISKY_CRYPTO
Objective-C/C++ 328
  • RISKY_CRYPTO
Objective-C/C++ 350
  • WEAK_GUARD
Objective-C/C++ 366
  • MISSING_LOCK
Objective-C/C++ 367
  • TOCTOU
Objective-C/C++ 369
  • DIVIDE_BY_ZERO
  • TAINTED_SCALAR
Objective-C/C++ 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
Objective-C/C++ 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
Objective-C/C++ 400
  • STACK_USE
Objective-C/C++ 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
Objective-C/C++ 404
  • RESOURCE_LEAK
Objective-C/C++ 415
  • USE_AFTER_FREE
Objective-C/C++ 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_COPY_OR_ASSIGN
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
Objective-C/C++ 456
  • NO_EFFECT
Objective-C/C++ 457
  • UNINIT
  • UNINIT_CTOR
Objective-C/C++ 459
  • DELETE_ARRAY
Objective-C/C++ 465
  • NO_EFFECT
Objective-C/C++ 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
Objective-C/C++ 475
  • PRINTF_ARGS
Objective-C/C++ 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Objective-C/C++ 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
Objective-C/C++ 482
  • NO_EFFECT
Objective-C/C++ 483
  • NESTING_INDENT_MISMATCH
Objective-C/C++ 484
  • MISSING_BREAK
Objective-C/C++ 532
  • SENSITIVE_DATA_LEAK
Objective-C/C++ 561
  • DEADCODE
  • UNREACHABLE
Objective-C/C++ 562
  • RETURN_LOCAL
Objective-C/C++ 563
  • UNUSED_VALUE
Objective-C/C++ 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
Objective-C/C++ 570
  • NO_EFFECT
Objective-C/C++ 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
Objective-C/C++ 590
  • BAD_FREE
Objective-C/C++ 597
  • BAD_COMPARE
Objective-C/C++ 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
Objective-C/C++ 617
  • LOCK
Objective-C/C++ 628
  • BAD_COMPARE
Objective-C/C++ 643
  • XPATH_INJECTION
Objective-C/C++ 662
  • ATOMICITY
Objective-C/C++ 665
  • NO_EFFECT
Objective-C/C++ 667
  • LOCK
  • SLEEP
Objective-C/C++ 670
  • STRAY_SEMICOLON
Objective-C/C++ 672
  • USE_AFTER_FREE
Objective-C/C++ 676
  • DC.PREDICTABLE_KEY_PASSWORD
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • SECURE_CODING
Objective-C/C++ 681
  • MISRA_CAST
Objective-C/C++ 683
  • SWAPPED_ARGUMENTS
Objective-C/C++ 685
  • PRINTF_ARGS
Objective-C/C++ 686
  • PRINTF_ARGS
Objective-C/C++ 687
  • NEGATIVE_RETURNS
Objective-C/C++ 704
  • INCOMPATIBLE_CAST
Objective-C/C++ 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • MISSING_COPY_OR_ASSIGN
  • MISSING_RETURN
  • SELF_ASSIGN
Objective-C/C++ 758
  • DELETE_VOID
  • EVALUATION_ORDER
Objective-C/C++ 759
  • WEAK_PASSWORD_HASH
Objective-C/C++ 760
  • WEAK_PASSWORD_HASH
Objective-C/C++ 762
  • ALLOC_FREE_MISMATCH
Objective-C/C++ 764
  • LOCK
Objective-C/C++ 765
  • LOCK
Objective-C/C++ 770
  • TAINTED_SCALAR
Objective-C/C++ 772
  • VIRTUAL_DTOR
Objective-C/C++ 775
  • RESOURCE_LEAK
Objective-C/C++ 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
Objective-C/C++ 798
