Coverity Coverage for Common Weakness Enumeration (CWE)

Coverity version 2020.06

At its core, Common Weakness Enumeration (CWE) is a community-developed list of software weaknesses. CWE provides a taxonomy to categorize and describe software weaknesses—giving developers and security practitioners a common language for software security.

MITRE owns and maintains the project. To learn more about CWE, click here.

Search below to see Coverity's CWE support of languages in your codebase:

Interested in a specific language or platform?



Language/Platform CWE Coverity Checker
Android 22
  • PATH_MANIPULATION
Android 78
  • OS_CMD_INJECTION
Android 79
  • XSS
Android 89
  • SQLI
Android 94
  • SQLIREGEX_INJECTION
Android 99
  • URL_MANIPULATION
Android 209
  • SENSITIVE_DATA_LEAK
Android 215
  • ANDROID_DEBUG_MODE
Android 259
  • HARDCODED_CREDENTIALS
Android 296
  • BAD_CERT_VERIFICATION
Android 297
  • BAD_CERT_VERIFICATION
Android 299
  • BAD_CERT_VERIFICATION
Android 311
  • SENSITIVE_DATA_LEAK
Android 312
  • SENSITIVE_DATA_LEAK
Android 313
  • SENSITIVE_DATA_LEAK
Android 317
  • SENSITIVE_DATA_LEAK
Android 319
  • SENSITIVE_DATA_LEAK
Android 321
  • HARDCODED_CREDENTIALS
Android 327
  • RISKY_CRYPTO
Android 328
  • RISKY_CRYPTO
Android 330
  • MOBILE_ID_MISUSE
Android 336
  • PREDICTABLE_RANDOM_SEED
Android 337
  • PREDICTABLE_RANDOM_SEED
Android 470
  • UNSAFE_REFLECTION
Android 502
  • UNSAFE_DESERIALIZATION
Android 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Android 532
  • SENSITIVE_DATA_LEAK
Android 538
  • UNRESTRICTED_ACCESS_TO_FILE
  • EXPOSED_PREFERENCES
Android 611
  • ML_EXTERNAL_ENTITY
Android 759
  • WEAK_PASSWORD_HASH
Android 760
  • WEAK_PASSWORD_HASH
Android 776
  • XML_EXTERNAL_ENTITY
Android 798
  • HARDCODED_CREDENTIALS
Android 827
  • XML_EXTERNAL_ENTITY
Android 916
  • WEAK_PASSWORD_HASH
Android 921
  • UNRESTRICTED_ACCESS_TO_FILE
Android 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Android 927
  • IMPLICIT_INTENT
  • SENSITIVE_DATA_LEAK
  • MISSING_PERMISSION_FOR_BROADCAST
Android 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Android 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
C# 11
  • CONFIG.ENABLED_DEBUG_MODE
  • CONFIG.ENABLED_TRACE_MODE
C# 117
  • LOG_INJECTION
C# 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
C# 13
  • CONFIG.CONNECTION_STRING_PASSWORD
C# 190
  • OVERFLOW_BEFORE_WIDEN
C# 200
  • ASPNET_MVC_VERSION_HEADER
  • CONFIG.ASPNET_VERSION_HEADER
  • CONFIG.COOKIES_MISSING_HTTPONLY
C# 209
  • SENSITIVE_DATA_LEAK
C# 22
  • PATH_MANIPULATION
C# 259
  • HARDCODED_CREDENTIALS
C# 285
  • MISSING_AUTHZ
C# 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 314
  • SENSITIVE_DATA_LEAK
C# 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 317
  • SENSITIVE_DATA_LEAK
C# 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 321
  • HARDCODED_CREDENTIALS
C# 327
  • RISKY_CRYPTO
C# 328
  • RISKY_CRYPTO
C# 330
  • INSECURE_RANDOM
C# 352
  • CSRF
C# 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
C# 369
  • DIVIDE_BY_ZERO
C# 390
  • MISSING_THROW
C# 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
C# 403
  • RESOURCE_LEAK
C# 404
  • RESOURCE_LEAK
C# 470
  • UNSAFE_NAMED_QUERY
C# 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C# 480
  • CONSTANT_EXPRESSION_RESULT
C# 502
  • UNSAFE_DESERIALIZATION
C# 519
  • CONFIG.ASP_VIEWSTATE_MAC
C# 532
  • SENSITIVE_DATA_LEAK
C# 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
C# 561
  • DEADCODE
  • UNREACHABLE
C# 563
  • UNUSED_VALUE
C# 569
  • CONSTANT_EXPRESSION_RESULT
C# 570
  • BAD_EQ_TYPES
C# 573
  • CALL_SUPER
  • MISSING_RESTORE
C# 595
  • BAD_EQ
C# 601
  • OPEN_REDIRECT
C# 610
  • HEADER_INJECTION
C# 611
  • XML_EXTERNAL_ENTITY
C# 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
C# 643
  • XPATH_INJECTION
C# 670
  • STRAY_SEMICOLON
C# 683
  • SWAPPED_ARGUMENTS
C# 73
  • UNRESTRICTED_DISPATCH
C# 759
  • WEAK_PASSWORD_HASH
C# 760
  • WEAK_PASSWORD_HASH
C# 776
  • XML_EXTERNAL_ENTITY
C# 778
  • UNLOGGED_SECURITY_EXCEPTION
C# 78
  • OS_CMD_INJECTION
C# 783
  • CONSTANT_EXPRESSION_RESULT
C# 79
  • XSS
C# 798
  • HARDCODED_CREDENTIALS
C# 827
  • XML_EXTERNAL_ENTITY
C# 833
  • LOCK_INVERSION
C# 835
  • INFINITE_LOOP
C# 863
  • CONFIG.DEAD_AUTHORIZATION_RULE
C# 89
  • SQLI
  • SQL_NOT_CONSTANT
C# 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
C# 91
  • XML_INJECTION
C# 916
  • WEAK_PASSWORD_HASH
C# 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
C# 95
  • SCRIPT_CODE_INJECTION
C/C++ & Objective-C 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
C/C++ & Objective-C 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
C/C++ & Objective-C 125
  • INTEGER_OVERFLOW
  • OVERRUN
C/C++ & Objective-C 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
C/C++ & Objective-C 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
C/C++ & Objective-C 134
  • FORMAT_STRING_INJECTION
  • PW.NON_CONST_PRINTF_FORMAT_STRING
C/C++ & Objective-C 170
  • BUFFER_SIZE
  • READLINK
  • SIZECHECK
  • STRING_NULL
C/C++ & Objective-C 188
  • INCOMPATIBLE_CAST
C/C++ & Objective-C 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
C/C++ & Objective-C 194
  • SIGN_EXTENSION
C/C++ & Objective-C 197
  • CHAR_IO
  • NO_EFFECT
C/C++ & Objective-C 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
