Coverity Coverage for Common Weakness Enumeration (CWE)

Coverity version 2019.12

At its core, Common Weakness Enumeration (CWE) is a community-developed list of software weaknesses. CWE provides a taxonomy to categorize and describe software weaknesses—giving developers and security practitioners a common language for software security.

MITRE owns and maintains the project. To learn more about CWE, click here.

Search below to see Coverity's CWE support of languages in your codebase:

Interested in a specific language or platform?



Language/Platform CWE      Coverity Checker
Android 22
  • PATH_MANIPULATION
Android 78
  • OS_CMD_INJECTION
Android 79
  • XSS
Android 89
  • SQLI
Android 94
  • SQLIREGEX_INJECTION
Android 99
  • URL_MANIPULATION
Android 209
  • SENSITIVE_DATA_LEAK
Android 215
  • ANDROID_DEBUG_MODE
Android 259
  • HARDCODED_CREDENTIALS
Android 296
  • BAD_CERT_VERIFICATION
Android 297
  • BAD_CERT_VERIFICATION
Android 299
  • BAD_CERT_VERIFICATION
Android 311
  • SENSITIVE_DATA_LEAK
Android 312
  • SENSITIVE_DATA_LEAK
Android 313
  • SENSITIVE_DATA_LEAK
Android 317
  • SENSITIVE_DATA_LEAK
Android 319
  • SENSITIVE_DATA_LEAK
Android 321
  • HARDCODED_CREDENTIALS
Android 327
  • RISKY_CRYPTO
Android 328
  • RISKY_CRYPTO
Android 330
  • MOBILE_ID_MISUSE
Android 336
  • PREDICTABLE_RANDOM_SEED
Android 337
  • PREDICTABLE_RANDOM_SEED
Android 470
  • UNSAFE_REFLECTION
Android 502
  • UNSAFE_DESERIALIZATION
Android 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Android 532
  • SENSITIVE_DATA_LEAK
Android 538
  • UNRESTRICTED_ACCESS_TO_FILE
  • EXPOSED_PREFERENCES
Android 611
  • ML_EXTERNAL_ENTITY
Android 759
  • WEAK_PASSWORD_HASH
Android 760
  • WEAK_PASSWORD_HASH
Android 776
  • XML_EXTERNAL_ENTITY
Android 798
  • HARDCODED_CREDENTIALS
Android 827
  • XML_EXTERNAL_ENTITY
Android 916
  • WEAK_PASSWORD_HASH
Android 921
  • UNRESTRICTED_ACCESS_TO_FILE
Android 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Android 927
  • IMPLICIT_INTENT
  • SENSITIVE_DATA_LEAK
  • MISSING_PERMISSION_FOR_BROADCAST
Android 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Android 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
C# 11
  • CONFIG.ENABLED_DEBUG_MODE
  • CONFIG.ENABLED_TRACE_MODE
C# 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
C# 13
  • CONFIG.CONNECTION_STRING_PASSWORD
C# 22
  • PATH_MANIPULATION
C# 73
  • UNRESTRICTED_DISPATCH
C# 78
  • OS_CMD_INJECTION
C# 79
  • XSS
C# 89
  • SQL_NOT_CONSTANT
  • SQLI
C# 90
  • LDAP_INJECTION
C# 91
  • XML_INJECTION
C# 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • SCRIPT_CODE_INJECTION
C# 95
  • SCRIPT_CODE_INJECTION
C# 117
  • LOG_INJECTION
C# 190
  • OVERFLOW_BEFORE_WIDEN
C# 200
  • ASPNET_MVC_VERSION_HEADER
  • CONFIG.ASPNET_VERSION_HEADER
  • CONFIG.COOKIES_MISSING_HTTPONLY
C# 209
  • SENSITIVE_DATA_LEAK
C# 259
  • HARDCODED_CREDENTIALS
C# 285
  • MISSING_AUTHZ
C# 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 314
  • SENSITIVE_DATA_LEAK
C# 315
  • UNENCRYPTED_SENSITIVE_DATA
  • SENSITIVE_DATA_LEAK
C# 317
  • SENSITIVE_DATA_LEAK
C# 319
  • UNENCRYPTED_SENSITIVE_DATA
  • SENSITIVE_DATA_LEAK
C# 321
  • HARDCODED_CREDENTIALS
C# 327
  • RISKY_CRYPTO
C# 328
  • RISKY_CRYPTO
C# 330
  • INSECURE_RANDOM
C# 352
  • CSRF
C# 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
C# 369
  • DIVIDE_BY_ZERO
C# 390
  • MISSING_THROW
C# 398
  • UNEXPECTED_CONTROL_FLOW
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
C# 403
  • RESOURCE_LEAK
C# 404
  • RESOURCE_LEAK
C# 470
  • UNSAFE_NAMED_QUERY
C# 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C# 480
  • CONSTANT_EXPRESSION_RESULT
