Coverity Coverage for Common Weakness Enumeration (CWE)

At its core, Common Weakness Enumeration (CWE) is a community-developed list of software weaknesses. CWE provides a taxonomy to categorize and describe software weaknesses—giving developers and security practitioners a common language for software security.

MITRE owns and maintains the project. To learn more about CWE, click here.

Search below to see Coverity's CWE support of languages in your codebase:

Interested in a specific language or platform?



Language/Platform CWE      Coverity Checker
Android 22
  • PATH_MANIPULATION
Android 78
  • OS_CMD_INJECTION
Android 79
  • XSS
Android 89
  • SQLI
Android 94
  • SQLIREGEX_INJECTION
Android 99
  • URL_MANIPULATION
Android 209
  • SENSITIVE_DATA_LEAK
Android 215
  • ANDROID_DEBUG_MODE
Android 259
  • HARDCODED_CREDENTIALS
Android 296
  • BAD_CERT_VERIFICATION
Android 297
  • BAD_CERT_VERIFICATION
Android 299
  • BAD_CERT_VERIFICATION
Android 311
  • SENSITIVE_DATA_LEAK
Android 312
  • SENSITIVE_DATA_LEAK
Android 313
  • SENSITIVE_DATA_LEAK
Android 317
  • SENSITIVE_DATA_LEAK
Android 319
  • SENSITIVE_DATA_LEAK
Android 321
  • HARDCODED_CREDENTIALS
Android 327
  • RISKY_CRYPTO
Android 328
  • RISKY_CRYPTO
Android 330
  • MOBILE_ID_MISUSE
Android 336
  • PREDICTABLE_RANDOM_SEED
Android 337
  • PREDICTABLE_RANDOM_SEED
Android 470
  • UNSAFE_REFLECTION
Android 502
  • UNSAFE_DESERIALIZATION
Android 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Android 532
  • SENSITIVE_DATA_LEAK
Android 538
  • UNRESTRICTED_ACCESS_TO_FILE
  • EXPOSED_PREFERENCES
Android 611
  • ML_EXTERNAL_ENTITY
Android 759
  • WEAK_PASSWORD_HASH
Android 760
  • WEAK_PASSWORD_HASH
Android 776
  • XML_EXTERNAL_ENTITY
Android 798
  • HARDCODED_CREDENTIALS
Android 827
  • XML_EXTERNAL_ENTITY
Android 916
  • WEAK_PASSWORD_HASH
Android 921
  • UNRESTRICTED_ACCESS_TO_FILE
Android 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Android 927
  • IMPLICIT_INTENT
  • SENSITIVE_DATA_LEAK
  • MISSING_PERMISSION_FOR_BROADCAST
Android 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Android 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
C# 11
  • CONFIG.ENABLED_DEBUG_MODE
  • CONFIG.ENABLED_TRACE_MODE
C# 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
C# 13
  • CONFIG.CONNECTION_STRING_PASSWORD
C# 22
  • PATH_MANIPULATION
C# 73
  • UNRESTRICTED_DISPATCH
C# 78
  • OS_CMD_INJECTION
C# 79
  • XSS
C# 89
  • SQL_NOT_CONSTANT
  • SQLI
C# 90
  • LDAP_INJECTION
C# 91
  • XML_INJECTION
C# 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • SCRIPT_CODE_INJECTION
C# 95
  • SCRIPT_CODE_INJECTION
C# 117
  • LOG_INJECTION
C# 190
  • OVERFLOW_BEFORE_WIDEN
C# 200
  • ASPNET_MVC_VERSION_HEADER
  • CONFIG.ASPNET_VERSION_HEADER
  • CONFIG.COOKIES_MISSING_HTTPONLY
C# 209
  • SENSITIVE_DATA_LEAK
C# 259
  • HARDCODED_CREDENTIALS
C# 285
  • MISSING_AUTHZ
C# 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C# 314
  • SENSITIVE_DATA_LEAK
C# 315
  • UNENCRYPTED_SENSITIVE_DATA
  • SENSITIVE_DATA_LEAK
C# 317
  • SENSITIVE_DATA_LEAK
C# 319
  • UNENCRYPTED_SENSITIVE_DATA
  • SENSITIVE_DATA_LEAK
C# 321
  • HARDCODED_CREDENTIALS
C# 327
  • RISKY_CRYPTO
C# 328
  • RISKY_CRYPTO
C# 330
  • INSECURE_RANDOM
C# 352
  • CSRF
C# 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
C# 369
  • DIVIDE_BY_ZERO
C# 390