C/C++ & Objective-C 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
C/C++ & Objective-C 209
  • SENSITIVE_DATA_LEAK
C/C++ & Objective-C 22
  • PATH_MANIPULATION
C/C++ & Objective-C 243
  • CHROOT
C/C++ & Objective-C 248
  • UNCAUGHT_EXCEPT
C/C++ & Objective-C 252
  • CHECKED_RETURN
C/C++ & Objective-C 253
  • BAD_COMPARE
C/C++ & Objective-C 259
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 290
  • WEAK_GUARD
C/C++ & Objective-C 291
  • WEAK_GUARD
C/C++ & Objective-C 293
  • WEAK_GUARD
C/C++ & Objective-C 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 314
  • SENSITIVE_DATA_LEAK
C/C++ & Objective-C 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 317
  • SENSITIVE_DATA_LEAK
C/C++ & Objective-C 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 321
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 327
  • RISKY_CRYPTO
C/C++ & Objective-C 328
  • RISKY_CRYPTO
C/C++ & Objective-C 350
  • WEAK_GUARD
C/C++ & Objective-C 366
  • MISSING_LOCK
C/C++ & Objective-C 367
  • TOCTOU
C/C++ & Objective-C 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
  • TAINTED_SCALAR
C/C++ & Objective-C 377
  • SECURE_TEMP
C/C++ & Objective-C 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
C/C++ & Objective-C 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
C/C++ & Objective-C 400
  • STACK_USE
C/C++ & Objective-C 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
C/C++ & Objective-C 404
  • RESOURCE_LEAK
C/C++ & Objective-C 415
  • USE_AFTER_FREE
C/C++ & Objective-C 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_ASSIGN
  • MISSING_COPY
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
C/C++ & Objective-C 456
  • NO_EFFECT
C/C++ & Objective-C 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
C/C++ & Objective-C 459
  • DELETE_ARRAY
C/C++ & Objective-C 465
  • NO_EFFECT
C/C++ & Objective-C 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
C/C++ & Objective-C 475
  • PRINTF_ARGS
C/C++ & Objective-C 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C/C++ & Objective-C 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
C/C++ & Objective-C 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
C/C++ & Objective-C 482
  • NO_EFFECT
C/C++ & Objective-C 483
  • NESTING_INDENT_MISMATCH
C/C++ & Objective-C 484
  • MISSING_BREAK
C/C++ & Objective-C 532
  • SENSITIVE_DATA_LEAK
C/C++ & Objective-C 561
  • DEADCODE
  • UNREACHABLE
C/C++ & Objective-C 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
C/C++ & Objective-C 563
  • UNUSED_VALUE
C/C++ & Objective-C 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
C/C++ & Objective-C 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
C/C++ & Objective-C 590
  • BAD_FREE
C/C++ & Objective-C 597
  • BAD_COMPARE
C/C++ & Objective-C 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
C/C++ & Objective-C 617
  • LOCK
C/C++ & Objective-C 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
C/C++ & Objective-C 643
  • XPATH_INJECTION
C/C++ & Objective-C 662
  • ATOMICITY
C/C++ & Objective-C 665
  • NO_EFFECT
C/C++ & Objective-C 667
  • LOCK
  • SLEEP
C/C++ & Objective-C 670
  • STRAY_SEMICOLON
C/C++ & Objective-C 672
  • USE_AFTER_FREE
C/C++ & Objective-C 676
  • DC.PREDICTABLE_KEY_PASSWORD
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • SECURE_CODING
C/C++ & Objective-C 683
  • SWAPPED_ARGUMENTS
C/C++ & Objective-C 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
C/C++ & Objective-C 686
  • PRINTF_ARGS
  • PW.PRINTF_ARG_MISMATCH
C/C++ & Objective-C 687
  • NEGATIVE_RETURNS
C/C++ & Objective-C 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
C/C++ & Objective-C 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • HFA
  • MISSING_ASSIGN
  • MISSING_COPY
  • MISSING_RETURN
  • SELF_ASSIGN
C/C++ & Objective-C 758
  • DELETE_VOID
  • EVALUATION_ORDER
C/C++ & Objective-C 759
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 760
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 762
  • ALLOC_FREE_MISMATCH
C/C++ & Objective-C 764
  • LOCK
C/C++ & Objective-C 770
  • TAINTED_SCALAR
C/C++ & Objective-C 772
  • VIRTUAL_DTOR
C/C++ & Objective-C 775
  • RESOURCE_LEAK
C/C++ & Objective-C 78
  • OS_CMD_INJECTION
C/C++ & Objective-C 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 798
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 833
  • ORDER_REVERSAL
C/C++ & Objective-C 835
  • INFINITE_LOOP
C/C++ & Objective-C 88
  • HEADER_INJECTION
C/C++ & Objective-C 89
  • SQLI
C/C++ & Objective-C 916
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 99
  • URL_MANIPULATION
CUDA 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
CUDA 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
CUDA 125
  • INTEGER_OVERFLOW
  • OVERRUN
CUDA 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
CUDA 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
CUDA 134
  • FORMAT_STRING_INJECTION
  • PW.NON_CONST_PRINTF_FORMAT_STRING
CUDA 170
  • BUFFER_SIZE
  • READLINK
  • SIZECHECK
  • STRING_NULL
CUDA 188
  • INCOMPATIBLE_CAST
CUDA 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
CUDA 194
  • SIGN_EXTENSION
CUDA 197
  • CHAR_IO
  • NO_EFFECT
CUDA 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
CUDA 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
CUDA 209
  • SENSITIVE_DATA_LEAK
CUDA 22