  • HARDCODED_CREDENTIALS
Objective-C/C++ 833
  • ORDER_REVERSAL
Objective-C/C++ 835
  • INFINITE_LOOP
Objective-C/C++ 916
  • WEAK_PASSWORD_HASH
PHP 22
  • PATH_MANIPULATION
PHP 74
  • SYMFONY_EL_INJECTION
PHP 78
  • OS_CMD_INJECTION
PHP 79
  • XSS
PHP 88
  • HEADER_INJECTION
PHP 89
  • SQLI
PHP 94
  • NOSQL_QUERY_INJECTION
PHP 95
  • SCRIPT_CODE_INJECTION
PHP 209
  • SENSITIVE_DATA_LEAK
PHP 285
  • MISSING_AUTHZ
PHP 313
  • SENSITIVE_DATA_LEAK
PHP 314
  • SENSITIVE_DATA_LEAK
PHP 315
  • SENSITIVE_DATA_LEAK
PHP 317
  • SENSITIVE_DATA_LEAK
PHP 319
  • SENSITIVE_DATA_LEAK
PHP 352
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED
PHP 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
PHP 470
  • UNSAFE_REFLECTION
PHP 476
  • FORWARD_NULL
PHP 480
  • CONSTANT_EXPRESSION_RESULT
PHP 483
  • NESTING_INDENT_MISMATCH
PHP 484
  • MISSING_BREAK
PHP 502
  • UNSAFE_DESERIALIZATION
PHP 532
  • SENSITIVE_DATA_LEAK
PHP 561
  • DEADCODE
  • UNREACHABLE
PHP 569
  • CONSTANT_EXPRESSION_RESULT
PHP 601
  • OPEN_REDIRECT
PHP 611
  • XML_EXTERNAL_ENTITY
PHP 665
  • NO_EFFECT
PHP 670
  • STRAY_SEMICOLON
PHP 688
  • IDENTIFIER_TYPO
PHP 783
  • CONSTANT_EXPRESSION_RESULT
PHP 798
  • HARDCODED_CREDENTIALS
Python 20
  • COOKIE_INJECTION
  • WEAK_URL_SANITIZATION
Python 22
  • PATH_MANIPULATION
Python 78
  • OS_CMD_INJECTION
Python 79
  • JINJA2_AUTOESCAPE_DISABLED
  • XSS
Python 88
  • HEADER_INJECTION
Python 89
  • SQLI
Python 91
  • XML_INJECTION
Python 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
Python 95
  • SCRIPT_CODE_INJECTION
Python 99
  • URL_MANIPULATION
Python 200
  • INSECURE_NETWORK_BIND
  • INSECURE_REFERRER_POLICY
Python 209
  • SENSITIVE_DATA_LEAK
Python 285
  • MISSING_AUTHZ
Python 295
  • BAD_CERT_VERIFICATION
Python 304
  • ANONYMOUS_DB_CONNECTION
Python 313
  • SENSITIVE_DATA_LEAK
Python 314
  • SENSITIVE_DATA_LEAK
Python 315
  • SENSITIVE_DATA_LEAK
Python 317
  • SENSITIVE_DATA_LEAK
Python 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
Python 327
  • RISKY_CRYPTO
Python 328
  • RISKY_CRYPTO
Python 330
  • INSECURE_RANDOM
Python 346
  • HOST_HEADER_VALIDATION_DISABLED
Python 352
  • CONFIG.DJANGO_CSRF_PROTECTION_DISABLED
  • CSRF
Python 377
  • SECURE_TEMP
Python 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Python 476
  • FORWARD_NULL
  • REVERSE_INULL
Python 480
  • CONSTANT_EXPRESSION_RESULT
Python 489
  • CONFIG.ENABLED_DEBUG_MODE
Python 502
  • UNSAFE_DESERIALIZATION
Python 521
  • MISSING_PASSWORD_VALIDATOR
Python 532
  • SENSITIVE_DATA_LEAK
Python 561
  • DEADCODE
  • UNREACHABLE
Python 569
  • CONSTANT_EXPRESSION_RESULT
Python 601
  • OPEN_REDIRECT
Python 611
  • XML_EXTERNAL_ENTITY
Python 614
  • INSECURE_COOKIE
Python 625
  • WEAK_URL_SANITIZATION
Python 688
  • IDENTIFIER_TYPO
Python 760
  • INSECURE_SALT
Python 778
  • INSUFFICIENT_LOGGING
Python 783
  • CONSTANT_EXPRESSION_RESULT
Python 798
  • HARDCODED_CREDENTIALS
Python 827
