Coverity Coverage for Common Weakness Enumeration (CWE)

At its core, Common Weakness Enumeration (CWE) is a community-developed list of software weaknesses. CWE provides a taxonomy to categorize and describe software weaknesses—giving developers and security practitioners a common language for software security.

MITRE owns and maintains the project. To learn more about CWE, click here.

Search below to see Coverity's CWE support of languages in your codebase:

Print to PDF

Interested in a specific language or platform?

Language/Platform	CWE	Coverity Checker
Android	22	PATH_MANIPULATION
Android	78	OS_CMD_INJECTION
Android	79	XSS
Android	89	SQLI
Android	94	SQLIREGEX_INJECTION
Android	99	URL_MANIPULATION
Android	209	SENSITIVE_DATA_LEAK
Android	215	ANDROID_DEBUG_MODE
Android	259	HARDCODED_CREDENTIALS
Android	296	BAD_CERT_VERIFICATION
Android	297	BAD_CERT_VERIFICATION
Android	299	BAD_CERT_VERIFICATION
Android	311	SENSITIVE_DATA_LEAK
Android	312	SENSITIVE_DATA_LEAK
Android	313	SENSITIVE_DATA_LEAK
Android	317	SENSITIVE_DATA_LEAK
Android	319	SENSITIVE_DATA_LEAK
Android	321	HARDCODED_CREDENTIALS
Android	327	RISKY_CRYPTO
Android	328	RISKY_CRYPTO
Android	330	MOBILE_ID_MISUSE
Android	336	PREDICTABLE_RANDOM_SEED
Android	337	PREDICTABLE_RANDOM_SEED
Android	470	UNSAFE_REFLECTION
Android	502	UNSAFE_DESERIALIZATION
Android	530	CONFIG.ANDROID_BACKUPS_ALLOWED
Android	532	SENSITIVE_DATA_LEAK
Android	538	UNRESTRICTED_ACCESS_TO_FILE EXPOSED_PREFERENCES
Android	611	ML_EXTERNAL_ENTITY
Android	759	WEAK_PASSWORD_HASH
Android	760	WEAK_PASSWORD_HASH
Android	776	XML_EXTERNAL_ENTITY
Android	798	HARDCODED_CREDENTIALS
Android	827	XML_EXTERNAL_ENTITY
Android	916	WEAK_PASSWORD_HASH
Android	921	UNRESTRICTED_ACCESS_TO_FILE
Android	926	ANDROID_CAPABILITY_LEAK MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Android	927	IMPLICIT_INTENT SENSITIVE_DATA_LEAK MISSING_PERMISSION_FOR_BROADCAST
Android	1032	CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Android	1035	CONFIG.ANDROID_UNSAFE_MINSDKVERSION
C#	11	CONFIG.ENABLED_DEBUG_MODE CONFIG.ENABLED_TRACE_MODE
C#	12	CONFIG.MISSING_CUSTOM_ERROR_PAGE
C#	13	CONFIG.CONNECTION_STRING_PASSWORD
C#	22	PATH_MANIPULATION
C#	73	UNRESTRICTED_DISPATCH
C#	78	OS_CMD_INJECTION
C#	79	XSS
C#	89	SQL_NOT_CONSTANT SQLI
C#	90	LDAP_INJECTION
C#	91	XML_INJECTION
C#	94	NOSQL_QUERY_INJECTION REGEX_INJECTION SCRIPT_CODE_INJECTION
C#	95	SCRIPT_CODE_INJECTION
C#	117	LOG_INJECTION
C#	190	OVERFLOW_BEFORE_WIDEN
C#	200	ASPNET_MVC_VERSION_HEADER CONFIG.ASPNET_VERSION_HEADER CONFIG.COOKIES_MISSING_HTTPONLY
C#	209	SENSITIVE_DATA_LEAK
C#	259	HARDCODED_CREDENTIALS
C#	285	MISSING_AUTHZ
C#	313	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
C#	314	SENSITIVE_DATA_LEAK
C#	315	UNENCRYPTED_SENSITIVE_DATA SENSITIVE_DATA_LEAK
C#	317	SENSITIVE_DATA_LEAK
C#	319	UNENCRYPTED_SENSITIVE_DATA SENSITIVE_DATA_LEAK
C#	321	HARDCODED_CREDENTIALS
C#	327	RISKY_CRYPTO
C#	328	RISKY_CRYPTO
C#	330	INSECURE_RANDOM
C#	352	CSRF
C#	366	GUARDED_BY_VIOLATION NON_STATIC_GUARDING_STATIC VOLATILE_ATOMICITY
C#	369	DIVIDE_BY_ZERO
C#	390	MISSING_THROW
C#	398	UNEXPECTED_CONTROL_FLOW COPY_PASTE_ERROR IDENTICAL_BRANCHES PROPERTY_MIXUP
C#	403	RESOURCE_LEAK
C#	404	RESOURCE_LEAK
C#	470	UNSAFE_NAMED_QUERY
C#	476	FORWARD_NULL NULL_RETURNS REVERSE_INULL
C#	480	CONSTANT_EXPRESSION_RESULT
C#	502	UNSAFE_DESERIALIZATION
