# Python Security Threats

Security vulnerabilities and detection rules for Python. 97 rules across 64 CWE categories.

- Total rules: 97
- CWE categories: 64
- Critical rules: 14
- High severity: 47

## Frameworks

- Django
- Flask
- Fastapi
- Pyramid
- Tornado
- Bottle
- Graphene
- Ariadne
- Strawberry
- Python
- Pymongo
- Motor
- Falcon
- Sanic
- Jinja2

## Top CWEs

- **CWE-200**: Exposure of Sensitive Information to an Unauthorized Actor
- **CWE-94**: Improper Control of Generation of Code ('Code Injection')
- **CWE-942**: Permissive Cross-domain Policy with Untrusted Domains
- **CWE-502**: Deserialization of Untrusted Data
- **CWE-798**: Use of Hard-coded Credentials
- **CWE-915**: Improperly Controlled Modification of Dynamically-Determined Object Attributes
- **CWE-20**: Improper Input Validation
- **CWE-22**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- **CWE-89**: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- **CWE-209**: Generation of Error Message Containing Sensitive Information
- **CWE-269**: Improper Privilege Management
- **CWE-295**: Improper Certificate Validation
- **CWE-306**: Missing Authentication for Critical Function
- **CWE-326**: Inadequate Encryption Strength
- **CWE-338**: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- **CWE-347**: Improper Verification of Cryptographic Signature
- **CWE-400**: Uncontrolled Resource Consumption
- **CWE-489**: Active Debug Code
- **CWE-614**: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- **CWE-639**: Authorization Bypass Through User-Controlled Key