C# 502
  • UNSAFE_DESERIALIZATION
C# 519
  • CONFIG.ASP_VIEWSTATE_MAC
C# 532
  • SENSITIVE_DATA_LEAK
C# 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
C# 561
  • DEADCODE
  • UNREACHABLE
C# 563
  • UNUSED_VALUE
C# 569
  • CONSTANT_EXPRESSION_RESULT
C# 570
  • BAD_EQ_TYPES
C# 573
  • CALL_SUPER
  • MISSING_RESTORE
C# 595
  • BAD_EQ
C# 601
  • OPEN_REDIRECT
C# 610
  • HEADER_INJECTION
C# 611
  • XML_EXTERNAL_ENTITY
C# 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
C# 643
  • XPATH_INJECTION
C# 670
  • STRAY_SEMICOLON
C# 683
  • SWAPPED_ARGUMENTS
C# 759
  • WEAK_PASSWORD_HASH
C# 760
  • WEAK_PASSWORD_HASH
C# 776
  • XML_EXTERNAL_ENTITY
C# 778
  • UNLOGGED_SECURITY_EXCEPTION
C# 783
  • CONSTANT_EXPRESSION_RESULT
C# 798
  • HARDCODED_CREDENTIALS
C# 827
  • XML_EXTERNAL_ENTITY
C# 833
  • LOCK_INVERSION
C# 835
  • INFINITE_LOOP
C# 863
  • CONFIG.DEAD_AUTHORIZATION_RULE
C# 916
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
C/C++ & Objective-C 22
  • PATH_MANIPULATION
C/C++ & Objective-C 78
  • OS_CMD_INJECTION
C/C++ & Objective-C 89
  • SQLI
C/C++ & Objective-C 99
  • URL_MANIPULATION
C/C++ & Objective-C 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
C/C++ & Objective-C 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
C/C++ & Objective-C 125
  • INTEGER_OVERFLOW
  • OVERRUN
C/C++ & Objective-C 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
C/C++ & Objective-C 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
C/C++ & Objective-C 134
  • PW.NON_CONST_PRINTF_FORMAT_STRING
  • TAINTED_STRING
  • FORMAT_STRING_INJECTION
C/C++ & Objective-C 170
  • BUFFER_SIZE
  • BUFFER_SIZE_WARNING
  • READLINK
  • SIZECHECK
  • STRING_NULL
C/C++ & Objective-C 188
  • INCOMPATIBLE_CAST
C/C++ & Objective-C 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
C/C++ & Objective-C 194
  • SIGN_EXTENSION
C/C++ & Objective-C 195
  • MISRA_CAST
C/C++ & Objective-C 197
  • CHAR_IO
  • MISRA_CAST
  • NO_EFFECT
C/C++ & Objective-C 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
C/C++ & Objective-C 243
  • CHROOT
C/C++ & Objective-C 248
  • UNCAUGHT_EXCEPT
C/C++ & Objective-C 252
  • CHECKED_RETURN
C/C++ & Objective-C 253
  • BAD_COMPARE
C/C++ & Objective-C 259
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 290
  • WEAK_GUARD
C/C++ & Objective-C 291
  • WEAK_GUARD
C/C++ & Objective-C 293
  • WEAK_GUARD
C/C++ & Objective-C 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 315
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 319
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 321
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 327
  • RISKY_CRYPTO
C/C++ & Objective-C 328
  • RISKY_CRYPTO
C/C++ & Objective-C 350
  • WEAK_GUARD
C/C++ & Objective-C 366
  • MISSING_LOCK
C/C++ & Objective-C 367
  • TOCTOU
C/C++ & Objective-C 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
C/C++ & Objective-C 377
  • SECURE_TEMP
C/C++ & Objective-C 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
C/C++ & Objective-C 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
C/C++ & Objective-C 400
  • STACK_USE
C/C++ & Objective-C 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
C/C++ & Objective-C 404
  • RESOURCE_LEAK
C/C++ & Objective-C 415
  • USE_AFTER_FREE
C/C++ & Objective-C 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_ASSIGN
  • MISSING_COPY
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
C/C++ & Objective-C 456
  • NO_EFFECT
C/C++ & Objective-C 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
C/C++ & Objective-C 459
  • DELETE_ARRAY
C/C++ & Objective-C 465
  • NO_EFFECT