C#	519	CONFIG.ASP_VIEWSTATE_MAC
C#	532	SENSITIVE_DATA_LEAK
C#	543	BAD_LOCK_OBJECT LOCK_EVASION
C#	561	DEADCODE UNREACHABLE
C#	563	UNUSED_VALUE
C#	569	CONSTANT_EXPRESSION_RESULT
C#	570	BAD_EQ_TYPES
C#	573	CALL_SUPER MISSING_RESTORE
C#	595	BAD_EQ
C#	601	OPEN_REDIRECT
C#	610	HEADER_INJECTION
C#	611	XML_EXTERNAL_ENTITY
C#	615	CONFIG.DYNAMIC_DATA_HTML_COMMENT
C#	643	XPATH_INJECTION
C#	670	STRAY_SEMICOLON
C#	683	SWAPPED_ARGUMENTS
C#	759	WEAK_PASSWORD_HASH
C#	760	WEAK_PASSWORD_HASH
C#	776	XML_EXTERNAL_ENTITY
C#	778	UNLOGGED_SECURITY_EXCEPTION
C#	783	CONSTANT_EXPRESSION_RESULT
C#	798	HARDCODED_CREDENTIALS
C#	827	XML_EXTERNAL_ENTITY
C#	833	LOCK_INVERSION
C#	835	INFINITE_LOOP
C#	863	CONFIG.DEAD_AUTHORIZATION_RULE
C#	916	WEAK_PASSWORD_HASH
C/C++ & Objective-C	20	TAINTED_SCALAR TAINTED_STRING USER_POINTER
C/C++ & Objective-C	22	PATH_MANIPULATION
C/C++ & Objective-C	78	OS_CMD_INJECTION
C/C++ & Objective-C	89	SQLI
C/C++ & Objective-C	99	URL_MANIPULATION
C/C++ & Objective-C	119	ARRAY_VS_SINGLETON BAD_ALLOC_ARITHMETIC COM.BSTR.CONV INCOMPATIBLE_CAST INTEGER_OVERFLOW INVALIDATE_ITERATOR MISMATCHED_ITERATOR OVERRUN REVERSE_NEGATIVE
C/C++ & Objective-C	120	BUFFER_SIZE SIZECHECK STRING_OVERFLOW STRING_SIZE
C/C++ & Objective-C	125	INTEGER_OVERFLOW OVERRUN
C/C++ & Objective-C	129	NEGATIVE_RETURNS REVERSE_NEGATIVE TAINTED_SCALAR
C/C++ & Objective-C	131	BAD_ALLOC_STRLEN SIZECHECK
C/C++ & Objective-C	134	PW.NON_CONST_PRINTF_FORMAT_STRING TAINTED_STRING FORMAT_STRING_INJECTION
C/C++ & Objective-C	170	BUFFER_SIZE BUFFER_SIZE_WARNING READLINK SIZECHECK STRING_NULL
C/C++ & Objective-C	188	INCOMPATIBLE_CAST
C/C++ & Objective-C	190	INTEGER_OVERFLOW OVERFLOW_BEFORE_WIDEN PW.INTEGER_OVERFLOW PW.INTEGER_TOO_LARGE PW.SHIFT_COUNT_TOO_LARGE
C/C++ & Objective-C	194	SIGN_EXTENSION
C/C++ & Objective-C	195	MISRA_CAST
C/C++ & Objective-C	197	CHAR_IO MISRA_CAST NO_EFFECT
C/C++ & Objective-C	200	AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
C/C++ & Objective-C	243	CHROOT
C/C++ & Objective-C	248	UNCAUGHT_EXCEPT
C/C++ & Objective-C	252	CHECKED_RETURN
C/C++ & Objective-C	253	BAD_COMPARE
C/C++ & Objective-C	259	HARDCODED_CREDENTIALS
C/C++ & Objective-C	290	WEAK_GUARD
C/C++ & Objective-C	291	WEAK_GUARD
C/C++ & Objective-C	293	WEAK_GUARD
C/C++ & Objective-C	313	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C	315	UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C	319	UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C	321	HARDCODED_CREDENTIALS
C/C++ & Objective-C	327	RISKY_CRYPTO
C/C++ & Objective-C	328	RISKY_CRYPTO
C/C++ & Objective-C	350	WEAK_GUARD
C/C++ & Objective-C	366	MISSING_LOCK
C/C++ & Objective-C	367	TOCTOU
C/C++ & Objective-C	369	DIVIDE_BY_ZERO PW.DIVIDE_BY_ZERO
C/C++ & Objective-C	377	SECURE_TEMP
C/C++ & Objective-C	394	NEGATIVE_RETURNS REVERSE_NEGATIVE
C/C++ & Objective-C	398	COPY_PASTE_ERROR ENUM_AS_BOOLEAN IDENTICAL_BRANCHES MISMATCHED_ITERATOR MIXED_ENUMS NO_EFFECT PASS_BY_VALUE PW.* UNEXPECTED_CONTROL_FLOW VIRTUAL_DTOR
C/C++ & Objective-C	400	STACK_USE
C/C++ & Objective-C	401	COM.BSTR.ALLOC CTOR_DTOR_LEAK NO_EFFECT
C/C++ & Objective-C	404	RESOURCE_LEAK
C/C++ & Objective-C	415	USE_AFTER_FREE
C/C++ & Objective-C	416	COM.BAD_FREE COM.BSTR.ALLOC MISSING_ASSIGN MISSING_COPY USE_AFTER_FREE WRAPPER_ESCAPE
C/C++ & Objective-C	456	NO_EFFECT