  • PATH_MANIPULATION
CUDA 243
  • CHROOT
CUDA 248
  • UNCAUGHT_EXCEPT
CUDA 252
  • CHECKED_RETURN
CUDA 253
  • BAD_COMPARE
CUDA 259
  • HARDCODED_CREDENTIALS
CUDA 290
  • WEAK_GUARD
CUDA 291
  • WEAK_GUARD
CUDA 293
  • WEAK_GUARD
CUDA 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 314
  • SENSITIVE_DATA_LEAK
CUDA 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 317
  • SENSITIVE_DATA_LEAK
CUDA 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
CUDA 321
  • HARDCODED_CREDENTIALS
CUDA 327
  • RISKY_CRYPTO
CUDA 328
  • RISKY_CRYPTO
CUDA 350
  • WEAK_GUARD
CUDA 366
  • MISSING_LOCK
CUDA 367
  • TOCTOU
CUDA 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
  • TAINTED_SCALAR
CUDA 377
  • SECURE_TEMP
CUDA 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
CUDA 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
CUDA 400
  • STACK_USE
CUDA 401
  • CTOR_DTOR_LEAK
  • NO_EFFECT
CUDA 404
  • RESOURCE_LEAK
CUDA 415
  • USE_AFTER_FREE
CUDA 416
  • MISSING_ASSIGN
  • MISSING_COPY
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
CUDA 456
  • NO_EFFECT
CUDA 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
CUDA 459
  • DELETE_ARRAY
CUDA 465
  • NO_EFFECT
CUDA 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
CUDA 475
  • PRINTF_ARGS
CUDA 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
CUDA 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
CUDA 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
CUDA 482
  • NO_EFFECT
CUDA 483
  • NESTING_INDENT_MISMATCH
CUDA 484
  • MISSING_BREAK
CUDA 532
  • SENSITIVE_DATA_LEAK
CUDA 561
  • DEADCODE
  • UNREACHABLE
CUDA 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
CUDA 563
  • UNUSED_VALUE
CUDA 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
CUDA 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
CUDA 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
CUDA 590
  • BAD_FREE
CUDA 597
  • BAD_COMPARE
CUDA 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
CUDA 617
  • LOCK
CUDA 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
CUDA 643
  • XPATH_INJECTION
CUDA 662
  • ATOMICITY
CUDA 665
  • NO_EFFECT
CUDA 667
  • LOCK
  • SLEEP
CUDA 670
  • STRAY_SEMICOLON
CUDA 672
  • USE_AFTER_FREE
CUDA 676
  • DC.PREDICTABLE_KEY_PASSWORD
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • SECURE_CODING
CUDA 683
  • SWAPPED_ARGUMENTS
CUDA 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
CUDA 686
  • PRINTF_ARGS
  • PW.PRINTF_ARG_MISMATCH
CUDA 687
  • NEGATIVE_RETURNS
CUDA 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
CUDA 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • MISSING_ASSIGN
  • MISSING_COPY
  • MISSING_RETURN
  • SELF_ASSIGN
CUDA 758
  • DELETE_VOID
  • EVALUATION_ORDER
CUDA 759
  • WEAK_PASSWORD_HASH
CUDA 760
  • WEAK_PASSWORD_HASH
CUDA 762
  • ALLOC_FREE_MISMATCH
CUDA 764
  • LOCK
CUDA 770
  • TAINTED_SCALAR
CUDA 772
  • VIRTUAL_DTOR
CUDA 775
  • RESOURCE_LEAK
CUDA 78
  • OS_CMD_INJECTION
CUDA 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
CUDA 798
  • HARDCODED_CREDENTIALS
CUDA 833
  • ORDER_REVERSAL
CUDA 835
  • INFINITE_LOOP
CUDA 88
  • HEADER_INJECTION
CUDA 89
  • SQLI
CUDA 916
  • WEAK_PASSWORD_HASH
CUDA 99
  • URL_MANIPULATION
Go 209
  • SENSITIVE_DATA_LEAK
Go 22
  • PATH_MANIPULATION
Go 252
  • CHECKED_RETURN
Go 259
  • HARDCODED_CREDENTIALS
Go 313
  • SENSITIVE_DATA_LEAK
Go 314
  • SENSITIVE_DATA_LEAK
Go 315
  • SENSITIVE_DATA_LEAK
Go 317
  • SENSITIVE_DATA_LEAK
Go 319
  • SENSITIVE_DATA_LEAK
Go 321
  • HARDCODED_CREDENTIALS
Go 327
  • RISKY_CRYPTO
Go 328
  • RISKY_CRYPTO
Go 366
  • GUARDED_BY_VIOLATION
Go 369
  • DIVIDE_BY_ZERO
Go 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Go 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Go 480
  • CONSTANT_EXPRESSION_RESULT
Go 502
  • DISTRUSTED_DATA_DESERIALIZATION
Go 532
  • SENSITIVE_DATA_LEAK
Go 561
  • DEADCODE
Go 563
  • UNUSED_VALUE
Go 569
  • CONSTANT_EXPRESSION_RESULT
Go 601
  • OPEN_REDIRECT
Go 611
  • XML_EXTERNAL_ENTITY
Go 617
  • LOCK
Go 662
  • ATOMICITY
Go 667
  • LOCK
  • SLEEP
Go 764
  • LOCK
Go 776
  • XML_EXTERNAL_ENTITY
Go 778
  • INSUFFICIENT_LOGGING
Go 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Go 783
  • CONSTANT_EXPRESSION_RESULT
Go 79
  • XSS
Go 798
  • HARDCODED_CREDENTIALS
Go 833
  • LOCK_INVERSION
Go 835
  • INFINITE_LOOP
Go 88
  • HEADER_INJECTION
Go 89
  • SQLI
Go 94
  • NOSQL_QUERY_INJECTION
  • TEMPLATE_INJECTION
Go 99
  • URL_MANIPULATION
Java 1023
  • HIBERNATE_BAD_HASHCODE
Java 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Java 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
Java 113
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER
  • MISSING_HEADER_VALIDATION
Java 116
  • CONFIG.MYBATIS_MAPPER_SQLI
Java 117
  • LOG_INJECTION
Java 183
  • INSECURE_HTTP_FIREWALL
Java 185
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN
  • REGEX_CONFUSION
Java 190
  • OVERFLOW_BEFORE_WIDEN
Java 192
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION
  • FB.ICAST_BAD_SHIFT_AMOUNT
  • FB.ICAST_IDIV_CAST_TO_DOUBLE
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG
  • FB.ICAST_INT_2_LONG_AS_INSTANT
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT
Java 200
  • CONFIG.JAVAEE_MISSING_HTTPONLY
  • CORS_MISCONFIGURATION_AUDIT
  • SENSITIVE_DATA_LEAK
Java 209