  • UNSAFE_XML_PARSE_CONFIG
Python 916
  • WEAK_PASSWORD_HASH
Python 1004
  • INSECURE_COOKIE
Python 1275
  • INSECURE_COOKIE
Ruby 22
  • PATH_MANIPULATION
  • RUBY_VULNERABLE_LIBRARY
Ruby 73
  • RUBY_VULNERABLE_LIBRARY
Ruby 78
  • OS_CMD_INJECTION
Ruby 79
  • RUBY_VULNERABLE_LIBRARY
  • TEMPLATE_INJECTION
  • UNESCAPED_HTML
  • XSS
Ruby 83
  • XSS
Ruby 89
  • DYNAMIC_OBJECT_ATTRIBUTES
  • RUBY_VULNERABLE_LIBRARY
  • SQLI
Ruby 94
  • REGEX_INJECTION
Ruby 95
  • PATH_MANIPULATION
  • SCRIPT_CODE_INJECTION
Ruby 113
  • RUBY_VULNERABLE_LIBRARY
Ruby 183
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 184
  • DENY_LIST_FOR_AUTHN
Ruby 209
  • SENSITIVE_DATA_LEAK
Ruby 215
  • SENSITIVE_DATA_LEAK
Ruby 259
  • HARDCODED_CREDENTIALS
Ruby 263
  • RAILS_DEVISE_CONFIG
Ruby 287
  • UNSAFE_BASIC_AUTH
Ruby 289
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_BASIC_AUTH
Ruby 307
  • RAILS_DEVISE_CONFIG
Ruby 319
  • STRICT_TRANSPORT_SECURITY
Ruby 321
  • UNSAFE_SESSION_SETTING
Ruby 352
  • CSRF
  • RUBY_VULNERABLE_LIBRARY
Ruby 369
  • DIVIDE_BY_ZERO
Ruby 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • PARSE_ERROR
  • UNEXPECTED_CONTROL_FLOW
Ruby 400
  • RAILS_DEFAULT_ROUTES
  • RESOURCE_LEAK
  • RUBY_VULNERABLE_LIBRARY
Ruby 470
  • UNSAFE_REFLECTION
Ruby 476
  • FORWARD_NULL
  • REVERSE_INULL
Ruby 480
  • CONSTANT_EXPRESSION_RESULT
Ruby 502
  • COOKIE_SERIALIZER_CONFIG
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_DESERIALIZATION
Ruby 521
  • RAILS_DEVISE_CONFIG
Ruby 561
  • DEADCODE
  • UNREACHABLE
Ruby 569
  • CONSTANT_EXPRESSION_RESULT
Ruby 599
  • BAD_CERT_VERIFICATION
Ruby 601
  • OPEN_REDIRECT
  • REVERSE_TABNABBING
Ruby 614
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Ruby 639
  • INSECURE_DIRECT_OBJECT_REFERENCE
Ruby 642
  • SESSION_MANIPULATION
Ruby 661
  • RUBY_VULNERABLE_LIBRARY
Ruby 665
  • NO_EFFECT
Ruby 688
  • IDENTIFIER_TYPO
Ruby 704
  • SQLI
Ruby 777
  • REGEX_MISSING_ANCHOR
Ruby 783
  • CONSTANT_EXPRESSION_RESULT
Ruby 798
  • UNSAFE_BASIC_AUTH
Ruby 862
  • RAILS_DEFAULT_ROUTES
  • RAILS_MISSING_FILTER_ACTION
Ruby 915
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 916
  • RAILS_DEVISE_CONFIG
  • WEAK_PASSWORD_HASH
Ruby 1004
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Scala 190
  • OVERFLOW_BEFORE_WIDEN
Scala 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
Scala 476
  • FORWARD_NULL
  • REVERSE_INULL
Scala 480
  • CONSTANT_EXPRESSION_RESULT
Scala 483
  • NESTING_INDENT_MISMATCH
Scala 561
  • DEADCODE
  • UNREACHABLE
Scala 569
  • CONSTANT_EXPRESSION_RESULT
Scala 665
  • NO_EFFECT
Scala 783
  • CONSTANT_EXPRESSION_RESULT
Swift 287
  • SIGMA.weak_biometric_authentication_ios
Swift 311
  • SIGMA.encryption_disabled_ios_multipeer_connection
Swift 327
  • SIGMA.insecure_tls_version_ios_protocol_max
  • SIGMA.insecure_tls_version_ios_protocol_min
  • SIGMA.insecure_tls_version_ios_stream_property