C/C++ & Objective-C	457	PW.BRANCH_PAST_INITIALIZATION UNINIT UNINIT_CTOR
C/C++ & Objective-C	459	DELETE_ARRAY
C/C++ & Objective-C	465	NO_EFFECT
C/C++ & Objective-C	467	BAD_SIZEOF SIZEOF_MISMATCH
C/C++ & Objective-C	475	PRINTF_ARGS
C/C++ & Objective-C	476	FORWARD_NULL NULL_RETURNS REVERSE_INULL
C/C++ & Objective-C	480	CONSTANT_EXPRESSION_RESULT NO_EFFECT
C/C++ & Objective-C	481	PW.ASSIGN_WHERE_COMPARE_MEANT
C/C++ & Objective-C	482	NO_EFFECT
C/C++ & Objective-C	483	NESTING_INDENT_MISMATCH
C/C++ & Objective-C	484	MISSING_BREAK
C/C++ & Objective-C	561	DEADCODE UNREACHABLE
C/C++ & Objective-C	562	PW.RETURN_PTR_TO_LOCAL_TEMP RETURN_LOCAL
C/C++ & Objective-C	563	UNUSED_VALUE
C/C++ & Objective-C	569	CONSTANT_EXPRESSION_RESULT SIZEOF_MISMATCH
C/C++ & Objective-C	570	NO_EFFECT PW.UNSIGNED_COMPARE_WITH_NEGATIVE
C/C++ & Objective-C	573	MISSING_RESTORE OPEN_ARGS VARARGS
C/C++ & Objective-C	590	BAD_FREE
C/C++ & Objective-C	597	BAD_COMPARE
C/C++ & Objective-C	606	NEGATIVE_RETURNS TAINTED_SCALAR
C/C++ & Objective-C	617	LOCK
C/C++ & Objective-C	628	BAD_COMPARE PW.BAD_PRINTF_FORMAT_STRING
C/C++ & Objective-C	643	XPATH_INJECTION
C/C++ & Objective-C	662	ATOMICITY
C/C++ & Objective-C	665	NO_EFFECT
C/C++ & Objective-C	667	LOCK SLEEP
C/C++ & Objective-C	670	STRAY_SEMICOLON
C/C++ & Objective-C	672	USE_AFTER_FREE
C/C++ & Objective-C	676	DC.STREAM_BUFFER DC.STRING_BUFFER DC.WEAK_CRYPTO DC.PREDICTABLE_KEY_PASSWORD SECURE_CODING
C/C++ & Objective-C	681	MISRA_CAST
C/C++ & Objective-C	683	SWAPPED_ARGUMENTS
C/C++ & Objective-C	685	PRINTF_ARGS PW.TOO_FEW_PRINTF_ARGS PW.TOO_MANY_PRINTF_ARGS
C/C++ & Objective-C	686	PRINTF_ARGS PW.PRINTF_ARG_MISMATCH
C/C++ & Objective-C	687	NEGATIVE_RETURNS
C/C++ & Objective-C	704	INCOMPATIBLE_CAST PW.BAD_CAST PW.CONVERSION_TO_POINTER_LOSES_BITS
C/C++ & Objective-C	710	ASSIGN_NOT_RETURNING_STAR_THIS BAD_OVERRIDE HFA MISSING_ASSIGN MISSING_COPY MISSING_RETURN SELF_ASSIGN
C/C++ & Objective-C	758	DELETE_VOID EVALUATION_ORDER
C/C++ & Objective-C	759	WEAK_PASSWORD_HASH
C/C++ & Objective-C	760	WEAK_PASSWORD_HASH
C/C++ & Objective-C	762	ALLOC_FREE_MISMATCH
C/C++ & Objective-C	764	LOCK
C/C++ & Objective-C	772	VIRTUAL_DTOR
C/C++ & Objective-C	775	RESOURCE_LEAK
C/C++ & Objective-C	783	BAD_COMPARE CONSTANT_EXPRESSION_RESULT SIZEOF_MISMATCH
C/C++ & Objective-C	798	HARDCODED_CREDENTIALS
C/C++ & Objective-C	833	ORDER_REVERSAL
C/C++ & Objective-C	835	INFINITE_LOOP
C/C++ & Objective-C	916	WEAK_PASSWORD_HASH
Go	78	OS_CMD_INJECTION TAINTED_ENVIRONMENT_WITH_EXECUTION
Go	79	XSS
Go	88	HEADER_INJECTION
Go	89	SQLI
Go	94	NOSQL_QUERY_INJECTION TEMPLATE_INJECTION
Go	99	URL_MANIPULATION
Go	209	SENSITIVE_DATA_LEAK
Go	252	CHECKED_RETURN
Go	259	HARDCODED_CREDENTIALS
Go	313	SENSITIVE_DATA_LEAK
Go	314	SENSITIVE_DATA_LEAK
Go	315	SENSITIVE_DATA_LEAK
Go	317	SENSITIVE_DATA_LEAK
Go	319	SENSITIVE_DATA_LEAK
Go	321	HARDCODED_CREDENTIALS
Go	327	RISKY_CRYPTO
Go	328	RISKY_CRYPTO
Go	369	DIVIDE_BY_ZERO
Go	398	IDENTICAL_BRANCHES
Go	476	FORWARD_NULL REVERSE_INULL NULL_RETURNS
Go	480	CONSTANT_EXPRESSION_RESULT
Go	502	DISTRUSTED_DATA_DESERIALIZATION
Go	532	SENSITIVE_DATA_LEAK
Go	561	DEADCODE
Go	563	UNUSED_VALUE
Go	569	CONSTANT_EXPRESSION_RESULT
Go	601	OPEN_REDIRECT
Go	611	XML_EXTERNAL_ENTITY
Go	776	XML_EXTERNAL_ENTITY
Go	778	INSUFFICIENT_LOGGING
Go	783	CONSTANT_EXPRESSION_RESULT
Go	798	HARDCODED_CREDENTIALS
Go	835	INFINITE_LOOP