  • SENSITIVE_DATA_LEAK
Java 215
  • ANDROID_DEBUG_MODE
Java 218
  • FB.EI_EXPOSE_STATIC_REP2
  • FB.MS_CANNOT_BE_FINAL
  • FB.MS_EXPOSE_REP
  • FB.MS_FINAL_PKGPROTECT
  • FB.MS_MUTABLE_ARRAY
  • FB.MS_MUTABLE_COLLECTION
  • FB.MS_MUTABLE_COLLECTION_PKGPROTECT
  • FB.MS_MUTABLE_HASHTABLE
  • FB.MS_OOI_PKGPROTECT
  • FB.MS_PKGPROTECT
  • FB.MS_SHOULD_BE_FINAL
  • FB.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
Java 22
  • JSP_DYNAMIC_INCLUDE
  • PATH_MANIPULATION
Java 227
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY
Java 23
  • FB.PT_RELATIVE_PATH_TRAVERSAL
Java 242
  • DC.DANGEROUS
Java 252
  • CHECKED_RETURN
Java 253
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
  • ORM_LOAD_NULL_CHECK
Java 259
  • FB.DMI_CONSTANT_DB_PASSWORD
  • FB.DMI_EMPTY_DB_PASSWORD
  • HARDCODED_CREDENTIALS
Java 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
Java 284
  • ANDROID_WEBVIEW_FILEACCESS
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
Java 285
  • MISSING_AUTHZ
Java 290
  • WEAK_GUARD
Java 291
  • WEAK_GUARD
Java 293
  • WEAK_GUARD
Java 296
  • BAD_CERT_VERIFICATION
Java 297
  • BAD_CERT_VERIFICATION
Java 299
  • BAD_CERT_VERIFICATION
Java 300
  • CORS_MISCONFIGURATION
Java 311
  • DISABLED_ENCRYPTION
Java 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 314
  • SENSITIVE_DATA_LEAK
Java 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 317
  • SENSITIVE_DATA_LEAK
Java 319
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 321
  • HARDCODED_CREDENTIALS
Java 327
  • RISKY_CRYPTO
Java 328
  • RISKY_CRYPTO
Java 330
  • INSECURE_RANDOM
  • MOBILE_ID_MISUSE
Java 336
  • PREDICTABLE_RANDOM_SEED
Java 337
  • PREDICTABLE_RANDOM_SEED
Java 350
  • WEAK_GUARD
Java 352
  • CSRF
Java 359
  • SENSITIVE_DATA_LEAK
Java 36
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL
Java 366
  • FB.IS2_INCONSISTENT_SYNC
  • FB.IS_FIELD_NOT_GUARDED
  • FB.IS_INCONSISTENT_SYNC
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE
  • FB.STCAL_STATIC_CALENDAR_INSTANCE
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
Java 369
  • DIVIDE_BY_ZERO
Java 374
  • FB.EI_EXPOSE_REP
  • FB.EI_EXPOSE_REP2
Java 382
  • FB.DM_EXIT
Java 384
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION
  • SESSION_FIXATION
Java 390
  • MISSING_THROW
Java 391
  • FB.DE_MIGHT_DROP
  • FB.DE_MIGHT_IGNORE
Java 396
  • FB.REC_CATCH_EXCEPTION
Java 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
Java 4
  • CONFIG.DUPLICATE_SERVLET_DEFINITION
Java 400
  • UNLIMITED_CONCURRENT_SESSIONS
Java 403
  • RESOURCE_LEAK
Java 404
  • RESOURCE_LEAK
Java 425
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT
Java 427
  • UNSAFE_JNI
Java 440
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION
  • FB.DMI_ARGUMENTS_WRONG_ORDER
  • FB.DMI_BAD_MONTH
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE
  • FB.DMI_BLOCKING_METHODS_ON_URL
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES
  • FB.DMI_COLLECTION_OF_URLS
  • FB.DMI_DOH
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN
  • FB.DMI_RANDOM_USED_ONLY_ONCE
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED
  • FB.DMI_UNSUPPORTED_METHOD
  • FB.DMI_USELESS_SUBSTRING
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL
  • FB.RV_01_TO_INT
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE
  • FB.RV_EXCEPTION_NOT_THROWN
  • FB.RV_NEGATING_RESULT_OF_COMPARETO
  • FB.RV_REM_OF_HASHCODE
  • FB.RV_REM_OF_RANDOM_INT
  • FB.RV_RETURN_VALUE_IGNORED
  • FB.RV_RETURN_VALUE_IGNORED2
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED
Java 470
  • UNSAFE_NAMED_QUERY
  • UNSAFE_REFLECTION
Java 476
  • FB.BC_NULL_INSTANCEOF
  • FB.NP_ALWAYS_NULL
  • FB.NP_ALWAYS_NULL_EXCEPTION
  • FB.NP_ARGUMENT_MIGHT_BE_NULL
  • FB.NP_BOOLEAN_RETURN_NULL
  • FB.NP_CLONE_COULD_RETURN_NULL
  • FB.NP_CLOSING_NULL
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE
  • FB.NP_DOES_NOT_HANDLE_NULL
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
  • FB.NP_GUARANTEED_DEREF
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
  • FB.NP_NONNULL_PARAM_VIOLATION
  • FB.NP_NONNULL_RETURN_VIOLATION
  • FB.NP_NULL_INSTANCEOF
  • FB.NP_NULL_ON_SOME_PATH
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE
  • FB.NP_NULL_PARAM_DEREF
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL
  • FB.NP_OPTIONAL_RETURN_NULL
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE
  • FB.NP_STORE_INTO_NONNULL_FIELD
  • FB.NP_TOSTRING_COULD_RETURN_NULL
  • FB.NP_UNWRITTEN_FIELD
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Java 480
  • CONSTANT_EXPRESSION_RESULT
Java 481
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT
Java 483
  • NESTING_INDENT_MISMATCH
Java 484
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW
  • FB.SF_SWITCH_FALLTHROUGH
  • MISSING_BREAK
Java 489
  • CONFIG.SPRING_SECURITY_DEBUG_MODE
Java 501
  • TRUST_BOUNDARY_VIOLATION
Java 502
  • UNSAFE_DESERIALIZATION
Java 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Java 532
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING
  • SENSITIVE_DATA_LEAK
Java 538
  • EXPOSED_PREFERENCES
  • UNRESTRICTED_ACCESS_TO_FILE
Java 543
  • BAD_LOCK_OBJECT
  • FB.LI_LAZY_INIT_STATIC
  • FB.LI_LAZY_INIT_UPDATE_STATIC
  • LOCK_EVASION
  • SINGLETON_RACE
Java 561
  • DEADCODE
  • UNREACHABLE
Java 563