C/C++ & Objective-C 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
C/C++ & Objective-C 475
  • PRINTF_ARGS
C/C++ & Objective-C 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C/C++ & Objective-C 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
C/C++ & Objective-C 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
C/C++ & Objective-C 482
  • NO_EFFECT
C/C++ & Objective-C 483
  • NESTING_INDENT_MISMATCH
C/C++ & Objective-C 484
  • MISSING_BREAK
C/C++ & Objective-C 561
  • DEADCODE
  • UNREACHABLE
C/C++ & Objective-C 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
C/C++ & Objective-C 563
  • UNUSED_VALUE
C/C++ & Objective-C 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
C/C++ & Objective-C 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
C/C++ & Objective-C 590
  • BAD_FREE
C/C++ & Objective-C 597
  • BAD_COMPARE
C/C++ & Objective-C 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
C/C++ & Objective-C 617
  • LOCK
C/C++ & Objective-C 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
C/C++ & Objective-C 643
  • XPATH_INJECTION
C/C++ & Objective-C 662
  • ATOMICITY
C/C++ & Objective-C 665
  • NO_EFFECT
C/C++ & Objective-C 667
  • LOCK
  • SLEEP
C/C++ & Objective-C 670
  • STRAY_SEMICOLON
C/C++ & Objective-C 672
  • USE_AFTER_FREE
C/C++ & Objective-C 676
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • DC.PREDICTABLE_KEY_PASSWORD
  • SECURE_CODING
C/C++ & Objective-C 681
  • MISRA_CAST
C/C++ & Objective-C 683
  • SWAPPED_ARGUMENTS
C/C++ & Objective-C 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
C/C++ & Objective-C 686
  • PRINTF_ARGS
  • PW.PRINTF_ARG_MISMATCH
C/C++ & Objective-C 687
  • NEGATIVE_RETURNS
C/C++ & Objective-C 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
C/C++ & Objective-C 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • HFA
  • MISSING_ASSIGN
  • MISSING_COPY
  • MISSING_RETURN
  • SELF_ASSIGN
C/C++ & Objective-C 758
  • DELETE_VOID
  • EVALUATION_ORDER
C/C++ & Objective-C 759
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 760
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 762
  • ALLOC_FREE_MISMATCH
C/C++ & Objective-C 764
  • LOCK
C/C++ & Objective-C 772
  • VIRTUAL_DTOR
C/C++ & Objective-C 775
  • RESOURCE_LEAK
C/C++ & Objective-C 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 798
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 833
  • ORDER_REVERSAL
C/C++ & Objective-C 835
  • INFINITE_LOOP
C/C++ & Objective-C 916
  • WEAK_PASSWORD_HASH
Go 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Go 79
  • XSS
Go 88
  • HEADER_INJECTION
Go 89
  • SQLI
Go 94
  • NOSQL_QUERY_INJECTION
  • TEMPLATE_INJECTION
Go 99
  • URL_MANIPULATION
Go 209
  • SENSITIVE_DATA_LEAK
Go 252
  • CHECKED_RETURN
Go 259
  • HARDCODED_CREDENTIALS
Go 313
  • SENSITIVE_DATA_LEAK
Go 314
  • SENSITIVE_DATA_LEAK
Go 315
  • SENSITIVE_DATA_LEAK
Go 317
  • SENSITIVE_DATA_LEAK
Go 319
  • SENSITIVE_DATA_LEAK
Go 321
  • HARDCODED_CREDENTIALS
Go 327
  • RISKY_CRYPTO
Go 328
  • RISKY_CRYPTO
Go 369
  • DIVIDE_BY_ZERO
Go 398
  • IDENTICAL_BRANCHES
Go 476
  • FORWARD_NULL
  • REVERSE_INULL
  • NULL_RETURNS
Go 480
  • CONSTANT_EXPRESSION_RESULT
Go 502
  • DISTRUSTED_DATA_DESERIALIZATION
Go 532
  • SENSITIVE_DATA_LEAK
Go 561
  • DEADCODE
Go 563
  • UNUSED_VALUE
Go 569
  • CONSTANT_EXPRESSION_RESULT
Go 601
  • OPEN_REDIRECT
Go 611
  • XML_EXTERNAL_ENTITY
Go 776
  • XML_EXTERNAL_ENTITY
Go 778
  • INSUFFICIENT_LOGGING
Go 783
  • CONSTANT_EXPRESSION_RESULT
Go 798
  • HARDCODED_CREDENTIALS
Go 835
  • INFINITE_LOOP
Java 4
  • CONFIG.DUPLICATE_SERVLET_DEFINITION
Java 7
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