Java	4	CONFIG.DUPLICATE_SERVLET_DEFINITION
Java	7	CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
Java	22	JSP_DYNAMIC_INCLUDE PATH_MANIPULATION
Java	73	UNRESTRICTED_DISPATCH
Java	78	OS_CMD_INJECTION TAINTED_ENVIRONMENT_WITH_EXECUTION
Java	79	XSS
Java	89	JSP_SQL_INJECTION SQLI SQL_NOT_CONSTANT
Java	90	LDAP_INJECTION
Java	91	XML_INJECTION
Java	94	JAVA_CODE_INJECTION JCR_INJECTION NOSQL_QUERY_INJECTION OGNL_INJECTION REGEX_INJECTION UNKNOWN_LANGUAGE_INJECTION
Java	95	SCRIPT_CODE_INJECTION
Java	99	URL_MANIPULATION
Java	116	CONFIG.MYBATIS_MAPPER_SQLI
Java	117	LOG_INJECTION
Java	185	REGEX_CONFUSION
Java	190	OVERFLOW_BEFORE_WIDEN
Java	200	CONFIG.JAVAEE_MISSING_HTTPONLY CORS_MISCONFIGURATION_AUDIT
Java	209	SENSITIVE_DATA_LEAK
Java	215	ANDROID_DEBUG_MODE
Java	242	DC.DANGEROUS
Java	252	CHECKED_RETURN
Java	253	ORM_LOAD_NULL_CHECK
Java	259	HARDCODED_CREDENTIALS
Java	284	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
Java	285	MISSING_AUTHZ
Java	290	WEAK_GUARD
Java	291	WEAK_GUARD
Java	293	WEAK_GUARD
Java	296	BAD_CERT_VERIFICATION
Java	297	BAD_CERT_VERIFICATION
Java	299	BAD_CERT_VERIFICATION
Java	300	CORS_MISCONFIGURATION
Java	313	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
Java	314	SENSITIVE_DATA_LEAK
Java	315	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
Java	317	SENSITIVE_DATA_LEAK
Java	319	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
Java	321	HARDCODED_CREDENTIALS
Java	327	RISKY_CRYPTO
Java	328	RISKY_CRYPTO
Java	330	MOBILE_ID_MISUSE INSECURE_RANDOM
Java	336	PREDICTABLE_RANDOM_SEED
Java	337	PREDICTABLE_RANDOM_SEED
Java	350	WEAK_GUARD
Java	352	CSRF
Java	359	SENSITIVE_DATA_LEAK
Java	366	GUARDED_BY_VIOLATION NON_STATIC_GUARDING_STATIC VOLATILE_ATOMICITY
Java	369	DIVIDE_BY_ZERO
Java	384	CONFIG.SPRING_SECURITY_SESSION_FIXATION SESSION_FIXATION
Java	390	MISSING_THROW
Java	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES PROPERTY_MIXUP UNEXPECTED_CONTROL_FLOW
Java	403	RESOURCE_LEAK
Java	404	RESOURCE_LEAK
Java	425	CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT
Java	427	UNSAFE_JNI
Java	470	UNSAFE_REFLECTION UNSAFE_NAMED_QUERY
Java	476	FORWARD_NULL NULL_RETURNS REVERSE_INULL
Java	480	CONSTANT_EXPRESSION_RESULT
Java	483	NESTING_INDENT_MISMATCH
Java	484	MISSING_BREAK
Java	501	TRUST_BOUNDARY_VIOLATION
Java	502	UNSAFE_DESERIALIZATION
Java	530	CONFIG.ANDROID_BACKUPS_ALLOWED
Java	532	SENSITIVE_DATA_LEAK
Java	538	EXPOSED_PREFERENCES UNRESTRICTED_ACCESS_TO_FILE
Java	543	BAD_LOCK_OBJECT LOCK_EVASION SINGLETON_RACE
Java	561	DEADCODE UNREACHABLE
Java	563	UNUSED_VALUE
Java	567	SERVLET_ATOMICITY
Java	568	CALL_SUPER
Java	569	CONSTANT_EXPRESSION_RESULT
Java	573	CALL_SUPER INVALIDATE_ITERATOR MISSING_RESTORE ATTRIBUTE_NAME_CONFLICT
Java	580	CALL_SUPER
Java	601	OPEN_REDIRECT
Java	610	HEADER_INJECTION
Java	611	XML_EXTERNAL_ENTITY
Java	613	CONFIG.UNSAFE_SESSION_TIMEOUT
Java	614	INSECURE_COOKIE
Java	615	CONFIG.DYNAMIC_DATA_HTML_COMMENT
Java	643	XPATH_INJECTION
Java	650	CONFIG.HTTP_VERB_TAMPERING
Java	662	ATOMICITY
Java	670	STRAY_SEMICOLON
Java	672	USE_AFTER_FREE
Java	683	SWAPPED_ARGUMENTS
Java	759	WEAK_PASSWORD_HASH
Java	760	WEAK_PASSWORD_HASH
Java	776	XML_EXTERNAL_ENTITY
Java	778	UNLOGGED_SECURITY_EXCEPTION
Java	783	CONSTANT_EXPRESSION_RESULT
Java	798	CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY HARDCODED_CREDENTIALS
Java	827	XML_EXTERNAL_ENTITY