  • MISSING_THROW
C# 398
  • UNEXPECTED_CONTROL_FLOW
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
C# 403
  • RESOURCE_LEAK
C# 404
  • RESOURCE_LEAK
C# 470
  • UNSAFE_NAMED_QUERY
C# 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C# 480
  • CONSTANT_EXPRESSION_RESULT
C# 502
  • UNSAFE_DESERIALIZATION
C# 519
  • CONFIG.ASP_VIEWSTATE_MAC
C# 532
  • SENSITIVE_DATA_LEAK
C# 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
C# 561
  • DEADCODE
  • UNREACHABLE
C# 563
  • UNUSED_VALUE
C# 569
  • CONSTANT_EXPRESSION_RESULT
C# 570
  • BAD_EQ_TYPES
C# 573
  • CALL_SUPER
  • MISSING_RESTORE
C# 595
  • BAD_EQ
C# 601
  • OPEN_REDIRECT
C# 610
  • HEADER_INJECTION
C# 611
  • XML_EXTERNAL_ENTITY
C# 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
C# 643
  • XPATH_INJECTION
C# 670
  • STRAY_SEMICOLON
C# 683
  • SWAPPED_ARGUMENTS
C# 759
  • WEAK_PASSWORD_HASH
C# 760
  • WEAK_PASSWORD_HASH
C# 776
  • XML_EXTERNAL_ENTITY
C# 778
  • UNLOGGED_SECURITY_EXCEPTION
C# 783
  • CONSTANT_EXPRESSION_RESULT
C# 798
  • HARDCODED_CREDENTIALS
C# 827
  • XML_EXTERNAL_ENTITY
C# 833
  • LOCK_INVERSION
C# 835
  • INFINITE_LOOP
C# 863
  • CONFIG.DEAD_AUTHORIZATION_RULE
C# 916
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 20
  • TAINTED_SCALAR
  • TAINTED_STRING
  • USER_POINTER
C/C++ & Objective-C 22
  • PATH_MANIPULATION
C/C++ & Objective-C 78
  • OS_CMD_INJECTION
C/C++ & Objective-C 89
  • SQLI
C/C++ & Objective-C 99
  • URL_MANIPULATION
C/C++ & Objective-C 119
  • ARRAY_VS_SINGLETON
  • BAD_ALLOC_ARITHMETIC
  • COM.BSTR.CONV
  • INCOMPATIBLE_CAST
  • INTEGER_OVERFLOW
  • INVALIDATE_ITERATOR
  • MISMATCHED_ITERATOR
  • OVERRUN
  • REVERSE_NEGATIVE
C/C++ & Objective-C 120
  • BUFFER_SIZE
  • SIZECHECK
  • STRING_OVERFLOW
  • STRING_SIZE
C/C++ & Objective-C 125
  • INTEGER_OVERFLOW
  • OVERRUN
C/C++ & Objective-C 129
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
  • TAINTED_SCALAR
C/C++ & Objective-C 131
  • BAD_ALLOC_STRLEN
  • SIZECHECK
C/C++ & Objective-C 134
  • PW.NON_CONST_PRINTF_FORMAT_STRING
  • TAINTED_STRING
  • TAINTED_STRING_WARNING
C/C++ & Objective-C 170
  • BUFFER_SIZE
  • BUFFER_SIZE_WARNING
  • READLINK
  • SIZECHECK
  • STRING_NULL
C/C++ & Objective-C 188
  • INCOMPATIBLE_CAST
C/C++ & Objective-C 190
  • INTEGER_OVERFLOW
  • OVERFLOW_BEFORE_WIDEN
  • PW.INTEGER_OVERFLOW
  • PW.INTEGER_TOO_LARGE
  • PW.SHIFT_COUNT_TOO_LARGE
C/C++ & Objective-C 194
  • SIGN_EXTENSION
C/C++ & Objective-C 195
  • MISRA_CAST
C/C++ & Objective-C 197
  • CHAR_IO
  • MISRA_CAST
  • NO_EFFECT
C/C++ & Objective-C 200
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK
C/C++ & Objective-C 243
  • CHROOT
C/C++ & Objective-C 248
  • UNCAUGHT_EXCEPT
C/C++ & Objective-C 252
  • CHECKED_RETURN
C/C++ & Objective-C 253
  • BAD_COMPARE
C/C++ & Objective-C 259
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 290
  • WEAK_GUARD
C/C++ & Objective-C 291
  • WEAK_GUARD
C/C++ & Objective-C 293
  • WEAK_GUARD
C/C++ & Objective-C 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 315
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 319
  • UNENCRYPTED_SENSITIVE_DATA
C/C++ & Objective-C 321
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 327
  • RISKY_CRYPTO
C/C++ & Objective-C 328
  • RISKY_CRYPTO
C/C++ & Objective-C 350
  • WEAK_GUARD
C/C++ & Objective-C 366
  • MISSING_LOCK