Swift 798
  • SIGMA.hardcoded_secret_core_swift
TypeScript 20
  • COOKIE_INJECTION
  • SIGMA.parameters_validation_disabled_node_aws_sdk
  • WEAK_URL_SANITIZATION
TypeScript 22
  • PATH_MANIPULATION
TypeScript 73
  • SIGMA.file_upload_misconfiguration_of_file_path_busboy
  • SIGMA.file_upload_misconfiguration_of_file_path_express
  • SIGMA.file_upload_misconfiguration_of_file_path_multer
  • SIGMA.file_upload_misconfiguration_of_safe_file_names_express
TypeScript 74
  • CSS_INJECTION
TypeScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
TypeScript 79
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
  • ANGULAR_SCE_DISABLED
  • DOM_XSS
  • SIGMA.content_security_policy_disabled_express_helmet
  • SIGMA.insecure_xss_filter_express_helmet
  • SIGMA.no_sniff_disabled_express_helmet
  • SIGMA.xss_filter_disabled_express_helmet
  • XSS
TypeScript 88
  • HEADER_INJECTION
TypeScript 89
  • SQLI
TypeScript 94
  • ANGULAR_EXPRESSION_INJECTION
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
TypeScript 95
  • SCRIPT_CODE_INJECTION
TypeScript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
TypeScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • DNS_PREFETCHING
  • SIGMA.cors_origin_string_express_cors
  • SIGMA.dns_prefetch_control_disabled_express_helmet
  • SIGMA.insecure_referrer_policy_express_helmet
TypeScript 201
  • EXPRESS_X_POWERED_BY_ENABLED
  • SIGMA.verbose_server_banner_express
TypeScript 209
  • SENSITIVE_DATA_LEAK
TypeScript 219
  • INSECURE_COOKIE
TypeScript 248
  • SIGMA.missing_global_exception_handler_winston
TypeScript 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
  • CONFIG.HARDCODED_TOKEN
TypeScript 272
  • SIGMA.cors_configured_globally_express_cors
  • SIGMA.cors_configured_globally_koa
TypeScript 284
  • SIGMA.cors_with_credentials_null_origin_express_cors
  • SIGMA.cors_with_credentials_null_origin_koa
  • SIGMA.cors_with_credentials_null_origin_nestjs
TypeScript 285
  • MISSING_AUTHZ
TypeScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
TypeScript 295
  • BAD_CERT_VERIFICATION
  • SIGMA.certificate_verification_disabled_node_https
  • SIGMA.certificate_verification_disabled_node_libcurl
  • SIGMA.certificate_verification_disabled_node_mysql
  • SIGMA.certificate_verification_disabled_node_mysql2
  • SIGMA.certificate_verification_disabled_node_request_reject_unauthorized
  • SIGMA.certificate_verification_disabled_node_request_strict_ssl
  • SIGMA.certificate_verification_disabled_node_restify
  • SIGMA.certificate_verification_disabled_node_tls
  • SIGMA.certificate_verification_disabled_node_ws
  • SIGMA.certificate_verification_disabled_sequelize
  • SIGMA.certificate_verification_disabled_sequelize_mssql
  • SIGMA.certificate_verification_disabled_socket_io
  • SIGMA.credentials_validation_disabled_node_aws_sdk
  • SIGMA.expect_ct_disabled_express_helmet
  • SIGMA.hpkp_max_age_too_long_express
