CWE ID
Description
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-114 Process Control
CWE-116 Improper Encoding or Escaping of Output
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-138 Improper Neutralization of Special Elements
CWE-159 Improper Handling of Invalid Use of Special Elements
CWE-172 Encoding Error
CWE-185 Incorrect Regular Expression
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-221 Information Loss or Omission
CWE-228 Improper Handling of Syntactically Invalid Structure
CWE-269 Improper Privilege Management
CWE-271 Privilege Dropping / Lowering Errors
CWE-282 Improper Ownership Management
CWE-285 Improper Authorization
CWE-286 Incorrect User Management
CWE-287 Improper Authentication
CWE-300 Channel Accessible by Non-Endpoint
CWE-311 Missing Encryption of Sensitive Data
CWE-326 Inadequate Encryption Strength
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-330 Use of Insufficiently Random Values
CWE-340 Generation of Predictable Numbers or Identifiers
CWE-345 Insufficient Verification of Data Authenticity
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-377 Insecure Temporary File
CWE-400 Uncontrolled Resource Consumption
CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
CWE-404 Improper Resource Shutdown or Release
CWE-405 Asymmetric Resource Consumption (Amplification)
CWE-406 Insufficient Control of Network Message Volume (Network Amplification)
CWE-407 Inefficient Algorithmic Complexity
CWE-424 Improper Protection of Alternate Path
CWE-436 Interpretation Conflict
CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')
CWE-446 UI Discrepancy for Security Feature
CWE-451 User Interface (UI) Misrepresentation of Critical Information
CWE-506 Embedded Malicious Code
CWE-514 Covert Channel
CWE-522 Insufficiently Protected Credentials
CWE-573 Improper Following of Specification by Caller
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
CWE-636 Not Failing Securely ('Failing Open')
CWE-637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
CWE-638 Not Using Complete Mediation
CWE-642 External Control of Critical State Data
CWE-657 Violation of Secure Design Principles
CWE-662 Improper Synchronization
CWE-665 Improper Initialization
CWE-666 Operation on Resource in Wrong Phase of Lifetime
CWE-667 Improper Locking
CWE-668 Exposure of Resource to Wrong Sphere
CWE-669 Incorrect Resource Transfer Between Spheres
CWE-670 Always-Incorrect Control Flow Implementation
CWE-671 Lack of Administrator Control over Security
CWE-672 Operation on a Resource after Expiration or Release
CWE-673 External Influence of Sphere Definition
CWE-674 Uncontrolled Recursion
CWE-675 Duplicate Operations on Resource
CWE-684 Incorrect Provision of Specified Functionality
CWE-696 Incorrect Behavior Order
CWE-704 Incorrect Type Conversion or Cast
CWE-705 Incorrect Control Flow Scoping
CWE-706 Use of Incorrectly-Resolved Name or Reference
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-754 Improper Check for Unusual or Exceptional Conditions
CWE-755 Improper Handling of Exceptional Conditions
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-790 Improper Filtering of Special Elements
CWE-799 Improper Control of Interaction Frequency
CWE-834 Excessive Iteration
CWE-862 Missing Authorization
CWE-863 Incorrect Authorization
CWE-912 Hidden Functionality
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-922 Insecure Storage of Sensitive Information
CWE-923 Improper Restriction of Communication Channel to Intended Endpoints
CWE-943 Improper Neutralization of Special Elements in Data Query Logic
CWE-1023 Incomplete Comparison with Missing Factors
CWE-1038 Insecure Automated Optimizations
CWE-1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
CWE-1059 Incomplete Documentation
CWE-1061 Insufficient Encapsulation
CWE-1076 Insufficient Adherence to Expected Conventions
CWE-1078 Inappropriate Source Code Style or Formatting
CWE-1093 Excessively Complex Data Representation
CWE-1120 Excessive Code Complexity
CWE-1164 Irrelevant Code
CWE-1176 Inefficient CPU Computation
CWE-1177 Use of Prohibited Code
CWE-1229 Creation of Emergent Resource
CWE-1263 Improper Physical Access Control
CWE-1294 Insecure Security Identifier Mechanism