Java 22
  • JSP_DYNAMIC_INCLUDE
  • PATH_MANIPULATION
Java 73
  • UNRESTRICTED_DISPATCH
Java 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Java 79
  • XSS
Java 89
  • JSP_SQL_INJECTION
  • SQLI
  • SQL_NOT_CONSTANT
Java 90
  • LDAP_INJECTION
Java 91
  • XML_INJECTION
Java 94
  • JAVA_CODE_INJECTION
  • JCR_INJECTION
  • NOSQL_QUERY_INJECTION
  • OGNL_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
Java 95
  • SCRIPT_CODE_INJECTION
Java 99
  • URL_MANIPULATION
Java 116
  • CONFIG.MYBATIS_MAPPER_SQLI
Java 117
  • LOG_INJECTION
Java 185
  • REGEX_CONFUSION
Java 190
  • OVERFLOW_BEFORE_WIDEN
Java 200
  • CONFIG.JAVAEE_MISSING_HTTPONLY
  • CORS_MISCONFIGURATION_AUDIT
Java 209
  • SENSITIVE_DATA_LEAK
Java 215
  • ANDROID_DEBUG_MODE
Java 242
  • DC.DANGEROUS
Java 252
  • CHECKED_RETURN
Java 253
  • ORM_LOAD_NULL_CHECK
Java 259
  • HARDCODED_CREDENTIALS
Java 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
Java 285
  • MISSING_AUTHZ
Java 290
  • WEAK_GUARD
Java 291
  • WEAK_GUARD
Java 293
  • WEAK_GUARD
Java 296
  • BAD_CERT_VERIFICATION
Java 297
  • BAD_CERT_VERIFICATION
Java 299
  • BAD_CERT_VERIFICATION
Java 300
  • CORS_MISCONFIGURATION
Java 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 314
  • SENSITIVE_DATA_LEAK
Java 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 317
  • SENSITIVE_DATA_LEAK
Java 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 321
  • HARDCODED_CREDENTIALS
Java 327
  • RISKY_CRYPTO
Java 328
  • RISKY_CRYPTO
Java 330
  • MOBILE_ID_MISUSE
  • INSECURE_RANDOM
Java 336
  • PREDICTABLE_RANDOM_SEED
Java 337
  • PREDICTABLE_RANDOM_SEED
Java 350
  • WEAK_GUARD
Java 352
  • CSRF
Java 359
  • SENSITIVE_DATA_LEAK
Java 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
Java 369
  • DIVIDE_BY_ZERO
Java 384
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION
  • SESSION_FIXATION
Java 390
  • MISSING_THROW
Java 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
Java 403
  • RESOURCE_LEAK
Java 404
  • RESOURCE_LEAK
Java 425
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT
Java 427
  • UNSAFE_JNI
Java 470
  • UNSAFE_REFLECTION
  • UNSAFE_NAMED_QUERY
Java 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Java 480
  • CONSTANT_EXPRESSION_RESULT
Java 483
  • NESTING_INDENT_MISMATCH
Java 484
  • MISSING_BREAK
Java 501
  • TRUST_BOUNDARY_VIOLATION
Java 502
  • UNSAFE_DESERIALIZATION
Java 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Java 532
  • SENSITIVE_DATA_LEAK
Java 538
  • EXPOSED_PREFERENCES
  • UNRESTRICTED_ACCESS_TO_FILE
Java 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
  • SINGLETON_RACE
Java 561
  • DEADCODE
  • UNREACHABLE
Java 563
  • UNUSED_VALUE
Java 567
  • SERVLET_ATOMICITY
Java 568
  • CALL_SUPER
Java 569
  • CONSTANT_EXPRESSION_RESULT
Java 573
  • CALL_SUPER
  • INVALIDATE_ITERATOR
  • MISSING_RESTORE
  • ATTRIBUTE_NAME_CONFLICT
Java 580
  • CALL_SUPER
Java 601
  • OPEN_REDIRECT
Java 610
  • HEADER_INJECTION
Java 611
  • XML_EXTERNAL_ENTITY
Java 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
Java 614
  • INSECURE_COOKIE
Java 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
Java 643
  • XPATH_INJECTION
Java 650
  • CONFIG.HTTP_VERB_TAMPERING
Java 662
  • ATOMICITY
Java 670
  • STRAY_SEMICOLON
Java 672
  • USE_AFTER_FREE
Java 683
  • SWAPPED_ARGUMENTS
Java 759
  • WEAK_PASSWORD_HASH
Java 760
  • WEAK_PASSWORD_HASH
Java 776
  • XML_EXTERNAL_ENTITY
Java 778
  • UNLOGGED_SECURITY_EXCEPTION
Java 783
  • CONSTANT_EXPRESSION_RESULT
Java 798
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY
  • HARDCODED_CREDENTIALS
Java 827
  • XML_EXTERNAL_ENTITY