C/C++ & Objective-C 367
  • TOCTOU
C/C++ & Objective-C 369
  • DIVIDE_BY_ZERO
  • PW.DIVIDE_BY_ZERO
C/C++ & Objective-C 377
  • SECURE_TEMP
C/C++ & Objective-C 394
  • NEGATIVE_RETURNS
  • REVERSE_NEGATIVE
C/C++ & Objective-C 398
  • COPY_PASTE_ERROR
  • ENUM_AS_BOOLEAN
  • IDENTICAL_BRANCHES
  • MISMATCHED_ITERATOR
  • MIXED_ENUMS
  • NO_EFFECT
  • PASS_BY_VALUE
  • PW.*
  • UNEXPECTED_CONTROL_FLOW
  • VIRTUAL_DTOR
C/C++ & Objective-C 400
  • STACK_USE
C/C++ & Objective-C 401
  • COM.BSTR.ALLOC
  • CTOR_DTOR_LEAK
  • NO_EFFECT
C/C++ & Objective-C 404
  • RESOURCE_LEAK
C/C++ & Objective-C 415
  • USE_AFTER_FREE
C/C++ & Objective-C 416
  • COM.BAD_FREE
  • COM.BSTR.ALLOC
  • MISSING_ASSIGN
  • MISSING_COPY
  • USE_AFTER_FREE
  • WRAPPER_ESCAPE
C/C++ & Objective-C 456
  • NO_EFFECT
C/C++ & Objective-C 457
  • PW.BRANCH_PAST_INITIALIZATION
  • UNINIT
  • UNINIT_CTOR
C/C++ & Objective-C 459
  • DELETE_ARRAY
C/C++ & Objective-C 465
  • NO_EFFECT
C/C++ & Objective-C 467
  • BAD_SIZEOF
  • SIZEOF_MISMATCH
C/C++ & Objective-C 475
  • PRINTF_ARGS
C/C++ & Objective-C 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
C/C++ & Objective-C 480
  • CONSTANT_EXPRESSION_RESULT
  • NO_EFFECT
C/C++ & Objective-C 481
  • PW.ASSIGN_WHERE_COMPARE_MEANT
C/C++ & Objective-C 482
  • NO_EFFECT
C/C++ & Objective-C 483
  • NESTING_INDENT_MISMATCH
C/C++ & Objective-C 484
  • MISSING_BREAK
C/C++ & Objective-C 561
  • DEADCODE
  • UNREACHABLE
C/C++ & Objective-C 562
  • PW.RETURN_PTR_TO_LOCAL_TEMP
  • RETURN_LOCAL
C/C++ & Objective-C 563
  • UNUSED_VALUE
C/C++ & Objective-C 569
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 570
  • NO_EFFECT
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE
C/C++ & Objective-C 573
  • MISSING_RESTORE
  • OPEN_ARGS
  • VARARGS
C/C++ & Objective-C 590
  • BAD_FREE
C/C++ & Objective-C 597
  • BAD_COMPARE
C/C++ & Objective-C 606
  • NEGATIVE_RETURNS
  • TAINTED_SCALAR
C/C++ & Objective-C 617
  • LOCK
C/C++ & Objective-C 628
  • BAD_COMPARE
  • PW.BAD_PRINTF_FORMAT_STRING
C/C++ & Objective-C 643
  • XPATH_INJECTION
C/C++ & Objective-C 662
  • ATOMICITY
C/C++ & Objective-C 665
  • NO_EFFECT
C/C++ & Objective-C 667
  • LOCK
  • SLEEP
C/C++ & Objective-C 670
  • STRAY_SEMICOLON
C/C++ & Objective-C 672
  • USE_AFTER_FREE
C/C++ & Objective-C 676
  • DC.STREAM_BUFFER
  • DC.STRING_BUFFER
  • DC.WEAK_CRYPTO
  • DC.PREDICTABLE_KEY_PASSWORD
  • SECURE_CODING
C/C++ & Objective-C 681
  • MISRA_CAST
C/C++ & Objective-C 683
  • SWAPPED_ARGUMENTS
C/C++ & Objective-C 685
  • PRINTF_ARGS
  • PW.TOO_FEW_PRINTF_ARGS
  • PW.TOO_MANY_PRINTF_ARGS
C/C++ & Objective-C 686
  • PRINTF_ARGS
  • PW.PRINTF_ARG_MISMATCH
C/C++ & Objective-C 687
  • NEGATIVE_RETURNS
C/C++ & Objective-C 704
  • INCOMPATIBLE_CAST
  • PW.BAD_CAST
  • PW.CONVERSION_TO_POINTER_LOSES_BITS
C/C++ & Objective-C 710
  • ASSIGN_NOT_RETURNING_STAR_THIS
  • BAD_OVERRIDE
  • HFA
  • MISSING_ASSIGN
  • MISSING_COPY
  • MISSING_RETURN
  • SELF_ASSIGN
C/C++ & Objective-C 758
  • DELETE_VOID
  • EVALUATION_ORDER
C/C++ & Objective-C 759
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 760
  • WEAK_PASSWORD_HASH
C/C++ & Objective-C 762
  • ALLOC_FREE_MISMATCH
C/C++ & Objective-C 764
  • LOCK
C/C++ & Objective-C 772
  • VIRTUAL_DTOR
C/C++ & Objective-C 775
  • RESOURCE_LEAK
C/C++ & Objective-C 783
  • BAD_COMPARE