Java	833	DC.DEADLOCK LOCK_INVERSION
Java	835	INFINITE_LOOP
Java	862	CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN
Java	863	CONFIG.DWR_DEBUG_MODE CONFIG.SPRING_SECURITY_DEBUG_MODE CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION CONFIG.STRUTS2_ENABLED_DEV_MODE
Java	916	WEAK_PASSWORD_HASH
Java	917	EL_INJECTION
Java	921	UNRESTRICTED_ACCESS_TO_FILE
Java	926	ANDROID_CAPABILITY_LEAK MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Java	927	MISSING_PERMISSION_FOR_BROADCAST SENSITIVE_DATA_LEAK
Java	942	CORS_MISCONFIGURATION_AUDIT
Java	1023	HIBERNATE_BAD_HASHCODE
Java	1032	CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Java	1035	CONFIG.ANDROID_UNSAFE_MINSDKVERSION
JavaScript	20	COOKIE_INJECTION
JavaScript	22	PATH_MANIPULATION
JavaScript	73	BUSBOY_MISCONFIGURATION
JavaScript	74	CSS_INJECTION
JavaScript	78	OS_CMD_INJECTION TAINTED_ENVIRONMENT_WITH_EXECUTION
JavaScript	79	DOM_XSS XSS ANGULAR_BYPASS_SECURITY ANGULAR_ELEMENT_REFERENCE VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE REACT_DANGEROUS_INNERHTML
JavaScript	88	HEADER_INJECTION
JavaScript	89	SQLI
JavaScript	94	REGEX_INJECTION NOSQL_QUERY_INJECTION TEMPLATE_INJECTION ANGULAR_EXPRESSION_INJECTION
JavaScript	95	SCRIPT_CODE_INJECTION
JavaScript	99	URL_MANIPULATION SESSIONSTORAGE_MANIPULATION LOCALSTORAGE_MANIPULATION
JavaScript	183	CONFIG.CORDOVA_PERMISSIVE_WHITELIST
JavaScript	200	CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
JavaScript	209	SENSITIVE_DATA_LEAK
JavaScript	284	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
JavaScript	285	MISSING_AUTHZ
JavaScript	289	UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
JavaScript	295	CONFIG.MYSQL_SSL_VERIFY_DISABLED CONFIG.REQUEST_STRICTSSL_DISABLED
JavaScript	300	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
JavaScript	313	SENSITIVE_DATA_LEAK
JavaScript	314	SENSITIVE_DATA_LEAK
JavaScript	315	SENSITIVE_DATA_LEAK
JavaScript	317	SENSITIVE_DATA_LEAK
JavaScript	319	SENSITIVE_DATA_LEAK CONFIG.SEQUELIZE_INSECURE_CONNECTION
JavaScript	327	RISKY_CRYPTO
JavaScript	328	RISKY_CRYPTO
JavaScript	330	INSECURE_RANDOM
JavaScript	345	JSONWEBTOKEN_UNTRUSTED_DECODE
JavaScript	346	UNCHECKED_ORIGIN CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
JavaScript	352	CSRF CONFIG.CSURF_IGNORE_METHODS CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
JavaScript	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES UNEXPECTED_CONTROL_FLOW NO_EFFECT
JavaScript	400	CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE BUSBOY_MISCONFIGURATION
JavaScript	476	FORWARD_NULL NULL_RETURNS REVERSE_INULL
JavaScript	480	CONSTANT_EXPRESSION_RESULT
JavaScript	483	NESTING_INDENT_MISMATCH
JavaScript	484	MISSING_BREAK
JavaScript	502	UNSAFE_DESERIALIZATION
JavaScript	532	CONFIG.SEQUELIZE_ENABLED_LOGGING SENSITIVE_DATA_LEAK EXPRESS_WINSTON_SENSITIVE_LOGGING
JavaScript	561	DEADCODE UNREACHABLE
JavaScript	565	CONFIG.COOKIE_SIGNING_DISABLED
JavaScript	569	CONSTANT_EXPRESSION_RESULT
JavaScript	601	OPEN_REDIRECT REACT_DYNAMIC_URL_INSECURE_TARGET REVERSE_TABNABBING
JavaScript	611	XML_EXTERNAL_ENTITY
JavaScript	613	CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN AWS_INSUFFICIENT_PRESIGNED_URL_TIMEOUT JSONWEBTOKEN_IGNORED_EXPIRATION_TIME CONFIG.UNSAFE_SESSION_TIMEOUT
JavaScript	614	INSECURE_COOKIE
JavaScript	628	EXPLICIT_THIS_EXPECTED