Java 833
  • DC.DEADLOCK
  • LOCK_INVERSION
Java 835
  • INFINITE_LOOP
Java 862
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN
Java 863
  • CONFIG.DWR_DEBUG_MODE
  • CONFIG.SPRING_SECURITY_DEBUG_MODE
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION
  • CONFIG.STRUTS2_ENABLED_DEV_MODE
Java 916
  • WEAK_PASSWORD_HASH
Java 917
  • EL_INJECTION
Java 921
  • UNRESTRICTED_ACCESS_TO_FILE
Java 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Java 927
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Java 942
  • CORS_MISCONFIGURATION_AUDIT
Java 1023
  • HIBERNATE_BAD_HASHCODE
Java 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Java 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
JavaScript 20
  • COOKIE_INJECTION
JavaScript 22
  • PATH_MANIPULATION
JavaScript 73
  • BUSBOY_MISCONFIGURATION
JavaScript 74
  • CSS_INJECTION
JavaScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
JavaScript 79
  • DOM_XSS
  • XSS
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE
  • REACT_DANGEROUS_INNERHTML
JavaScript 88
  • HEADER_INJECTION
JavaScript 89
  • SQLI
JavaScript 94
  • REGEX_INJECTION
  • NOSQL_QUERY_INJECTION
  • TEMPLATE_INJECTION
  • ANGULAR_EXPRESSION_INJECTION
JavaScript 95
  • SCRIPT_CODE_INJECTION
JavaScript 99
  • URL_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • LOCALSTORAGE_MANIPULATION
JavaScript 183
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST
JavaScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 209
  • SENSITIVE_DATA_LEAK
JavaScript 284
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 285
  • MISSING_AUTHZ
JavaScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
JavaScript 295
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
JavaScript 300
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 313
  • SENSITIVE_DATA_LEAK
JavaScript 314
  • SENSITIVE_DATA_LEAK
JavaScript 315
  • SENSITIVE_DATA_LEAK
JavaScript 317
  • SENSITIVE_DATA_LEAK
JavaScript 319
  • SENSITIVE_DATA_LEAK
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
JavaScript 327
  • RISKY_CRYPTO
JavaScript 328
  • RISKY_CRYPTO
JavaScript 330
  • INSECURE_RANDOM
JavaScript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
JavaScript 346
  • UNCHECKED_ORIGIN
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 352
  • CSRF
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
JavaScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • UNEXPECTED_CONTROL_FLOW
  • NO_EFFECT
JavaScript 400
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE
  • BUSBOY_MISCONFIGURATION
JavaScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
JavaScript 480
  • CONSTANT_EXPRESSION_RESULT
JavaScript 483
  • NESTING_INDENT_MISMATCH
JavaScript 484
  • MISSING_BREAK
JavaScript 502
  • UNSAFE_DESERIALIZATION
JavaScript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • SENSITIVE_DATA_LEAK
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
JavaScript 561
  • DEADCODE
  • UNREACHABLE
JavaScript 565
  • CONFIG.COOKIE_SIGNING_DISABLED
JavaScript 569
  • CONSTANT_EXPRESSION_RESULT
JavaScript 601
  • OPEN_REDIRECT
  • REACT_DYNAMIC_URL_INSECURE_TARGET
  • REVERSE_TABNABBING
JavaScript 611
  • XML_EXTERNAL_ENTITY
JavaScript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
  • AWS_INSUFFICIENT_PRESIGNED_URL_TIMEOUT
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME
  • CONFIG.UNSAFE_SESSION_TIMEOUT
JavaScript 614
  • INSECURE_COOKIE
JavaScript 628
  • EXPLICIT_THIS_EXPECTED
JavaScript 665
  • NO_EFFECT
JavaScript 668
  • UNRESTRICTED_MESSAGE_TARGET
JavaScript 670
  • STRAY_SEMICOLON
JavaScript 688
  • IDENTIFIER_TYPO