  • CONSTANT_EXPRESSION_RESULT
  • SIZEOF_MISMATCH
C/C++ & Objective-C 798
  • HARDCODED_CREDENTIALS
C/C++ & Objective-C 833
  • ORDER_REVERSAL
C/C++ & Objective-C 835
  • INFINITE_LOOP
C/C++ & Objective-C 916
  • WEAK_PASSWORD_HASH
Go 369
  • DIVIDE_BY_ZERO
Go 398
  • IDENTICAL_BRANCHES
Go 476
  • FORWARD_NULL
  • REVERSE_INULL
Go 480
  • CONSTANT_EXPRESSION_RESULT
Go 563
  • UNUSED_VALUE
Go 569
  • CONSTANT_EXPRESSION_RESULT
Go 783
  • CONSTANT_EXPRESSION_RESULT
Java 4
  • CONFIG.DUPLICATE_SERVLET_DEFINITION
Java 7
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER
Java 22
  • JSP_DYNAMIC_INCLUDE
  • PATH_MANIPULATION
Java 73
  • UNRESTRICTED_DISPATCH
Java 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Java 79
  • XSS
Java 89
  • JSP_SQL_INJECTION
  • SQLI
  • SQL_NOT_CONSTANT
Java 90
  • LDAP_INJECTION
Java 91
  • XML_INJECTION
Java 94
  • JAVA_CODE_INJECTION
  • JCR_INJECTION
  • NOSQL_QUERY_INJECTION
  • OGNL_INJECTION
  • REGEX_INJECTION
  • UNKNOWN_LANGUAGE_INJECTION
Java 95
  • SCRIPT_CODE_INJECTION
Java 99
  • URL_MANIPULATION
Java 116
  • CONFIG.MYBATIS_MAPPER_SQLI
Java 117
  • LOG_INJECTION
Java 185
  • REGEX_CONFUSION
Java 190
  • OVERFLOW_BEFORE_WIDEN
Java 200
  • CONFIG.JAVAEE_MISSING_HTTPONLY
Java 209
  • SENSITIVE_DATA_LEAK
Java 215
  • ANDROID_DEBUG_MODE
Java 242
  • DC.DANGEROUS
Java 252
  • CHECKED_RETURN
Java 253
  • ORM_LOAD_NULL_CHECK
Java 259
  • HARDCODED_CREDENTIALS
Java 285
  • MISSING_AUTHZ
Java 290
  • WEAK_GUARD
Java 291
  • WEAK_GUARD
Java 293
  • WEAK_GUARD
Java 296
  • BAD_CERT_VERIFICATION
Java 297
  • BAD_CERT_VERIFICATION
Java 299
  • BAD_CERT_VERIFICATION
Java 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 314
  • SENSITIVE_DATA_LEAK
Java 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 317
  • SENSITIVE_DATA_LEAK
Java 319
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Java 321
  • HARDCODED_CREDENTIALS
Java 327
  • RISKY_CRYPTO
Java 328
  • RISKY_CRYPTO
Java 330
  • MOBILE_ID_MISUSE
  • INSECURE_RANDOM
Java 336
  • PREDICTABLE_RANDOM_SEED
Java 337
  • PREDICTABLE_RANDOM_SEED
Java 350
  • WEAK_GUARD
Java 352
  • CSRF
Java 359
  • SENSITIVE_DATA_LEAK
Java 366
  • GUARDED_BY_VIOLATION
  • NON_STATIC_GUARDING_STATIC
  • VOLATILE_ATOMICITY
Java 369
  • DIVIDE_BY_ZERO
Java 384
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION
  • SESSION_FIXATION
Java 390
  • MISSING_THROW
Java 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • UNEXPECTED_CONTROL_FLOW
Java 403
  • RESOURCE_LEAK
Java 404
  • RESOURCE_LEAK
Java 425
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT
Java 427
  • UNSAFE_JNI
Java 470
  • UNSAFE_REFLECTION
  • UNSAFE_NAMED_QUERY
Java 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Java 480
  • CONSTANT_EXPRESSION_RESULT
Java 483
  • NESTING_INDENT_MISMATCH
Java 484
  • MISSING_BREAK
Java 501
  • TRUST_BOUNDARY_VIOLATION
Java 502
  • UNSAFE_DESERIALIZATION
Java 530
  • CONFIG.ANDROID_BACKUPS_ALLOWED
Java 532
  • SENSITIVE_DATA_LEAK
Java 538
  • EXPOSED_PREFERENCES
  • UNRESTRICTED_ACCESS_TO_FILE
Java 543
  • BAD_LOCK_OBJECT
  • LOCK_EVASION
  • SINGLETON_RACE
Java 561
  • DEADCODE
  • UNREACHABLE
Java 563
  • UNUSED_VALUE
Java 567
  • SERVLET_ATOMICITY
Java 568
  • CALL_SUPER
Java 569
  • CONSTANT_EXPRESSION_RESULT
Java 573
  • CALL_SUPER
  • INVALIDATE_ITERATOR