  • SIGMA.hpkp_max_age_too_long_koa
  • SIGMA.hpkp_report_uri_missing_tls_express
  • SIGMA.hpkp_report_uri_missing_tls_koa
TypeScript 305
  • SIGMA.insufficient_token_entropy_hapi_crumb
TypeScript 306
  • SIGMA.middleware_applied_globally_express_multer
TypeScript 313
  • SENSITIVE_DATA_LEAK
TypeScript 314
  • SENSITIVE_DATA_LEAK
TypeScript 315
  • SENSITIVE_DATA_LEAK
TypeScript 317
  • SENSITIVE_DATA_LEAK
TypeScript 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • SIGMA.cors_with_credentials_http_origin_express_cors
  • SIGMA.cors_with_credentials_http_origin_koa
  • SIGMA.cors_with_credentials_http_origin_nestjs
  • SIGMA.hsts_http_header_subdomains_disabled_express_helmet
  • SIGMA.hsts_http_header_subdomains_disabled_express_hsts
  • SIGMA.missing_tls_axios
  • SIGMA.missing_tls_got
  • SIGMA.missing_tls_hapi_session_mongo
  • SIGMA.missing_tls_node_aws_sdk
  • SIGMA.missing_tls_node_ftp
  • SIGMA.missing_tls_node_grpc
  • SIGMA.missing_tls_node_http
  • SIGMA.missing_tls_node_rest_client
  • SIGMA.missing_tls_node_telnet
  • SIGMA.missing_tls_node_telnet_client
  • SIGMA.missing_tls_sequelize
  • SIGMA.missing_tls_socket_io_client
  • SIGMA.missing_tls_websocket
  • SIGMA.missing_tls_ws
TypeScript 320
  • SIGMA.empty_encryption_key_node_crypto
TypeScript 327
  • RISKY_CRYPTO
  • SA.RISKY_CRYPTO
  • SIGMA.insecure_tls_cipher_suite_node_https
  • SIGMA.insecure_tls_cipher_suite_node_request
  • SIGMA.insecure_tls_cipher_suite_node_tls
  • SIGMA.insecure_tls_version_node_https
  • SIGMA.insecure_tls_version_node_request
  • SIGMA.insecure_tls_version_node_tls
  • SIGMA.weak_hash_node_crypto
TypeScript 328
  • RISKY_CRYPTO
TypeScript 330
  • INSECURE_RANDOM
TypeScript 345
  • SIGMA.jwt_algorithm_none_jsonwebtoken
TypeScript 346
  • SIGMA.cors_preflight_age_too_long_express_cors
  • SIGMA.cors_preflight_age_too_long_koa
  • SIGMA.cors_preflight_age_too_long_nestjs
  • UNCHECKED_ORIGIN
TypeScript 347
  • SIGMA.jwt_untrusted_decode_jsonwebtoken
TypeScript 352
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
  • SIGMA.csrf_protection_disabled_express_csurf
TypeScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
TypeScript 400
  • SIGMA.excessive_http_buffer_size_socket_io
  • SIGMA.file_upload_misconfiguration_filesize_graphql_js
  • SIGMA.file_upload_misconfiguration_max_files_graphql_js
  • SIGMA.file_upload_misconfiguration_of_fields_busboy
  • SIGMA.file_upload_misconfiguration_of_fields_express
  • SIGMA.file_upload_misconfiguration_of_fields_multer
  • SIGMA.file_upload_misconfiguration_of_filesize_busboy
  • SIGMA.file_upload_misconfiguration_of_filesize_express
  • SIGMA.file_upload_misconfiguration_of_filesize_multer
  • SIGMA.file_upload_misconfiguration_of_temp_files_express
TypeScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
TypeScript 480
  • CONSTANT_EXPRESSION_RESULT
TypeScript 483
  • NESTING_INDENT_MISMATCH