JavaScript 760
  • INSECURE_SALT
JavaScript 770
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE
JavaScript 776
  • XML_EXTERNAL_ENTITY
JavaScript 778
  • INSUFFICIENT_LOGGING
JavaScript 779
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING
JavaScript 783
  • CONSTANT_EXPRESSION_RESULT
JavaScript 798
  • HARDCODED_CREDENTIALS
JavaScript 829
  • MISSING_IFRAME_SANDBOX
JavaScript 922
  • LOCALSTORAGE_WRITE
JavaScript 942
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
JavaScript 1004
  • INSECURE_COOKIE
PHP 22
  • PATH_MANIPULATION
PHP 74
  • SYMFONY_EL_INJECTION
PHP 78
  • OS_CMD_INJECTION
PHP 79
  • XSS
PHP 88
  • HEADER_INJECTION
PHP 89
  • SQLI
PHP 94
  • NOSQL_QUERY_INJECTION
PHP 95
  • SCRIPT_CODE_INJECTION
PHP 209
  • SENSITIVE_DATA_LEAK
PHP 285
  • MISSING_AUTHZ
PHP 313
  • SENSITIVE_DATA_LEAK
PHP 314
  • SENSITIVE_DATA_LEAK
PHP 315
  • SENSITIVE_DATA_LEAK
PHP 317
  • SENSITIVE_DATA_LEAK
PHP 319
  • SENSITIVE_DATA_LEAK
PHP 352
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED
PHP 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
PHP 470
  • UNSAFE_REFLECTION
PHP 476
  • FORWARD_NULL
PHP 480
  • CONSTANT_EXPRESSION_RESULT
PHP 483
  • NESTING_INDENT_MISMATCH
PHP 484
  • MISSING_BREAK
PHP 502
  • UNSAFE_DESERIALIZATION
PHP 532
  • SENSITIVE_DATA_LEAK
PHP 561
  • UNREACHABLE
  • DEADCODE
PHP 569
  • CONSTANT_EXPRESSION_RESULT
PHP 601
  • OPEN_REDIRECT
PHP 611
  • XML_EXTERNAL_ENTITY
PHP 665
  • NO_EFFECT
PHP 670
  • STRAY_SEMICOLON
PHP 688
  • IDENTIFIER_TYPO
PHP 783
  • CONSTANT_EXPRESSION_RESULT
PHP 798
  • HARDCODED_CREDENTIALS
Python 22
  • PATH_MANIPULATION
Python 78
  • OS_CMD_INJECTION
Python 79
  • XSS
Python 89
  • SQLI
Python 94
  • NOSQL_QUERY_INJECTION
Python 95
  • SCRIPT_CODE_INJECTION
Python 209
  • SENSITIVE_DATA_LEAK
Python 285
  • MISSING_AUTHZ
Python 313
  • SENSITIVE_DATA_LEAK
Python 314
  • SENSITIVE_DATA_LEAK
Python 315
  • SENSITIVE_DATA_LEAK
Python 317
  • SENSITIVE_DATA_LEAK
Python 319
  • SENSITIVE_DATA_LEAK
Python 352
  • CSRF
Python 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Python 476
  • FORWARD_NULL
  • REVERSE_INULL
Python 480
  • CONSTANT_EXPRESSION_RESULT
Python 502
  • UNSAFE_DESERIALIZATION
Python 532
  • SENSITIVE_DATA_LEAK
Python 561
  • UNREACHABLE
  • DEADCODE
Python 569
  • CONSTANT_EXPRESSION_RESULT
Python 601
  • OPEN_REDIRECT
Python 611
  • XML_EXTERNAL_ENTITY
Python 688
  • IDENTIFIER_TYPO
Python 783
  • CONSTANT_EXPRESSION_RESULT
Python 798
  • HARDCODED_CREDENTIALS
Ruby 22
  • PATH_MANIPULATION
  • RUBY_VULNERABLE_LIBRARY
Ruby 73
  • RUBY_VULNERABLE_LIBRARY
Ruby 78
  • OS_CMD_INJECTION
Ruby 79
  • RUBY_VULNERABLE_LIBRARY
  • UNESCAPED_HTML
  • XSS
Ruby 83
  • XSS
Ruby 89
  • DYNAMIC_OBJECT_ATTRIBUTES
  • RUBY_VULNERABLE_LIBRARY
  • SQLI
Ruby 94
  • REGEX_INJECTION
Ruby 95
  • PATH_MANIPULATION
  • SCRIPT_CODE_INJECTION
Ruby 113
  • RUBY_VULNERABLE_LIBRARY
Ruby 183
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 184
  • BLACKLIST_FOR_AUTHN
Ruby 209
  • SENSITIVE_DATA_LEAK
Ruby 215
  • SENSITIVE_DATA_LEAK
Ruby 259
  • HARDCODED_CREDENTIALS
Ruby 263
  • RAILS_DEVISE_CONFIG
Ruby 287
  • UNSAFE_BASIC_AUTH
Ruby 289
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_BASIC_AUTH
Ruby 307
  • RAILS_DEVISE_CONFIG
Ruby 319
  • STRICT_TRANSPORT_SECURITY
Ruby 321
  • UNSAFE_SESSION_SETTING
Ruby 352
  • CSRF
Ruby 369
  • DIVIDE_BY_ZERO
Ruby 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • PARSE_ERROR
  • UNEXPECTED_CONTROL_FLOW
Ruby 400
  • RAILS_DEFAULT_ROUTES
  • RESOURCE_LEAK
  • RUBY_VULNERABLE_LIBRARY
Ruby 470
  • UNSAFE_REFLECTION
Ruby 476
  • FORWARD_NULL