  • MISSING_RESTORE
  • ATTRIBUTE_NAME_CONFLICT
Java 580
  • CALL_SUPER
Java 601
  • OPEN_REDIRECT
Java 610
  • HEADER_INJECTION
Java 611
  • XML_EXTERNAL_ENTITY
Java 613
  • CONFIG.UNSAFE_SESSION_TIMEOUT
Java 614
  • INSECURE_COOKIE
Java 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
Java 643
  • XPATH_INJECTION
Java 650
  • CONFIG.HTTP_VERB_TAMPERING
Java 662
  • ATOMICITY
Java 670
  • STRAY_SEMICOLON
Java 672
  • USE_AFTER_FREE
Java 683
  • SWAPPED_ARGUMENTS
Java 759
  • WEAK_PASSWORD_HASH
Java 760
  • WEAK_PASSWORD_HASH
Java 776
  • XML_EXTERNAL_ENTITY
Java 778
  • UNLOGGED_SECURITY_EXCEPTION
Java 783
  • CONSTANT_EXPRESSION_RESULT
Java 798
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY
  • HARDCODED_CREDENTIALS
Java 827
  • XML_EXTERNAL_ENTITY
Java 833
  • DC.DEADLOCK
  • LOCK_INVERSION
Java 835
  • INFINITE_LOOP
Java 862
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN
Java 863
  • CONFIG.DWR_DEBUG_MODE
  • CONFIG.SPRING_SECURITY_DEBUG_MODE
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION
  • CONFIG.STRUTS2_ENABLED_DEV_MODE
Java 916
  • WEAK_PASSWORD_HASH
Java 917
  • EL_INJECTION
Java 921
  • UNRESTRICTED_ACCESS_TO_FILE
Java 926
  • ANDROID_CAPABILITY_LEAK
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT
Java 927
  • MISSING_PERMISSION_FOR_BROADCAST
  • SENSITIVE_DATA_LEAK
Java 1023
  • HIBERNATE_BAD_HASHCODE
Java 1032
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION
Java 1035
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION
Javascript 20
  • COOKIE_INJECTION
Javascript 22
  • PATH_MANIPULATION
Javascript 74
  • CSS_INJECTION
Javascript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Javascript 79
  • DOM_XSS
  • XSS
  • ANGULAR_BYPASS_SECURITY
  • ANGULAR_ELEMENT_REFERENCE
Javascript 88
  • HEADER_INJECTION
Javascript 89
  • SQLI
Javascript 94
  • REGEX_INJECTION
  • NOSQL_QUERY_INJECTION
  • TEMPLATE_INJECTION
  • ANGULAR_EXPRESSION_INJECTION
Javascript 95
  • SCRIPT_CODE_INJECTION
Javascript 99
  • URL_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • LOCALSTORAGE_MANIPULATION
Javascript 209
  • SENSITIVE_DATA_LEAK
Javascript 285
  • MISSING_AUTHZ
Javascript 295
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
Javascript 313
  • SENSITIVE_DATA_LEAK
Javascript 314
  • SENSITIVE_DATA_LEAK
Javascript 315
  • SENSITIVE_DATA_LEAK
Javascript 317
  • SENSITIVE_DATA_LEAK
Javascript 319
  • SENSITIVE_DATA_LEAK
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
Javascript 327
  • RISKY_CRYPTO
Javascript 328
  • RISKY_CRYPTO
Javascript 330
  • INSECURE_RANDOM
Javascript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
Javascript 346
  • UNCHECKED_ORIGIN
Javascript 352
  • CSRF
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
Javascript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • UNEXPECTED_CONTROL_FLOW
  • NO_EFFECT
Javascript 400
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE
Javascript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Javascript 480
  • CONSTANT_EXPRESSION_RESULT
Javascript 483
  • NESTING_INDENT_MISMATCH
Javascript 484
  • MISSING_BREAK
Javascript 502
  • UNSAFE_DESERIALIZATION
Javascript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • SENSITIVE_DATA_LEAK
Javascript 561
  • DEADCODE
  • UNREACHABLE
Javascript 569
  • CONSTANT_EXPRESSION_RESULT
Javascript 601