JavaScript	665	NO_EFFECT
JavaScript	668	UNRESTRICTED_MESSAGE_TARGET
JavaScript	670	STRAY_SEMICOLON
JavaScript	688	IDENTIFIER_TYPO
JavaScript	760	INSECURE_SALT
JavaScript	770	EXPRESS_SESSION_UNSAFE_MEMORYSTORE
JavaScript	776	XML_EXTERNAL_ENTITY
JavaScript	778	INSUFFICIENT_LOGGING
JavaScript	779	CONFIG.CORDOVA_EXCESSIVE_LOGGING
JavaScript	783	CONSTANT_EXPRESSION_RESULT
JavaScript	798	HARDCODED_CREDENTIALS
JavaScript	829	MISSING_IFRAME_SANDBOX
JavaScript	922	LOCALSTORAGE_WRITE
JavaScript	942	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
JavaScript	1004	INSECURE_COOKIE
PHP	22	PATH_MANIPULATION
PHP	74	SYMFONY_EL_INJECTION
PHP	78	OS_CMD_INJECTION
PHP	79	XSS
PHP	88	HEADER_INJECTION
PHP	89	SQLI
PHP	94	NOSQL_QUERY_INJECTION
PHP	95	SCRIPT_CODE_INJECTION
PHP	209	SENSITIVE_DATA_LEAK
PHP	285	MISSING_AUTHZ
PHP	313	SENSITIVE_DATA_LEAK
PHP	314	SENSITIVE_DATA_LEAK
PHP	315	SENSITIVE_DATA_LEAK
PHP	317	SENSITIVE_DATA_LEAK
PHP	319	SENSITIVE_DATA_LEAK
PHP	352	CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED
PHP	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES NO_EFFECT UNEXPECTED_CONTROL_FLOW
PHP	470	UNSAFE_REFLECTION
PHP	476	FORWARD_NULL
PHP	480	CONSTANT_EXPRESSION_RESULT
PHP	483	NESTING_INDENT_MISMATCH
PHP	484	MISSING_BREAK
PHP	502	UNSAFE_DESERIALIZATION
PHP	532	SENSITIVE_DATA_LEAK
PHP	561	UNREACHABLE DEADCODE
PHP	569	CONSTANT_EXPRESSION_RESULT
PHP	601	OPEN_REDIRECT
PHP	611	XML_EXTERNAL_ENTITY
PHP	665	NO_EFFECT
PHP	670	STRAY_SEMICOLON
PHP	688	IDENTIFIER_TYPO
PHP	783	CONSTANT_EXPRESSION_RESULT
PHP	798	HARDCODED_CREDENTIALS
Python	22	PATH_MANIPULATION
Python	78	OS_CMD_INJECTION
Python	79	XSS
Python	89	SQLI
Python	94	NOSQL_QUERY_INJECTION
Python	95	SCRIPT_CODE_INJECTION
Python	209	SENSITIVE_DATA_LEAK
Python	285	MISSING_AUTHZ
Python	313	SENSITIVE_DATA_LEAK
Python	314	SENSITIVE_DATA_LEAK
Python	315	SENSITIVE_DATA_LEAK
Python	317	SENSITIVE_DATA_LEAK
Python	319	SENSITIVE_DATA_LEAK
Python	352	CSRF
Python	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES
Python	476	FORWARD_NULL REVERSE_INULL
Python	480	CONSTANT_EXPRESSION_RESULT
Python	502	UNSAFE_DESERIALIZATION
Python	532	SENSITIVE_DATA_LEAK
Python	561	UNREACHABLE DEADCODE
Python	569	CONSTANT_EXPRESSION_RESULT
Python	601	OPEN_REDIRECT
Python	611	XML_EXTERNAL_ENTITY
Python	688	IDENTIFIER_TYPO
Python	783	CONSTANT_EXPRESSION_RESULT
Python	798	HARDCODED_CREDENTIALS
Ruby	22	PATH_MANIPULATION RUBY_VULNERABLE_LIBRARY
Ruby	73	RUBY_VULNERABLE_LIBRARY
Ruby	78	OS_CMD_INJECTION
Ruby	79	RUBY_VULNERABLE_LIBRARY UNESCAPED_HTML XSS
Ruby	83	XSS
Ruby	89	DYNAMIC_OBJECT_ATTRIBUTES RUBY_VULNERABLE_LIBRARY SQLI
Ruby	94	REGEX_INJECTION
Ruby	95	PATH_MANIPULATION SCRIPT_CODE_INJECTION
Ruby	113	RUBY_VULNERABLE_LIBRARY
Ruby	183	DYNAMIC_OBJECT_ATTRIBUTES
Ruby	184	BLACKLIST_FOR_AUTHN
Ruby	209	SENSITIVE_DATA_LEAK
Ruby	215	SENSITIVE_DATA_LEAK
Ruby	259	HARDCODED_CREDENTIALS
Ruby	263	RAILS_DEVISE_CONFIG
Ruby	287	UNSAFE_BASIC_AUTH
Ruby	289	RUBY_VULNERABLE_LIBRARY UNSAFE_BASIC_AUTH
Ruby	307	RAILS_DEVISE_CONFIG
Ruby	319	STRICT_TRANSPORT_SECURITY
Ruby	321	UNSAFE_SESSION_SETTING
Ruby	352	CSRF
Ruby	369	DIVIDE_BY_ZERO
Ruby	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES NO_EFFECT PARSE_ERROR UNEXPECTED_CONTROL_FLOW
Ruby	400	RAILS_DEFAULT_ROUTES RESOURCE_LEAK RUBY_VULNERABLE_LIBRARY
Ruby	470	UNSAFE_REFLECTION