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN
  • FB.DLS_DEAD_LOCAL_STORE
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL
  • FB.DLS_OVERWRITTEN_INCREMENT
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN
  • UNUSED_VALUE
Java 567
  • SERVLET_ATOMICITY
Java 568
  • CALL_SUPER
Java 569
  • CONSTANT_EXPRESSION_RESULT
Java 570
  • FB.BC_IMPOSSIBLE_CAST
  • FB.BC_IMPOSSIBLE_DOWNCAST
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY
  • FB.BC_IMPOSSIBLE_INSTANCEOF
Java 571
  • FB.BC_VACUOUS_INSTANCEOF
Java 572
  • FB.RU_INVOKE_RUN
Java 573
  • ATTRIBUTE_NAME_CONFLICT
  • CALL_SUPER
  • INVALIDATE_ITERATOR
  • MISSING_RESTORE
Java 579
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
Java 580
  • CALL_SUPER
  • FB.CN_IDIOM
  • FB.CN_IDIOM_NO_SUPER_CALL
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE
Java 583
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED
Java 585
  • FB.ESYNC_EMPTY_SYNC
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD
Java 586
  • FB.FI_EMPTY
  • FB.FI_EXPLICIT_INVOCATION
  • FB.FI_FINALIZER_NULLS_FIELDS
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS
  • FB.FI_MISSING_SUPER_CALL
  • FB.FI_NULLIFY_SUPER
  • FB.FI_USELESS
Java 595
  • FB.EQ_ABSTRACT_SELF
  • FB.EQ_ALWAYS_FALSE
  • FB.EQ_ALWAYS_TRUE
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS
  • FB.EQ_COMPARING_CLASS_NAMES
  • FB.EQ_DOESNT_OVERRIDE_EQUALS
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT
  • FB.EQ_OTHER_NO_OBJECT
  • FB.EQ_OTHER_USE_OBJECT
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC
  • FB.EQ_SELF_NO_OBJECT
  • FB.EQ_SELF_USE_OBJECT
  • FB.EQ_UNUSUAL
Java 597
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ
  • FB.ES_COMPARING_STRINGS_WITH_EQ
Java 598
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER
Java 601
  • OPEN_REDIRECT
Java 609
  • FB.DC_DOUBLECHECK
  • FB.DC_PARTIALLY_CONSTRUCTED
Java 610
  • HEADER_INJECTION
Java 611
  • XML_EXTERNAL_ENTITY
Java 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
Java 614
  • INSECURE_COOKIE
  • INSECURE_REMEMBER_ME_COOKIE
Java 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
Java 643
  • XPATH_INJECTION
Java 650
  • CONFIG.HTTP_VERB_TAMPERING
Java 662
  • ATOMICITY
Java 670
  • STRAY_SEMICOLON
Java 672
  • USE_AFTER_FREE
Java 674
  • FB.IL_INFINITE_RECURSIVE_LOOP
Java 683
  • SWAPPED_ARGUMENTS
Java 7
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
Java 73
  • UNRESTRICTED_DISPATCH
Java 759
  • WEAK_PASSWORD_HASH
Java 760
  • WEAK_PASSWORD_HASH
Java 776
  • XML_EXTERNAL_ENTITY
Java 778
  • UNLOGGED_SECURITY_EXCEPTION
Java 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Java 783
  • CONSTANT_EXPRESSION_RESULT
Java 79
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER
  • XSS
Java 798
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY
  • HARDCODED_CREDENTIALS
Java 81
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR
Java 827
  • XML_EXTERNAL_ENTITY
Java 833
  • DC.DEADLOCK
  • LOCK_INVERSION
Java 835
  • INFINITE_LOOP
Java 862
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN
Java 863
  • CONFIG.DWR_DEBUG_MODE
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION
  • CONFIG.STRUTS2_ENABLED_DEV_MODE
  • __CONFIG.SPRING_SECURITY_DEBUG_MODE_JAVA
Java 89
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
  • JSP_SQL_INJECTION
  • SQLI
  • SQL_NOT_CONSTANT
Java 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
Java 91
  • XML_INJECTION
Java 916
  • WEAK_PASSWORD_HASH
Java 917
  • EL_INJECTION
Java 921
  • UNRESTRICTED_ACCESS_TO_FILE
Java 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Java 927
  • IMPLICIT_INTENT
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Java 94
  • JAVA_CODE_INJECTION
  • JCR_INJECTION
  • NOSQL_QUERY_INJECTION
  • OGNL_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
Java 942
  • CORS_MISCONFIGURATION_AUDIT
  • INSECURE_REMEMBER_ME_COOKIE
Java 95
  • SCRIPT_CODE_INJECTION
Java 99
  • URL_MANIPULATION
JavaScript 1004
  • INSECURE_COOKIE
JavaScript 1022
  • REVERSE_TABNABBING
JavaScript 1187
  • UNSAFE_BUFFER_METHOD
JavaScript 183
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST
JavaScript 20
  • AWS_VALIDATION_DISABLED
  • COOKIE_INJECTION
  • WEAK_URL_SANITIZATION
JavaScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
  • DNS_PREFETCHING
  • INSECURE_REFERRER_POLICY
JavaScript 201
  • EXPRESS_X_POWERED_BY_ENABLED
JavaScript 209
  • SENSITIVE_DATA_LEAK
JavaScript 219
  • INSECURE_COOKIE
JavaScript 22
  • PATH_MANIPULATION
JavaScript 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
  • CONFIG.HARDCODED_TOKEN
JavaScript 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 285
  • MISSING_AUTHZ
JavaScript 288
  • MULTER_MISCONFIGURATION
JavaScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
JavaScript 295
  • AWS_VALIDATION_DISABLED
  • BAD_CERT_VERIFICATION
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
  • HPKP_MISCONFIGURATION
JavaScript 300
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 313
  • SENSITIVE_DATA_LEAK
JavaScript 314
  • SENSITIVE_DATA_LEAK
JavaScript 315
  • SENSITIVE_DATA_LEAK
JavaScript 317
  • SENSITIVE_DATA_LEAK
JavaScript 319
  • AWS_SSL_DISABLED
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
JavaScript 327
  • RISKY_CRYPTO
  • SA.RISKY_CRYPTO
JavaScript 328
  • RISKY_CRYPTO