  • OPEN_REDIRECT
  • REACT_DYNAMIC_URL_INSECURE_TARGET
Javascript 611
  • XML_EXTERNAL_ENTITY
Javascript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
Javascript 628
  • EXPLICIT_THIS_EXPECTED
Javascript 665
  • NO_EFFECT
Javascript 668
  • UNRESTRICTED_MESSAGE_TARGET
Javascript 670
  • STRAY_SEMICOLON
Javascript 688
  • IDENTIFIER_TYPO
Javascript 760
  • INSECURE_SALT
Javascript 776
  • XML_EXTERNAL_ENTITY
Javascript 778
  • INSUFFICIENT_LOGGING
Javascript 783
  • CONSTANT_EXPRESSION_RESULT
Javascript 798
  • HARDCODED_CREDENTIALS
Javascript 829
  • MISSING_IFRAME_SANDBOX
Javascript 922
  • LOCALSTORAGE_WRITE
PHP 22
  • PATH_MANIPULATION
PHP 74
  • SYMFONY_EL_INJECTION
PHP 78
  • OS_CMD_INJECTION
PHP 79
  • XSS
PHP 88
  • HEADER_INJECTION
PHP 89
  • SQLI
PHP 94
  • NOSQL_QUERY_INJECTION
PHP 95
  • SCRIPT_CODE_INJECTION
PHP 209
  • SENSITIVE_DATA_LEAK
PHP 285
  • MISSING_AUTHZ
PHP 313
  • SENSITIVE_DATA_LEAK
PHP 314
  • SENSITIVE_DATA_LEAK
PHP 315
  • SENSITIVE_DATA_LEAK
PHP 317
  • SENSITIVE_DATA_LEAK
PHP 319
  • SENSITIVE_DATA_LEAK
PHP 352
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED
PHP 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
PHP 470
  • UNSAFE_REFLECTION
PHP 476
  • FORWARD_NULL
PHP 480
  • CONSTANT_EXPRESSION_RESULT
PHP 483
  • NESTING_INDENT_MISMATCH
PHP 484
  • MISSING_BREAK
PHP 502
  • UNSAFE_DESERIALIZATION
PHP 532
  • SENSITIVE_DATA_LEAK
PHP 561
  • UNREACHABLE
  • DEADCODE
PHP 569
  • CONSTANT_EXPRESSION_RESULT
PHP 601
  • OPEN_REDIRECT
PHP 611
  • XML_EXTERNAL_ENTITY
PHP 665
  • NO_EFFECT
PHP 670
  • STRAY_SEMICOLON
PHP 688
  • IDENTIFIER_TYPO
PHP 783
  • CONSTANT_EXPRESSION_RESULT
PHP 798
  • HARDCODED_CREDENTIALS
Python 22
  • PATH_MANIPULATION
Python 78
  • OS_CMD_INJECTION
Python 79
  • XSS
Python 89
  • SQLI
Python 94
  • NOSQL_QUERY_INJECTION
Python 95
  • SCRIPT_CODE_INJECTION
Python 209
  • SENSITIVE_DATA_LEAK
Python 285
  • MISSING_AUTHZ
Python 313
  • SENSITIVE_DATA_LEAK
Python 314
  • SENSITIVE_DATA_LEAK
Python 315
  • SENSITIVE_DATA_LEAK
Python 317
  • SENSITIVE_DATA_LEAK
Python 319
  • SENSITIVE_DATA_LEAK
Python 352
  • CSRF
Python 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
Python 476
  • FORWARD_NULL
  • REVERSE_INULL
Python 480
  • CONSTANT_EXPRESSION_RESULT
Python 502
  • UNSAFE_DESERIALIZATION
Python 532
  • SENSITIVE_DATA_LEAK
Python 561
  • UNREACHABLE
  • DEADCODE
Python 569
  • CONSTANT_EXPRESSION_RESULT
Python 601
  • OPEN_REDIRECT
Python 611
  • XML_EXTERNAL_ENTITY
Python 688
  • IDENTIFIER_TYPO
Python 783
  • CONSTANT_EXPRESSION_RESULT
Python 798
  • HARDCODED_CREDENTIALS
Ruby 22
  • PATH_MANIPULATION
  • RUBY_VULNERABLE_LIBRARY
Ruby 73
  • RUBY_VULNERABLE_LIBRARY
Ruby 78
  • OS_CMD_INJECTION
Ruby 79
  • RUBY_VULNERABLE_LIBRARY
  • UNESCAPED_HTML
  • XSS
Ruby 83
  • XSS
Ruby 89
  • DYNAMIC_OBJECT_ATTRIBUTES
  • RUBY_VULNERABLE_LIBRARY
  • SQLI
Ruby 94
  • REGEX_INJECTION
Ruby 95
  • PATH_MANIPULATION
  • SCRIPT_CODE_INJECTION
Ruby 113
  • RUBY_VULNERABLE_LIBRARY
Ruby 183
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 184
  • BLACKLIST_FOR_AUTHN
Ruby 209
  • SENSITIVE_DATA_LEAK
Ruby 215
  • SENSITIVE_DATA_LEAK
Ruby 259
  • HARDCODED_CREDENTIALS
Ruby 263
  • RAILS_DEVISE_CONFIG
Ruby 287
  • UNSAFE_BASIC_AUTH
Ruby 289
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_BASIC_AUTH