Ruby	476	FORWARD_NULL REVERSE_INULL
Ruby	480	CONSTANT_EXPRESSION_RESULT
Ruby	502	RUBY_VULNERABLE_LIBRARY UNSAFE_DESERIALIZATION COOKIE_SERIALIZER_CONFIG
Ruby	521	RAILS_DEVISE_CONFIG
Ruby	561	DEADCODE UNREACHABLE
Ruby	569	CONSTANT_EXPRESSION_RESULT
Ruby	599	BAD_CERT_VERIFICATION
Ruby	601	OPEN_REDIRECT REVERSE_TABNABBING
Ruby	614	INSECURE_COOKIE UNSAFE_SESSION_SETTING
Ruby	639	INSECURE_DIRECT_OBJECT_REFERENCE
Ruby	642	SESSION_MANIPULATION
Ruby	665	NO_EFFECT
Ruby	688	IDENTIFIER_TYPO
Ruby	704	SQLI
Ruby	777	REGEX_MISSING_ANCHOR
Ruby	783	CONSTANT_EXPRESSION_RESULT
Ruby	798	UNSAFE_BASIC_AUTH
Ruby	862	RAILS_DEFAULT_ROUTES RAILS_MISSING_FILTER_ACTION
Ruby	915	DYNAMIC_OBJECT_ATTRIBUTES
Ruby	916	RAILS_DEVISE_CONFIG WEAK_PASSWORD_HASH
Ruby	1004	INSECURE_COOKIE UNSAFE_SESSION_SETTING
Scala	190	OVERFLOW_BEFORE_WIDEN
Scala	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES NO_EFFECT
Scala	476	FORWARD_NULL REVERSE_INULL
Scala	480	CONSTANT_EXPRESSION_RESULT
Scala	483	NESTING_INDENT_MISMATCH
Scala	561	DEADCODE UNREACHABLE
Scala	569	CONSTANT_EXPRESSION_RESULT
Scala	665	NO_EFFECT
Scala	783	CONSTANT_EXPRESSION_RESULT
Swift	22	PATH_MANIPULATION
Swift	89	SQLI
Swift	94	REGEX_INJECTION
Swift	95	SCRIPT_CODE_INJECTION
Swift	209	SENSITIVE_DATA_LEAK
Swift	287	WEAK_BIOMETRIC_AUTH
Swift	295	BAD_CERT_VERIFICATION
Swift	296	BAD_CERT_VERIFICATION
Swift	313	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
Swift	314	SENSITIVE_DATA_LEAK
Swift	315	SENSITIVE_DATA_LEAK UNENCRYPTED_SENSITIVE_DATA
Swift	317	SENSITIVE_DATA_LEAK
Swift	319	SENSITIVE_DATA_LEAK INSECURE_MULTIPEER_CONNECTION INSECURE_COMMUNICATION CONFIG.ATS_INSECURE UNENCRYPTED_SENSITIVE_DATA
Swift	327	RISKY_CRYPTO
Swift	328	RISKY_CRYPTO
Swift	391	UNEXPECTED_CONTROL_FLOW
Swift	398	COPY_PASTE_ERROR UNEXPECTED_CONTROL_FLOW IDENTICAL_BRANCHES PROPERTY_MIXUP PW.*
Swift	476	FORWARD_NULL REVERSE_INULL
Swift	480	CONSTANT_EXPRESSION_RESULT
Swift	532	SENSITIVE_DATA_LEAK
Swift	561	DEADCODE
Swift	569	CONSTANT_EXPRESSION_RESULT
Swift	611	XML_EXTERNAL_ENTITY
Swift	643	XPATH_INJECTION
Swift	798	HARDCODED_CREDENTIALS
Swift	829	CUSTOM_KEYBOARD_DATA_LEAK
TypeScript	20	COOKIE_INJECTION
TypeScript	22	PATH_MANIPULATION
TypeScript	73	BUSBOY_MISCONFIGURATION
TypeScript	74	CSS_INJECTION
TypeScript	78	OS_CMD_INJECTION TAINTED_ENVIRONMENT_WITH_EXECUTION
TypeScript	79	ANGULAR_ELEMENT_REFERENCE DOM_XSS XSS VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE REACT_DANGEROUS_INNERHTML
TypeScript	88	HEADER_INJECTION
TypeScript	89	SQLI
TypeScript	94	NOSQL_QUERY_INJECTION REGEX_INJECTION TEMPLATE_INJECTION
TypeScript	95	SCRIPT_CODE_INJECTION
TypeScript	99	LOCALSTORAGE_MANIPULATION SESSIONSTORAGE_MANIPULATION URL_MANIPULATION
TypeScript	200	CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS CORS_MISCONFIGURATION_AUDIT
TypeScript	209	SENSITIVE_DATA_LEAK CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
TypeScript	284	CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
TypeScript	285	MISSING_AUTHZ
TypeScript	289	UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
TypeScript	295	CONFIG.MYSQL_SSL_VERIFY_DISABLED CONFIG.REQUEST_STRICTSSL_DISABLED
TypeScript	300	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
TypeScript	313	SENSITIVE_DATA_LEAK
TypeScript	314	SENSITIVE_DATA_LEAK
TypeScript	315	SENSITIVE_DATA_LEAK
TypeScript	317	SENSITIVE_DATA_LEAK