JavaScript 330
  • INSECURE_RANDOM
JavaScript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
JavaScript 346
  • CORS_MISCONFIGURATION_AUDIT
  • UNCHECKED_ORIGIN
JavaScript 352
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
  • CSRF_MISCONFIGURATION_HAPI_CRUMB
JavaScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
JavaScript 400
  • BUSBOY_MISCONFIGURATION
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
  • FILE_UPLOAD_MISCONFIGURATION
  • MULTER_MISCONFIGURATION
JavaScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
JavaScript 480
  • CONSTANT_EXPRESSION_RESULT
JavaScript 483
  • NESTING_INDENT_MISMATCH
JavaScript 484
  • MISSING_BREAK
JavaScript 489
  • CONFIG.ENABLED_DEBUG_MODE
JavaScript 502
  • UNSAFE_DESERIALIZATION
JavaScript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
  • SENSITIVE_DATA_LEAK
JavaScript 561
  • DEADCODE
  • UNREACHABLE
JavaScript 565
  • CONFIG.COOKIE_SIGNING_DISABLED
JavaScript 569
  • CONSTANT_EXPRESSION_RESULT
JavaScript 601
  • OPEN_REDIRECT
JavaScript 611
  • XML_EXTERNAL_ENTITY
JavaScript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
  • CONFIG.UNSAFE_SESSION_TIMEOUT
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME
  • TEMPORARY_CREDENTIALS_DURATION
JavaScript 614
  • INSECURE_COOKIE
JavaScript 625
  • WEAK_URL_SANITIZATION
JavaScript 628
  • EXPLICIT_THIS_EXPECTED
JavaScript 646
  • MULTER_MISCONFIGURATION
JavaScript 665
  • NO_EFFECT
JavaScript 668
  • UNRESTRICTED_MESSAGE_TARGET
JavaScript 670
  • STRAY_SEMICOLON
JavaScript 688
  • IDENTIFIER_TYPO
JavaScript 73
  • BUSBOY_MISCONFIGURATION
  • FILE_UPLOAD_MISCONFIGURATION
  • MULTER_MISCONFIGURATION
JavaScript 732
  • INSECURE_ACL
JavaScript 74
  • CSS_INJECTION
JavaScript 755
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
JavaScript 760
  • INSECURE_SALT
JavaScript 770
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE
  • MULTER_MISCONFIGURATION
JavaScript 776
  • XML_EXTERNAL_ENTITY
JavaScript 778
  • INSUFFICIENT_LOGGING
JavaScript 779
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING
JavaScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
JavaScript 783
  • CONSTANT_EXPRESSION_RESULT
JavaScript 79
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
  • ANGULAR_SCE_DISABLED
  • DOM_XSS
  • REACT_DANGEROUS_INNERHTML
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE
  • XSS
JavaScript 798
  • HARDCODED_CREDENTIALS
JavaScript 829
  • MISSING_IFRAME_SANDBOX
JavaScript 88
  • HEADER_INJECTION
JavaScript 89
  • SQLI
JavaScript 922
  • LOCALSTORAGE_WRITE
JavaScript 94
  • ANGULAR_EXPRESSION_INJECTION
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
JavaScript 942
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
  • INSECURE_COOKIE
JavaScript 95
  • SCRIPT_CODE_INJECTION
JavaScript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
Kotlin 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Kotlin 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
Kotlin 200
  • SENSITIVE_DATA_LEAK
Kotlin 209
  • SENSITIVE_DATA_LEAK
Kotlin 215
  • ANDROID_DEBUG_MODE
Kotlin 22
  • PATH_MANIPULATION
Kotlin 259
  • HARDCODED_CREDENTIALS
Kotlin 296
  • BAD_CERT_VERIFICATION
Kotlin 297
  • BAD_CERT_VERIFICATION
Kotlin 299
  • BAD_CERT_VERIFICATION
Kotlin 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 314
  • SENSITIVE_DATA_LEAK
Kotlin 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 317
  • SENSITIVE_DATA_LEAK
Kotlin 319
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Kotlin 321
  • HARDCODED_CREDENTIALS
Kotlin 327
  • RISKY_CRYPTO
Kotlin 328
  • RISKY_CRYPTO
Kotlin 330
  • INSECURE_RANDOM
  • MOBILE_ID_MISUSE
Kotlin 336
  • PREDICTABLE_RANDOM_SEED
Kotlin 337
  • PREDICTABLE_RANDOM_SEED
Kotlin 359
  • SENSITIVE_DATA_LEAK
Kotlin 502
  • UNSAFE_DESERIALIZATION
Kotlin 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Kotlin 532
  • SENSITIVE_DATA_LEAK
Kotlin 538
  • EXPOSED_PREFERENCES
  • UNRESTRICTED_ACCESS_TO_FILE
Kotlin 610
  • HEADER_INJECTION
Kotlin 611
  • XML_EXTERNAL_ENTITY
Kotlin 759
  • WEAK_PASSWORD_HASH
Kotlin 760
  • WEAK_PASSWORD_HASH
Kotlin 776
  • XML_EXTERNAL_ENTITY
Kotlin 78
  • OS_CMD_INJECTION
Kotlin 798
  • HARDCODED_CREDENTIALS
Kotlin 827
  • XML_EXTERNAL_ENTITY
Kotlin 89
  • SQLI
Kotlin 916
  • WEAK_PASSWORD_HASH
Kotlin 921
  • UNRESTRICTED_ACCESS_TO_FILE
Kotlin 926
  • ANDROID_CAPABILITY_LEAK
Kotlin 927
  • IMPLICIT_INTENT
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Kotlin 99
  • URL_MANIPULATION
PHP 209
  • SENSITIVE_DATA_LEAK
PHP 22
  • PATH_MANIPULATION
PHP 285
  • MISSING_AUTHZ
PHP 313
  • SENSITIVE_DATA_LEAK
PHP 314
  • SENSITIVE_DATA_LEAK
PHP 315
  • SENSITIVE_DATA_LEAK
PHP 317
  • SENSITIVE_DATA_LEAK
PHP 319
  • SENSITIVE_DATA_LEAK
PHP 352
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED
PHP 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
PHP 470
  • UNSAFE_REFLECTION
PHP 476
  • FORWARD_NULL
PHP 480
  • CONSTANT_EXPRESSION_RESULT
PHP 483
  • NESTING_INDENT_MISMATCH
PHP 484
  • MISSING_BREAK
PHP 502
  • UNSAFE_DESERIALIZATION
PHP 532
  • SENSITIVE_DATA_LEAK
PHP 561
  • DEADCODE
  • UNREACHABLE
PHP 569
  • CONSTANT_EXPRESSION_RESULT
PHP 601
  • OPEN_REDIRECT
PHP 611
  • XML_EXTERNAL_ENTITY
PHP 665
  • NO_EFFECT
PHP 670
  • STRAY_SEMICOLON
PHP 688
  • IDENTIFIER_TYPO
PHP 74