  • REVERSE_INULL
Ruby 480
  • CONSTANT_EXPRESSION_RESULT
Ruby 502
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_DESERIALIZATION
  • COOKIE_SERIALIZER_CONFIG
Ruby 521
  • RAILS_DEVISE_CONFIG
Ruby 561
  • DEADCODE
  • UNREACHABLE
Ruby 569
  • CONSTANT_EXPRESSION_RESULT
Ruby 599
  • BAD_CERT_VERIFICATION
Ruby 601
  • OPEN_REDIRECT
  • REVERSE_TABNABBING
Ruby 614
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Ruby 639
  • INSECURE_DIRECT_OBJECT_REFERENCE
Ruby 642
  • SESSION_MANIPULATION
Ruby 665
  • NO_EFFECT
Ruby 688
  • IDENTIFIER_TYPO
Ruby 704
  • SQLI
Ruby 777
  • REGEX_MISSING_ANCHOR
Ruby 783
  • CONSTANT_EXPRESSION_RESULT
Ruby 798
  • UNSAFE_BASIC_AUTH
Ruby 862
  • RAILS_DEFAULT_ROUTES
  • RAILS_MISSING_FILTER_ACTION
Ruby 915
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 916
  • RAILS_DEVISE_CONFIG
  • WEAK_PASSWORD_HASH
Ruby 1004
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Scala 190
  • OVERFLOW_BEFORE_WIDEN
Scala 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
Scala 476
  • FORWARD_NULL
  • REVERSE_INULL
Scala 480
  • CONSTANT_EXPRESSION_RESULT
Scala 483
  • NESTING_INDENT_MISMATCH
Scala 561
  • DEADCODE
  • UNREACHABLE
Scala 569
  • CONSTANT_EXPRESSION_RESULT
Scala 665
  • NO_EFFECT
Scala 783
  • CONSTANT_EXPRESSION_RESULT
Swift 22
  • PATH_MANIPULATION
Swift 89
  • SQLI
Swift 94
  • REGEX_INJECTION
Swift 95
  • SCRIPT_CODE_INJECTION
Swift 209
  • SENSITIVE_DATA_LEAK
Swift 287
  • WEAK_BIOMETRIC_AUTH
Swift 295
  • BAD_CERT_VERIFICATION
Swift 296
  • BAD_CERT_VERIFICATION
Swift 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 314
  • SENSITIVE_DATA_LEAK
Swift 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 317
  • SENSITIVE_DATA_LEAK
Swift 319
  • SENSITIVE_DATA_LEAK
  • INSECURE_MULTIPEER_CONNECTION
  • INSECURE_COMMUNICATION
  • CONFIG.ATS_INSECURE
  • UNENCRYPTED_SENSITIVE_DATA
Swift 327
  • RISKY_CRYPTO
Swift 328
  • RISKY_CRYPTO
Swift 391
  • UNEXPECTED_CONTROL_FLOW
Swift 398
  • COPY_PASTE_ERROR
  • UNEXPECTED_CONTROL_FLOW
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • PW.*
Swift 476
  • FORWARD_NULL
  • REVERSE_INULL
Swift 480
  • CONSTANT_EXPRESSION_RESULT
Swift 532
  • SENSITIVE_DATA_LEAK
Swift 561
  • DEADCODE
Swift 569
  • CONSTANT_EXPRESSION_RESULT
Swift 611
  • XML_EXTERNAL_ENTITY
Swift 643
  • XPATH_INJECTION
Swift 798
  • HARDCODED_CREDENTIALS
Swift 829
  • CUSTOM_KEYBOARD_DATA_LEAK
TypeScript 20
  • COOKIE_INJECTION
TypeScript 22
  • PATH_MANIPULATION
TypeScript 73
  • BUSBOY_MISCONFIGURATION
TypeScript 74
  • CSS_INJECTION
TypeScript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
TypeScript 79
  • ANGULAR_ELEMENT_REFERENCE
  • DOM_XSS
  • XSS
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE
  • REACT_DANGEROUS_INNERHTML
TypeScript 88
  • HEADER_INJECTION
TypeScript 89
  • SQLI
TypeScript 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
TypeScript 95
  • SCRIPT_CODE_INJECTION
TypeScript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
TypeScript 200
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 209
  • SENSITIVE_DATA_LEAK
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 284
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 285
  • MISSING_AUTHZ
TypeScript 289
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING
TypeScript 295
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
TypeScript 300
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 313
  • SENSITIVE_DATA_LEAK
TypeScript 314
  • SENSITIVE_DATA_LEAK
TypeScript 315
  • SENSITIVE_DATA_LEAK
TypeScript 317
  • SENSITIVE_DATA_LEAK
TypeScript 319