TypeScript 484
  • MISSING_BREAK
TypeScript 489
  • CONFIG.ENABLED_DEBUG_MODE
  • SIGMA.debug_enabled_apollo_graphql_js
TypeScript 497
  • SIGMA.hide_powered_by_disabled_express_helmet
TypeScript 502
  • UNSAFE_DESERIALIZATION
TypeScript 523
  • SIGMA.hsts_http_header_short_max_age_express_helmet
TypeScript 532
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
  • SENSITIVE_DATA_LEAK
  • SIGMA.query_logging_enabled_sequelize
TypeScript 548
  • SIGMA.exposed_directory_listing_hapi_inert
TypeScript 561
  • DEADCODE
  • UNREACHABLE
TypeScript 565
  • SIGMA.cookie_session_signing_disabled_express
TypeScript 569
  • CONSTANT_EXPRESSION_RESULT
TypeScript 601
  • OPEN_REDIRECT
TypeScript 611
  • SIGMA.xml_external_entity_enabled_libxmljs
  • XML_EXTERNAL_ENTITY
TypeScript 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
  • SIGMA.excessive_session_lifetime_connect_mongo
  • SIGMA.excessive_session_lifetime_connect_redis
  • SIGMA.excessive_session_lifetime_express_client_sessions
  • SIGMA.excessive_session_lifetime_express_cookie_session
  • SIGMA.excessive_session_lifetime_express_session
  • SIGMA.excessive_session_lifetime_google_cloud_datastore
  • SIGMA.excessive_token_lifetime_node_aws_sdk
  • SIGMA.insufficient_presigned_url_timeout_node_aws_sdk
  • SIGMA.insufficient_presigned_url_timeout_node_google_cloud_storage
  • SIGMA.jwt_ignored_expiration_time_hapi
  • SIGMA.jwt_ignored_expiration_time_jsonwebtoken
  • SIGMA.jwt_ignored_start_time_hapi
  • SIGMA.jwt_ignored_start_time_jsonwebtoken
  • SIGMA.jwt_non_expiring_token_jsonwebtoken
  • SIGMA.jwt_revoke_missing_express_jwt
TypeScript 614
  • INSECURE_COOKIE
  • SIGMA.missing_secure_attribute_session_cookie_express
TypeScript 625
  • WEAK_URL_SANITIZATION
TypeScript 628
  • EXPLICIT_THIS_EXPECTED
TypeScript 657
  • SIGMA.introspection_enabled_apollo_graphql_js
TypeScript 665
  • NO_EFFECT
TypeScript 668
  • SIGMA.broad_domain_attribute_cookie_express
  • SIGMA.root_path_attribute_cookie_express
  • UNRESTRICTED_MESSAGE_TARGET
TypeScript 670
  • STRAY_SEMICOLON
TypeScript 688
  • IDENTIFIER_TYPO
TypeScript 693
  • SIGMA.hsts_disabled_express_helmet
  • SIGMA.ie_no_open_disabled_express_helmet
  • SIGMA.permitted_cross_domain_policies_disabled_express_helmet
  • SIGMA.referrer_policy_disabled_express_helmet
TypeScript 757
  • SIGMA.insecure_tls_renegotiation_node_https
  • SIGMA.insecure_tls_renegotiation_node_request
  • SIGMA.insecure_tls_renegotiation_node_tls
TypeScript 760
  • INSECURE_SALT
TypeScript 776
  • XML_EXTERNAL_ENTITY
TypeScript 778
  • INSUFFICIENT_LOGGING
TypeScript 783
  • CONSTANT_EXPRESSION_RESULT
TypeScript 798
  • HARDCODED_CREDENTIALS
  • SIGMA.hardcoded_secret_express_jwt
  • SIGMA.hardcoded_secret_passport
TypeScript 829
  • MISSING_IFRAME_SANDBOX
TypeScript 862
  • SIGMA.allow_all_authz_policy_node_aws_sdk_s3_bucket
  • SIGMA.allow_all_authz_policy_node_aws_sdk_s3_object