  • SYMFONY_EL_INJECTION
PHP 78
  • OS_CMD_INJECTION
PHP 783
  • CONSTANT_EXPRESSION_RESULT
PHP 79
  • XSS
PHP 798
  • HARDCODED_CREDENTIALS
PHP 88
  • HEADER_INJECTION
PHP 89
  • SQLI
PHP 94
  • NOSQL_QUERY_INJECTION
PHP 95
  • SCRIPT_CODE_INJECTION
Python 209
  • SENSITIVE_DATA_LEAK
Python 22
  • PATH_MANIPULATION
Python 285
  • MISSING_AUTHZ
Python 313
  • SENSITIVE_DATA_LEAK
Python 314
  • SENSITIVE_DATA_LEAK
Python 315
  • SENSITIVE_DATA_LEAK
Python 317
  • SENSITIVE_DATA_LEAK
Python 319
  • SENSITIVE_DATA_LEAK
Python 352
  • CSRF
Python 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Python 476
  • FORWARD_NULL
  • REVERSE_INULL
Python 480
  • CONSTANT_EXPRESSION_RESULT
Python 502
  • UNSAFE_DESERIALIZATION
Python 532
  • SENSITIVE_DATA_LEAK
Python 561
  • DEADCODE
  • UNREACHABLE
Python 569
  • CONSTANT_EXPRESSION_RESULT
Python 601
  • OPEN_REDIRECT
Python 611
  • XML_EXTERNAL_ENTITY
Python 688
  • IDENTIFIER_TYPO
Python 78
  • OS_CMD_INJECTION
Python 783
  • CONSTANT_EXPRESSION_RESULT
Python 79
  • XSS
Python 798
  • HARDCODED_CREDENTIALS
Python 89
  • SQLI
Python 94
  • NOSQL_QUERY_INJECTION
Python 95
  • SCRIPT_CODE_INJECTION
Ruby 1004
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Ruby 113
  • RUBY_VULNERABLE_LIBRARY
Ruby 183
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 184
  • BLACKLIST_FOR_AUTHN
Ruby 209
  • SENSITIVE_DATA_LEAK
Ruby 215
  • SENSITIVE_DATA_LEAK
Ruby 22
  • PATH_MANIPULATION
  • RUBY_VULNERABLE_LIBRARY
Ruby 259
  • HARDCODED_CREDENTIALS
Ruby 263
  • RAILS_DEVISE_CONFIG
Ruby 287
  • UNSAFE_BASIC_AUTH
Ruby 289
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_BASIC_AUTH
Ruby 307
  • RAILS_DEVISE_CONFIG
Ruby 319
  • STRICT_TRANSPORT_SECURITY
Ruby 321
  • UNSAFE_SESSION_SETTING
Ruby 352
  • CSRF
Ruby 369
  • DIVIDE_BY_ZERO
Ruby 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • PARSE_ERROR
  • UNEXPECTED_CONTROL_FLOW
Ruby 400
  • RAILS_DEFAULT_ROUTES
  • RESOURCE_LEAK
  • RUBY_VULNERABLE_LIBRARY
Ruby 470
  • UNSAFE_REFLECTION
Ruby 476
  • FORWARD_NULL
  • REVERSE_INULL
Ruby 480
  • CONSTANT_EXPRESSION_RESULT
Ruby 502
  • COOKIE_SERIALIZER_CONFIG
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_DESERIALIZATION
Ruby 521
  • RAILS_DEVISE_CONFIG
Ruby 561
  • DEADCODE
  • UNREACHABLE
Ruby 569
  • CONSTANT_EXPRESSION_RESULT
Ruby 599
  • BAD_CERT_VERIFICATION
Ruby 601
  • OPEN_REDIRECT
  • REVERSE_TABNABBING
Ruby 614
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Ruby 639
  • INSECURE_DIRECT_OBJECT_REFERENCE
Ruby 642
  • SESSION_MANIPULATION
Ruby 661
  • RUBY_VULNERABLE_LIBRARY
Ruby 665
  • NO_EFFECT
Ruby 688
  • IDENTIFIER_TYPO
Ruby 704
  • SQLI
Ruby 73
  • RUBY_VULNERABLE_LIBRARY
Ruby 777
  • REGEX_MISSING_ANCHOR
Ruby 78
  • OS_CMD_INJECTION
Ruby 783
  • CONSTANT_EXPRESSION_RESULT
Ruby 79
  • RUBY_VULNERABLE_LIBRARY
  • UNESCAPED_HTML
  • XSS
Ruby 798
  • UNSAFE_BASIC_AUTH
Ruby 83
  • XSS
Ruby 862
  • RAILS_DEFAULT_ROUTES
  • RAILS_MISSING_FILTER_ACTION
Ruby 89
  • DYNAMIC_OBJECT_ATTRIBUTES
  • RUBY_VULNERABLE_LIBRARY
  • SQLI
Ruby 915
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 916
  • RAILS_DEVISE_CONFIG
  • WEAK_PASSWORD_HASH
Ruby 94
  • REGEX_INJECTION
Ruby 95
  • PATH_MANIPULATION
  • SCRIPT_CODE_INJECTION
Scala 190
  • OVERFLOW_BEFORE_WIDEN
Scala 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
Scala 476
  • FORWARD_NULL
  • REVERSE_INULL
Scala 480
  • CONSTANT_EXPRESSION_RESULT
Scala 483
  • NESTING_INDENT_MISMATCH
Scala 561
  • DEADCODE
  • UNREACHABLE
Scala 569
  • CONSTANT_EXPRESSION_RESULT
Scala 665
  • NO_EFFECT
Scala 783
  • CONSTANT_EXPRESSION_RESULT
Swift 209
  • SENSITIVE_DATA_LEAK
Swift 22
  • PATH_MANIPULATION
Swift 287
  • WEAK_BIOMETRIC_AUTH
Swift 295
  • BAD_CERT_VERIFICATION
Swift 296
  • BAD_CERT_VERIFICATION
Swift 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 314
  • SENSITIVE_DATA_LEAK
Swift 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 317
  • SENSITIVE_DATA_LEAK
Swift 319
  • CONFIG.ATS_INSECURE
  • INSECURE_COMMUNICATION
  • INSECURE_MULTIPEER_CONNECTION
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 327
  • RISKY_CRYPTO
Swift 328
  • RISKY_CRYPTO
Swift 391
  • UNEXPECTED_CONTROL_FLOW
Swift 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
Swift 476
  • FORWARD_NULL
  • REVERSE_INULL
Swift 480
  • CONSTANT_EXPRESSION_RESULT
Swift 532
  • SENSITIVE_DATA_LEAK
Swift 561
  • DEADCODE
Swift 569
  • CONSTANT_EXPRESSION_RESULT
Swift 611
  • XML_EXTERNAL_ENTITY
Swift 643
  • XPATH_INJECTION
Swift 798
  • HARDCODED_CREDENTIALS
Swift 829
  • CUSTOM_KEYBOARD_DATA_LEAK
Swift 89
  • SQLI
Swift 94
  • REGEX_INJECTION
Swift 95
  • SCRIPT_CODE_INJECTION
TypeScript 1004
  • INSECURE_COOKIE
TypeScript 1022
  • REVERSE_TABNABBING
TypeScript 1187
  • UNSAFE_BUFFER_METHOD
TypeScript 183
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST
TypeScript 20
  • AWS_VALIDATION_DISABLED
  • COOKIE_INJECTION
  • WEAK_URL_SANITIZATION
TypeScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
  • DNS_PREFETCHING
  • INSECURE_REFERRER_POLICY
TypeScript 201
  • EXPRESS_X_POWERED_BY_ENABLED
TypeScript 209
  • SENSITIVE_DATA_LEAK
TypeScript 219
  • INSECURE_COOKIE
TypeScript 22
  • PATH_MANIPULATION
TypeScript 260
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT
  • CONFIG.HARDCODED_TOKEN