Ruby 307
  • RAILS_DEVISE_CONFIG
Ruby 321
  • UNSAFE_SESSION_SETTING
Ruby 352
  • CSRF
Ruby 369
  • DIVIDE_BY_ZERO
Ruby 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • PARSE_ERROR
  • UNEXPECTED_CONTROL_FLOW
Ruby 400
  • RAILS_DEFAULT_ROUTES
  • RESOURCE_LEAK
  • RUBY_VULNERABLE_LIBRARY
Ruby 470
  • UNSAFE_REFLECTION
Ruby 476
  • FORWARD_NULL
  • REVERSE_INULL
Ruby 480
  • CONSTANT_EXPRESSION_RESULT
Ruby 502
  • RUBY_VULNERABLE_LIBRARY
  • UNSAFE_DESERIALIZATION
Ruby 521
  • RAILS_DEVISE_CONFIG
Ruby 561
  • DEADCODE
  • UNREACHABLE
Ruby 569
  • CONSTANT_EXPRESSION_RESULT
Ruby 599
  • BAD_CERT_VERIFICATION
Ruby 601
  • OPEN_REDIRECT
Ruby 614
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Ruby 639
  • INSECURE_DIRECT_OBJECT_REFERENCE
Ruby 642
  • SESSION_MANIPULATION
Ruby 665
  • NO_EFFECT
Ruby 688
  • IDENTIFIER_TYPO
Ruby 704
  • SQLI
Ruby 777
  • REGEX_MISSING_ANCHOR
Ruby 783
  • CONSTANT_EXPRESSION_RESULT
Ruby 798
  • UNSAFE_BASIC_AUTH
Ruby 862
  • RAILS_DEFAULT_ROUTES
  • RAILS_MISSING_FILTER_ACTION
Ruby 915
  • DYNAMIC_OBJECT_ATTRIBUTES
Ruby 916
  • RAILS_DEVISE_CONFIG
  • WEAK_PASSWORD_HASH
Ruby 1004
  • INSECURE_COOKIE
  • UNSAFE_SESSION_SETTING
Scala 190
  • OVERFLOW_BEFORE_WIDEN
Scala 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
Scala 476
  • FORWARD_NULL
  • REVERSE_INULL
Scala 480
  • CONSTANT_EXPRESSION_RESULT
Scala 483
  • NESTING_INDENT_MISMATCH
Scala 561
  • DEADCODE
  • UNREACHABLE
Scala 569
  • CONSTANT_EXPRESSION_RESULT
Scala 665
  • NO_EFFECT
Scala 783
  • CONSTANT_EXPRESSION_RESULT
Swift 22
  • PATH_MANIPULATION
Swift 89
  • SQLI
Swift 94
  • REGEX_INJECTION
Swift 95
  • SCRIPT_CODE_INJECTION
Swift 209
  • SENSITIVE_DATA_LEAK
Swift 287
  • WEAK_BIOMETRIC_AUTH
Swift 295
  • BAD_CERT_VERIFICATION
Swift 296
  • BAD_CERT_VERIFICATION
Swift 313
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 314
  • SENSITIVE_DATA_LEAK
Swift 315
  • SENSITIVE_DATA_LEAK
  • UNENCRYPTED_SENSITIVE_DATA
Swift 317
  • SENSITIVE_DATA_LEAK
Swift 319
  • SENSITIVE_DATA_LEAK
  • INSECURE_MULTIPEER_CONNECTION
  • INSECURE_COMMUNICATION
  • CONFIG.ATS_INSECURE
  • UNENCRYPTED_SENSITIVE_DATA
Swift 327
  • RISKY_CRYPTO
Swift 328
  • RISKY_CRYPTO
Swift 391
  • UNEXPECTED_CONTROL_FLOW
Swift 398
  • COPY_PASTE_ERROR
  • UNEXPECTED_CONTROL_FLOW
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
  • PW.*
Swift 476
  • FORWARD_NULL
  • REVERSE_INULL
Swift 480
  • CONSTANT_EXPRESSION_RESULT
Swift 532
  • SENSITIVE_DATA_LEAK
Swift 561
  • DEADCODE
Swift 569
  • CONSTANT_EXPRESSION_RESULT
Swift 611
  • XML_EXTERNAL_ENTITY
Swift 643
  • XPATH_INJECTION
Swift 798
  • HARDCODED_CREDENTIALS
Swift 829
  • CUSTOM_KEYBOARD_DATA_LEAK
Typescript 20
  • COOKIE_INJECTION
Typescript 22
  • PATH_MANIPULATION
Typescript 74
  • CSS_INJECTION
Typescript 78
  • OS_CMD_INJECTION
  • TAINTED_ENVIRONMENT_WITH_EXECUTION
Typescript 79
  • ANGULAR_ELEMENT_REFERENCE
  • DOM_XSS
  • XSS
Typescript 88
  • HEADER_INJECTION
Typescript 89
  • SQLI
Typescript 94
  • NOSQL_QUERY_INJECTION
  • REGEX_INJECTION
  • TEMPLATE_INJECTION
Typescript 95
  • SCRIPT_CODE_INJECTION
Typescript 99
  • LOCALSTORAGE_MANIPULATION
  • SESSIONSTORAGE_MANIPULATION
  • URL_MANIPULATION
Typescript 209
  • SENSITIVE_DATA_LEAK
Typescript 285
  • MISSING_AUTHZ
Typescript 295
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED
