CWE Index

📋 CWE-250 CWE-250 ☸️🐳 10 rules 📋 CWE-942 CWE-942 🐹🐍 9 rules 📋 CWE-306 CWE-306 🐹🐍🔷 6 rules 📋 CWE-319 CWE-319 🐹☸️🐍 6 rules 📋 CWE-307 CWE-307 🐹 5 rules 📋 CWE-668 CWE-668 ☸️🔷 3 rules 📋 CWE-269 CWE-269 🐍 2 rules 📋 CWE-326 CWE-326 🐍 2 rules 📋 CWE-476 CWE-476 🐹🔷 2 rules 📋 CWE-614 CWE-614 🐍 2 rules 📋 CWE-732 CWE-732 ☸️ 2 rules 📋 CWE-16 CWE-16 🐍 1 rules 📋 CWE-330 CWE-330 🐹 1 rules 📋 CWE-367 CWE-367 🐍 1 rules 📋 CWE-377 CWE-377 🐍 1 rules 📋 CWE-396 CWE-396 🐍 1 rules 📋 CWE-425 CWE-425 🐍 1 rules 📋 CWE-444 CWE-444 🐍 1 rules 📋 CWE-526 CWE-526 🐹 1 rules 📋 CWE-598 CWE-598 🐍 1 rules 📋 CWE-626 CWE-626 🐍 1 rules 📋 CWE-667 CWE-667 🐹 1 rules 📋 CWE-807 CWE-807 🐍 1 rules 📋 CWE-833 CWE-833 🐹 1 rules 📋 CWE-843 CWE-843 🔷 1 rules

⚡ CWE-94 Code Injection 🐍🐹🟨 10 rules 🗃️ CWE-89 SQL Injection 🟨🐍🐹 7 rules 📦 CWE-502 Deserialization of Untrusted Data 🐍🐹🟨 7 rules 🌐 CWE-79 Cross-Site Scripting (XSS) 🟨🐍 4 rules 📝 CWE-117 Log Injection 🐹🟨🐍 4 rules 🌐 CWE-918 Server-Side Request Forgery 🟨🐹🐍 4 rules 💉 CWE-74 Injection 🐹🟨🐍 3 rules 💻 CWE-78 OS Command Injection 🐹🟨🐍 3 rules 📇 CWE-90 LDAP Injection 🐹🟨🐍 3 rules ↵ CWE-93 CRLF Injection 🐹🟨🐍 3 rules 📨 CWE-113 HTTP Response Splitting 🐹🟨🐍 3 rules 📄 CWE-611 XML External Entity (XXE) 🐹🟨🐍 3 rules 🍃 CWE-943 NoSQL Injection 🐹🟨🐍 3 rules 🧬 CWE-1321 Prototype Pollution 🟨 2 rules 📊 CWE-1236 CSV Injection 🟨 1 rules

🔍 CWE-20 Improper Input Validation 🟨🐹🐍 13 rules 📂 CWE-22 Path Traversal 🐹🟨🐍 6 rules 📝 CWE-915 Mass Assignment 🐍🟨 5 rules ↪️ CWE-601 Open Redirect 🟨🐹🐍 4 rules 📥 CWE-829 Inclusion of Untrusted Functionality 🐹🟨☸️🐍 4 rules 🔤 CWE-176 Improper Handling of Unicode 🐹🟨🐍 3 rules 📤 CWE-434 Unrestricted File Upload 🐹🟨🐍 3 rules ➕ CWE-235 Improper Handling of Extra Parameters 🟨🐍 2 rules

👁️ CWE-200 Information Exposure 🟨🐍🐹 14 rules ⚠️ CWE-209 Error Message Information Leak 🟨🐍🐹 5 rules 🔓 CWE-201 Insertion of Sensitive Information 🐹🟨🐍 3 rules 📋 CWE-532 Information Exposure Through Logs 🐹🟨🐍 3 rules

📜 CWE-295 Improper Certificate Validation 🐍🐹🟨 4 rules 🔓 CWE-327 Broken Cryptographic Algorithm 🟨🐹🐍 4 rules 🎲 CWE-338 Weak PRNG 🐍🐹🟨 4 rules ✍️ CWE-347 Improper Signature Verification 🐍🐹🟨 4 rules 🔓 CWE-916 Insufficient Password Hash 🟨🐍 2 rules 🗝️ CWE-321 Hardcoded Cryptographic Key 🟨 1 rules

🗝️ CWE-639 Authorization Bypass via User Key 🐹🟨🐍 8 rules 🚫 CWE-284 Improper Access Control 🐹🟨☸️🐍 4 rules 🛡️ CWE-285 Improper Authorization 🟨 3 rules 🚪 CWE-862 Missing Authorization 🐹🟨🐍 3 rules

🔑 CWE-798 Hardcoded Credentials 🟨🐍🐳🐹☸️ 11 rules 🔒 CWE-547 Hardcoded Security Constants 🟨🐍 2 rules 🔑 CWE-259 Hardcoded Password 🟨 1 rules

💥 CWE-400 Resource Exhaustion 🐹🟨🐍☸️ 8 rules 📈 CWE-770 Allocation Without Limits 🟨🐍 3 rules 🔄 CWE-1333 ReDoS 🐹🟨🐍 3 rules

⚠️ CWE-755 Improper Handling of Exceptional Conditions 🐍🐹🟨 4 rules ❌ CWE-391 Unchecked Error Condition 🐹🟨🐍 3 rules ↩️ CWE-252 Unchecked Return Value 🐹🟨 2 rules 🛑 CWE-636 Not Failing Securely 🐹🟨 2 rules 🤷 CWE-390 Detection of Error Condition Without Action 🟨 1 rules ❓ CWE-754 Improper Check for Unusual Conditions 🟨 1 rules 🕳️ CWE-1069 Empty Exception Block 🟨 1 rules

🛡️ CWE-693 Protection Mechanism Failure 🐹🐳🟨 8 rules

📦 CWE-1104 Use of Unmaintained Third Party 🐳🟨 5 rules 📦 CWE-1395 Dependency on Vulnerable Third-Party 🐳 3 rules

🔄 CWE-640 Weak Password Recovery 🐹🟨🐍 3 rules 🔐 CWE-287 Improper Authentication 🟨🐍 2 rules 🔓 CWE-521 Weak Password Requirements 🐹🟨 2 rules

🏁 CWE-362 Race Condition 🐹🟨🐍 6 rules

🐛 CWE-489 Active Debug Code 🐹🐍🟨 6 rules

🔄 CWE-704 Incorrect Type Conversion 🟨 5 rules ⚖️ CWE-1024 Comparison of Incompatible Types 🟨 1 rules

🔄 CWE-352 Cross-Site Request Forgery 🟨🐍🐹 3 rules 📌 CWE-384 Session Fixation 🟨🐹🐍 3 rules

💼 CWE-840 Business Logic Errors 🐹🟨🐍 3 rules 🔀 CWE-670 Always-Incorrect Control Flow 🟨 1 rules

🔢 CWE-190 Integer Overflow 🐹🟨🐍 3 rules

📝 CWE-778 Insufficient Logging 🐍🟨 3 rules

⚙️ CWE-1188 Insecure Default Initialization ☸️ 2 rules

⏱️ CWE-208 Observable Timing Discrepancy 🟨 1 rules

📭 CWE-1071 Empty Code Block 🟨 1 rules