TypeScript	319	CONFIG.SEQUELIZE_INSECURE_CONNECTION SENSITIVE_DATA_LEAK
TypeScript	327	RISKY_CRYPTO
TypeScript	328	RISKY_CRYPTO
TypeScript	330	INSECURE_RANDOM
TypeScript	345	JSONWEBTOKEN_UNTRUSTED_DECODE
TypeScript	346	UNCHECKED_ORIGIN CORS_MISCONFIGURATION_AUDIT
TypeScript	352	CONFIG.CSURF_IGNORE_METHODS CONFIG.HANA_XS_PREVENT_XSRF_DISABLED CSRF
TypeScript	398	COPY_PASTE_ERROR IDENTICAL_BRANCHES NO_EFFECT UNEXPECTED_CONTROL_FLOW
TypeScript	400	CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL BUSBOY_MISCONFIGURATION
TypeScript	476	FORWARD_NULL NULL_RETURNS REVERSE_INULL
TypeScript	480	CONSTANT_EXPRESSION_RESULT
TypeScript	483	NESTING_INDENT_MISMATCH
TypeScript	484	MISSING_BREAK
TypeScript	502	UNSAFE_DESERIALIZATION
TypeScript	532	CONFIG.SEQUELIZE_ENABLED_LOGGING SENSITIVE_DATA_LEAK EXPRESS_WINSTON_SENSITIVE_LOGGING
TypeScript	561	DEADCODE UNREACHABLE
TypeScript	565	CONFIG.COOKIE_SIGNING_DISABLED
TypeScript	569	CONSTANT_EXPRESSION_RESULT
TypeScript	601	OPEN_REDIRECT REACT_DYNAMIC_URL_INSECURE_TARGET REVERSE_TABNABBING
TypeScript	611	XML_EXTERNAL_ENTITY
TypeScript	613	CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN AWS_INSUFFICIENT_PRESIGNED_URL_TIMEOUT JSONWEBTOKEN_IGNORED_EXPIRATION_TIME CONFIG.UNSAFE_SESSION_TIMEOUT
TypeScript	614	INSECURE_COOKIE
TypeScript	628	EXPLICIT_THIS_EXPECTED
TypeScript	665	NO_EFFECT
TypeScript	668	UNRESTRICTED_MESSAGE_TARGET
TypeScript	670	STRAY_SEMICOLON
TypeScript	688	IDENTIFIER_TYPO
TypeScript	760	INSECURE_SALT
TypeScript	770	EXPRESS_SESSION_UNSAFE_MEMORYSTORE
TypeScript	776	XML_EXTERNAL_ENTITY
TypeScript	778	INSUFFICIENT_LOGGING
TypeScript	783	CONSTANT_EXPRESSION_RESULT
TypeScript	798	HARDCODED_CREDENTIALS
TypeScript	829	MISSING_IFRAME_SANDBOX
TypeScript	922	LOCALSTORAGE_WRITE
TypeScript	942	CORS_MISCONFIGURATION CORS_MISCONFIGURATION_AUDIT
TypeScript	1004	INSECURE_COOKIE
VB.NET	12	CONFIG.MISSING_CUSTOM_ERROR_PAGE
VB.NET	22	PATH_MANIPULATION
VB.NET	73	UNRESTRICTED_DISPATCH
VB.NET	78	OS_CMD_INJECTION
VB.NET	79	XSS
VB.NET	89	SQLI SQLI_NOT_CONSTANT
VB.NET	90	LDAP_INJECTION
VB.NET	94	REGEX_INJECTION
VB.NET	117	LOG_INJECTION
VB.NET	200	ASPNET_MVC_VERSION_HEADER
VB.NET	209	SENSITIVE_DATA_LEAK
VB.NET	259	HARDCODED_CREDENTIALS
VB.NET	285	MISSING_AUTHZ
VB.NET	313	SENSITIVE_DATA_LEAK
VB.NET	314	SENSITIVE_DATA_LEAK
VB.NET	315	SENSITIVE_DATA_LEAK
VB.NET	317	SENSITIVE_DATA_LEAK
VB.NET	319	SENSITIVE_DATA_LEAK
VB.NET	321	HARDCODED_CREDENTIALS
VB.NET	327	RISKY_CRYPTO
VB.NET	328	RISKY_CRYPTO
VB.NET	352	CSRF
VB.NET	369	DIVIDE_BY_ZERO
VB.NET	398	COPY_PASTE_ERROR UNEXPECTED_CONTROL_FLOW IDENTICAL_BRANCHES PROPERTY_MIXUP
VB.NET	403	RESOURCE_LEAK
VB.NET	404	RESOURCE_LEAK
VB.NET	470	UNSAFE_NAMED_QUERY
VB.NET	476	FORWARD_NULL REVERSE_INULL
VB.NET	502	UNSAFE_DESERIALIZATION
VB.NET	543	LOCK_EVASION
VB.NET	561	DEADCODE UNREACHABLE
VB.NET	573	CALL_SUPER
VB.NET	611	XML_EXTERNAL_ENTITY
VB.NET	615	CONFIG.DYNAMIC_DATA_HTML_COMMENT
VB.NET	643	XPATH_INJECTION
VB.NET	683	SWAPPED_ARGUMENTS
VB.NET	759	WEAK_PASSWORD_HASH
VB.NET	760	WEAK_PASSWORD_HASH
VB.NET	776	XML_EXTERNAL_ENTITY
VB.NET	778	UNLOGGED_SECURITY_EXCEPTION
VB.NET	798	HARDCODED_CREDENTIALS
VB.NET	827	XML_EXTERNAL_ENTITY
VB.NET	835	INFINITE_LOOP
VB.NET	916	WEAK_PASSWORD_HASH

Coverity Coverage for Common Weakness Enumeration (CWE)

Interested in a specific language or platform?

Legal

Follow