  • CONFIG.REQUEST_STRICTSSL_DISABLED
Typescript 313
  • SENSITIVE_DATA_LEAK
Typescript 314
  • SENSITIVE_DATA_LEAK
Typescript 315
  • SENSITIVE_DATA_LEAK
Typescript 317
  • SENSITIVE_DATA_LEAK
Typescript 319
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION
  • SENSITIVE_DATA_LEAK
Typescript 327
  • RISKY_CRYPTO
Typescript 328
  • RISKY_CRYPTO
Typescript 330
  • INSECURE_RANDOM
Typescript 345
  • JSONWEBTOKEN_UNTRUSTED_DECODE
Typescript 346
  • UNCHECKED_ORIGIN
Typescript 352
  • CONFIG.CSURF_IGNORE_METHODS
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED
  • CSRF
Typescript 398
  • COPY_PASTE_ERROR
  • IDENTICAL_BRANCHES
  • NO_EFFECT
  • UNEXPECTED_CONTROL_FLOW
Typescript 400
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL
Typescript 476
  • FORWARD_NULL
  • NULL_RETURNS
  • REVERSE_INULL
Typescript 480
  • CONSTANT_EXPRESSION_RESULT
Typescript 483
  • NESTING_INDENT_MISMATCH
Typescript 484
  • MISSING_BREAK
Typescript 502
  • UNSAFE_DESERIALIZATION
Typescript 532
  • CONFIG.SEQUELIZE_ENABLED_LOGGING
  • SENSITIVE_DATA_LEAK
Typescript 561
  • DEADCODE
  • UNREACHABLE
Typescript 569
  • CONSTANT_EXPRESSION_RESULT
Typescript 601
  • OPEN_REDIRECT
  • REACT_DYNAMIC_URL_INSECURE_TARGET
Typescript 611
  • XML_EXTERNAL_ENTITY
Typescript 613
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN
Typescript 628
  • EXPLICIT_THIS_EXPECTED
Typescript 665
  • NO_EFFECT
Typescript 668
  • UNRESTRICTED_MESSAGE_TARGET
Typescript 670
  • STRAY_SEMICOLON
Typescript 688
  • IDENTIFIER_TYPO
Typescript 760
  • INSECURE_SALT
Typescript 776
  • XML_EXTERNAL_ENTITY
Typescript 778
  • INSUFFICIENT_LOGGING
Typescript 783
  • CONSTANT_EXPRESSION_RESULT
Typescript 798
  • HARDCODED_CREDENTIALS
Typescript 829
  • MISSING_IFRAME_SANDBOX
Typescript 922
  • LOCALSTORAGE_WRITE
VB.NET 12
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE
VB.NET 22
  • PATH_MANIPULATION
VB.NET 73
  • UNRESTRICTED_DISPATCH
VB.NET 78
  • OS_CMD_INJECTION
VB.NET 79
  • XSS
VB.NET 89
  • SQLI
  • SQLI_NOT_CONSTANT
VB.NET 90
  • LDAP_INJECTION
VB.NET 94
  • REGEX_INJECTION
VB.NET 117
  • LOG_INJECTION
VB.NET 200
  • ASPNET_MVC_VERSION_HEADER
VB.NET 209
  • SENSITIVE_DATA_LEAK
VB.NET 259
  • HARDCODED_CREDENTIALS
VB.NET 285
  • MISSING_AUTHZ
VB.NET 313
  • SENSITIVE_DATA_LEAK
VB.NET 314
  • SENSITIVE_DATA_LEAK
VB.NET 315
  • SENSITIVE_DATA_LEAK
VB.NET 317
  • SENSITIVE_DATA_LEAK
VB.NET 319
  • SENSITIVE_DATA_LEAK
VB.NET 321
  • HARDCODED_CREDENTIALS
VB.NET 327
  • RISKY_CRYPTO
VB.NET 328
  • RISKY_CRYPTO
VB.NET 352
  • CSRF
VB.NET 398
  • COPY_PASTE_ERROR
  • UNEXPECTED_CONTROL_FLOW
  • IDENTICAL_BRANCHES
  • PROPERTY_MIXUP
VB.NET 403
  • RESOURCE_LEAK
VB.NET 404
  • RESOURCE_LEAK
VB.NET 470
  • UNSAFE_NAMED_QUERY
VB.NET 476
  • FORWARD_NULL
  • REVERSE_INULL
VB.NET 502
  • UNSAFE_DESERIALIZATION
VB.NET 561
  • DEADCODE
  • UNREACHABLE
VB.NET 573
  • CALL_SUPER
VB.NET 611
  • XML_EXTERNAL_ENTITY
VB.NET 615
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT
VB.NET 643
  • XPATH_INJECTION
VB.NET 683
  • SWAPPED_ARGUMENTS
VB.NET 759
  • WEAK_PASSWORD_HASH
VB.NET 760
  • WEAK_PASSWORD_HASH
VB.NET 776
  • XML_EXTERNAL_ENTITY
VB.NET 778
  • UNLOGGED_SECURITY_EXCEPTION
VB.NET 798
  • HARDCODED_CREDENTIALS
VB.NET 827
  • XML_EXTERNAL_ENTITY
VB.NET 916
  • WEAK_PASSWORD_HASH