  • SIGMA.allow_all_authz_policy_node_google_cloud_storage_bucket
TypeScript 921
  • SIGMA.file_upload_misconfiguration_of_storage_multer
TypeScript 922
  • LOCALSTORAGE_WRITE
  • SIGMA.unsafe_session_storage_express_session
TypeScript 942
  • INSECURE_COOKIE
  • SIGMA.cors_no_credentials_permissive_origin_apollo_graphql
  • SIGMA.cors_no_credentials_permissive_origin_express_cors
  • SIGMA.cors_no_credentials_permissive_origin_koa
  • SIGMA.cors_no_credentials_permissive_origin_nestjs
  • SIGMA.cors_with_credentials_all_origin_express_cors
  • SIGMA.cors_with_credentials_all_origin_koa
  • SIGMA.cors_with_credentials_all_origin_nestjs
  • SIGMA.socket_accepts_all_origins_socket_io
TypeScript 1004
  • INSECURE_COOKIE
  • SIGMA.missing_httponly_attribute_session_cookie_express
TypeScript 1021
  • SIGMA.csp_frame_ancestors_disabled_express_helmet
TypeScript 1187
  • UNSAFE_BUFFER_METHOD
TypeScript 1275
  • SIGMA.missing_samesite_attribute_session_cookie_express
TypeScript 1327
  • SIGMA.insecure_network_bind_apollo_graphql_js
VB.NET 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
VB.NET 22
  • PATH_MANIPULATION
VB.NET 73
  • UNRESTRICTED_DISPATCH
VB.NET 78
  • OS_CMD_INJECTION
VB.NET 79
  • XSS
VB.NET 89
  • SQLI
  • SQL_NOT_CONSTANT
VB.NET 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
VB.NET 91
  • XML_INJECTION
VB.NET 94
  • REGEX_INJECTION
VB.NET 95
  • SCRIPT_CODE_INJECTION
VB.NET 117
  • LOG_INJECTION
VB.NET 200
  • ASPNET_MVC_VERSION_HEADER
VB.NET 209
  • SENSITIVE_DATA_LEAK
VB.NET 259
  • HARDCODED_CREDENTIALS
VB.NET 285
  • MISSING_AUTHZ
VB.NET 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
VB.NET 314
  • SENSITIVE_DATA_LEAK
VB.NET 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
VB.NET 317
  • SENSITIVE_DATA_LEAK
VB.NET 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
VB.NET 321
  • HARDCODED_CREDENTIALS
VB.NET 327
  • RISKY_CRYPTO
VB.NET 328
  • RISKY_CRYPTO
VB.NET 330
  • INSECURE_RANDOM
VB.NET 352
  • CSRF
VB.NET 369
  • DIVIDE_BY_ZERO
VB.NET 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
VB.NET 403
  • RESOURCE_LEAK
VB.NET 404
  • RESOURCE_LEAK
VB.NET 470
  • UNSAFE_NAMED_QUERY
VB.NET 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
VB.NET 502
  • UNSAFE_DESERIALIZATION
VB.NET 532
  • SENSITIVE_DATA_LEAK
VB.NET 543
  • LOCK_EVASION
VB.NET 561
  • DEADCODE
  • UNREACHABLE
VB.NET 573
  • CALL_SUPER
VB.NET 601
  • OPEN_REDIRECT
VB.NET 610
  • HEADER_INJECTION
VB.NET 611
  • XML_EXTERNAL_ENTITY
VB.NET 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
VB.NET 643
  • XPATH_INJECTION
VB.NET 683
  • SWAPPED_ARGUMENTS
VB.NET 759
  • WEAK_PASSWORD_HASH
VB.NET 760
  • WEAK_PASSWORD_HASH
VB.NET 776
  • XML_EXTERNAL_ENTITY
VB.NET 778
  • UNLOGGED_SECURITY_EXCEPTION
VB.NET 798
  • HARDCODED_CREDENTIALS
VB.NET 827
  • XML_EXTERNAL_ENTITY
VB.NET 835
  • INFINITE_LOOP
VB.NET 916
  • WEAK_PASSWORD_HASH