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
  • SENSITIVE_DATA_LEAK
TypeScript 327
  • RISKY_CRYPTO
TypeScript 328
  • RISKY_CRYPTO
TypeScript 330
  • INSECURE_RANDOM
TypeScript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
TypeScript 346
  • UNCHECKED_ORIGIN
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 352
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
TypeScript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
TypeScript 400
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
  • BUSBOY_MISCONFIGURATION
TypeScript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
TypeScript 480
  • CONSTANT_EXPRESSION_RESULT
TypeScript 483
  • NESTING_INDENT_MISMATCH
TypeScript 484
  • MISSING_BREAK
TypeScript 502
  • UNSAFE_DESERIALIZATION
TypeScript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • SENSITIVE_DATA_LEAK
  • EXPRESS_WINSTON_SENSITIVE_LOGGING
TypeScript 561
  • DEADCODE
  • UNREACHABLE
TypeScript 565
  • CONFIG.COOKIE_SIGNING_DISABLED
TypeScript 569
  • CONSTANT_EXPRESSION_RESULT
TypeScript 601
  • OPEN_REDIRECT
  • REACT_DYNAMIC_URL_INSECURE_TARGET
  • REVERSE_TABNABBING
TypeScript 611
  • XML_EXTERNAL_ENTITY
TypeScript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
  • AWS_INSUFFICIENT_PRESIGNED_URL_TIMEOUT
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME
  • CONFIG.UNSAFE_SESSION_TIMEOUT
TypeScript 614
  • INSECURE_COOKIE
TypeScript 628
  • EXPLICIT_THIS_EXPECTED
TypeScript 665
  • NO_EFFECT
TypeScript 668
  • UNRESTRICTED_MESSAGE_TARGET
TypeScript 670
  • STRAY_SEMICOLON
TypeScript 688
  • IDENTIFIER_TYPO
TypeScript 760
  • INSECURE_SALT
TypeScript 770
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE
TypeScript 776
  • XML_EXTERNAL_ENTITY
TypeScript 778
  • INSUFFICIENT_LOGGING
TypeScript 783
  • CONSTANT_EXPRESSION_RESULT
TypeScript 798
  • HARDCODED_CREDENTIALS
TypeScript 829
  • MISSING_IFRAME_SANDBOX
TypeScript 922
  • LOCALSTORAGE_WRITE
TypeScript 942
  • CORS_MISCONFIGURATION
  • CORS_MISCONFIGURATION_AUDIT
TypeScript 1004
  • INSECURE_COOKIE
VB.NET 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
VB.NET 22
  • PATH_MANIPULATION
VB.NET 73
  • UNRESTRICTED_DISPATCH
VB.NET 78
  • OS_CMD_INJECTION
VB.NET 79
  • XSS
VB.NET 89
  • SQLI
  • SQLI_NOT_CONSTANT
VB.NET 90
  • LDAP_INJECTION
VB.NET 94
  • REGEX_INJECTION
VB.NET 117
  • LOG_INJECTION
VB.NET 200
  • ASPNET_MVC_VERSION_HEADER
VB.NET 209
  • SENSITIVE_DATA_LEAK
VB.NET 259
  • HARDCODED_CREDENTIALS
VB.NET 285
  • MISSING_AUTHZ
VB.NET 313
  • SENSITIVE_DATA_LEAK
VB.NET 314
  • SENSITIVE_DATA_LEAK
VB.NET 315
  • SENSITIVE_DATA_LEAK
VB.NET 317
  • SENSITIVE_DATA_LEAK
VB.NET 319
  • SENSITIVE_DATA_LEAK
VB.NET 321
  • HARDCODED_CREDENTIALS
VB.NET 327
  • RISKY_CRYPTO
VB.NET 328
  • RISKY_CRYPTO
VB.NET 352
  • CSRF
VB.NET 369
  • DIVIDE_BY_ZERO
VB.NET 398
  • COPY_PASTE_ERROR
  • UNEXPECTED_CONTROL_FLOW
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
VB.NET 403
  • RESOURCE_LEAK
VB.NET 404
  • RESOURCE_LEAK
VB.NET 470
  • UNSAFE_NAMED_QUERY
VB.NET 476
  • FORWARD_NULL
  • REVERSE_INULL
VB.NET 502
  • UNSAFE_DESERIALIZATION
VB.NET 543
  • LOCK_EVASION
VB.NET 561
  • DEADCODE
  • UNREACHABLE
VB.NET 573
  • CALL_SUPER
VB.NET 611
  • XML_EXTERNAL_ENTITY
VB.NET 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
VB.NET 643
  • XPATH_INJECTION
VB.NET 683
  • SWAPPED_ARGUMENTS
VB.NET 759
  • WEAK_PASSWORD_HASH
VB.NET 760
  • WEAK_PASSWORD_HASH
VB.NET 776
  • XML_EXTERNAL_ENTITY
VB.NET 778
  • UNLOGGED_SECURITY_EXCEPTION
VB.NET 798
  • HARDCODED_CREDENTIALS
VB.NET 827
  • XML_EXTERNAL_ENTITY
VB.NET 835
  • INFINITE_LOOP
VB.NET 916
  • WEAK_PASSWORD_HASH