TypeScript 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 285
  • MISSING_AUTHZ
TypeScript 288
  • MULTER_MISCONFIGURATION
TypeScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
TypeScript 295
  • AWS_VALIDATION_DISABLED
  • BAD_CERT_VERIFICATION
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
  • HPKP_MISCONFIGURATION
TypeScript 300
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 313
  • SENSITIVE_DATA_LEAK
TypeScript 314
  • SENSITIVE_DATA_LEAK
TypeScript 315
  • SENSITIVE_DATA_LEAK
TypeScript 317
  • SENSITIVE_DATA_LEAK
TypeScript 319
  • AWS_SSL_DISABLED
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
  • INSECURE_COMMUNICATION
  • SENSITIVE_DATA_LEAK
TypeScript 327
  • RISKY_CRYPTO
  • SA.RISKY_CRYPTO
TypeScript 328
  • RISKY_CRYPTO
TypeScript 330
  • INSECURE_RANDOM
TypeScript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
TypeScript 346
  • CORS_MISCONFIGURATION_AUDIT
  • UNCHECKED_ORIGIN
TypeScript 352
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
  • CSRF_MISCONFIGURATION_HAPI_CRUMB
TypeScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
TypeScript 400
  • BUSBOY_MISCONFIGURATION
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
  • FILE_UPLOAD_MISCONFIGURATION
  • MULTER_MISCONFIGURATION
TypeScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
TypeScript 480
  • CONSTANT_EXPRESSION_RESULT
TypeScript 483
  • NESTING_INDENT_MISMATCH
TypeScript 484
  • MISSING_BREAK
TypeScript 489
  • CONFIG.ENABLED_DEBUG_MODE
TypeScript 502
  • UNSAFE_DESERIALIZATION
TypeScript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
  • SENSITIVE_DATA_LEAK
TypeScript 561
  • DEADCODE
  • UNREACHABLE
TypeScript 565
  • CONFIG.COOKIE_SIGNING_DISABLED
TypeScript 569
  • CONSTANT_EXPRESSION_RESULT
TypeScript 601
  • OPEN_REDIRECT
TypeScript 611
  • XML_EXTERNAL_ENTITY
TypeScript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
  • CONFIG.UNSAFE_SESSION_TIMEOUT
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME
  • TEMPORARY_CREDENTIALS_DURATION
TypeScript 614
  • INSECURE_COOKIE
TypeScript 625
  • WEAK_URL_SANITIZATION
TypeScript 628
  • EXPLICIT_THIS_EXPECTED
TypeScript 646
  • MULTER_MISCONFIGURATION
TypeScript 665
  • NO_EFFECT
TypeScript 668
  • UNRESTRICTED_MESSAGE_TARGET
TypeScript 670
  • STRAY_SEMICOLON
TypeScript 688
  • IDENTIFIER_TYPO
TypeScript 73
  • BUSBOY_MISCONFIGURATION
  • FILE_UPLOAD_MISCONFIGURATION
  • MULTER_MISCONFIGURATION
TypeScript 732
  • INSECURE_ACL
TypeScript 74
  • CSS_INJECTION
TypeScript 755
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
TypeScript 760
  • INSECURE_SALT
TypeScript 770
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE
  • MULTER_MISCONFIGURATION
TypeScript 776
  • XML_EXTERNAL_ENTITY
TypeScript 778
  • INSUFFICIENT_LOGGING
TypeScript 779
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING
TypeScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
TypeScript 783
  • CONSTANT_EXPRESSION_RESULT
TypeScript 79
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
  • ANGULAR_SCE_DISABLED
  • DOM_XSS
  • REACT_DANGEROUS_INNERHTML
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE
  • XSS
TypeScript 798
  • HARDCODED_CREDENTIALS
TypeScript 829
  • MISSING_IFRAME_SANDBOX
TypeScript 88
  • HEADER_INJECTION
TypeScript 89
  • SQLI
TypeScript 922
  • LOCALSTORAGE_WRITE
TypeScript 94
  • ANGULAR_EXPRESSION_INJECTION
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
TypeScript 942
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
  • INSECURE_COOKIE
TypeScript 95
  • SCRIPT_CODE_INJECTION
TypeScript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
VB.NET 117
  • LOG_INJECTION
VB.NET 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
VB.NET 200
  • ASPNET_MVC_VERSION_HEADER
VB.NET 209
  • SENSITIVE_DATA_LEAK
VB.NET 22
  • PATH_MANIPULATION
VB.NET 259
  • HARDCODED_CREDENTIALS
VB.NET 285
  • MISSING_AUTHZ
VB.NET 313
  • SENSITIVE_DATA_LEAK
VB.NET 314
  • SENSITIVE_DATA_LEAK
VB.NET 315
  • SENSITIVE_DATA_LEAK
VB.NET 317
  • SENSITIVE_DATA_LEAK
VB.NET 319
  • SENSITIVE_DATA_LEAK
VB.NET 321
  • HARDCODED_CREDENTIALS
VB.NET 327
  • RISKY_CRYPTO
VB.NET 328
  • RISKY_CRYPTO
VB.NET 330
  • INSECURE_RANDOM
VB.NET 352
  • CSRF
VB.NET 369
  • DIVIDE_BY_ZERO
VB.NET 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
VB.NET 403
  • RESOURCE_LEAK
VB.NET 404
  • RESOURCE_LEAK
VB.NET 470
  • UNSAFE_NAMED_QUERY
VB.NET 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
VB.NET 502
  • UNSAFE_DESERIALIZATION
VB.NET 532
  • SENSITIVE_DATA_LEAK
VB.NET 543
  • LOCK_EVASION
VB.NET 561
  • DEADCODE
  • UNREACHABLE
VB.NET 573
  • CALL_SUPER
VB.NET 601
  • OPEN_REDIRECT
VB.NET 611
  • XML_EXTERNAL_ENTITY
VB.NET 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
VB.NET 643
  • XPATH_INJECTION
VB.NET 683
  • SWAPPED_ARGUMENTS
VB.NET 73
  • UNRESTRICTED_DISPATCH
VB.NET 759
  • WEAK_PASSWORD_HASH
VB.NET 760
  • WEAK_PASSWORD_HASH
VB.NET 776
  • XML_EXTERNAL_ENTITY
VB.NET 778
  • UNLOGGED_SECURITY_EXCEPTION
VB.NET 78
  • OS_CMD_INJECTION
VB.NET 79
  • XSS
VB.NET 798
  • HARDCODED_CREDENTIALS
VB.NET 827
  • XML_EXTERNAL_ENTITY
VB.NET 835
  • INFINITE_LOOP
VB.NET 89
  • SQLI
  • SQL_NOT_CONSTANT
VB.NET 90
  • LDAP_INJECTION
  • LDAP_NOT_CONSTANT
VB.NET 916
  • WEAK_PASSWORD_HASH
VB.NET 94
  • REGEX_INJECTION
VB.NET 95
  • SCRIPT_CODE_INJECTION