xml external entities
unreachable exit
absolute path traversal
incorrect calculation
inadequate detection
dangerous function
forced browsing
incorrect synchronization
server-side request forgery
man-in-the-middle
xquery injection
exposed dangerous method
buffer overflow
information loss
trapdoor
unrestricted consumption
insecure default
improper verification
double-checked locking
cursor injection
unauthorized control
unused validation form
inappropriate whitespace style
hard-coded
improper resource shutdown
incomplete i/o documentation
improper locking
incomplete documentation
untrusted source
ldap injection
timing discrepancy
relative path traversal
insufficient resource pool
classic buffer overflow
improper encoding
hardcoded sensitive data
static code injection
hard-coded cryptographic key
insecure inherited permissions
integer coercion error
unvalidated input
information exposure
insufficient verification
deadlock
time-of-check time-of-use
overflow
dynamic variable evaluation
uncontrolled memory allocation
crlf injection
incorrect byte ordering
unnecessary privileges
improper validation
malicious file execution
unquoted search path
xml entity expansion
insufficient type distinction
incorrect initialization
insufficient warnings
incorrect resource transfer
improper enforcement
insecure authentication
incorrect block delimitation
less-secure algorithm
sanitization
hardcoded
insufficient session expiration
special element injection
platform-dependent third party
command injection
improper input validation
toctou
cross site scripting
unprotected primary channel
unchecked error condition
path manipulation
trojan horse
incorrect user management
uninitialized pointer
blind xpath injection
inappropriate comment style
faulty string expansion
miscalculated null termination
sql injection
double free
secure coding standard
broken authentication
buffer over-read
interpretation conflict
improper ownership
extraneous untrusted data
improper filtering
plaintext password
missing synchronization
race condition
incorrect permissions
buffer underwrite
hidden functionality
authentication bypass
unvalidated action form
missing validation
unverified password change
faulty input transformation
hard-coded password
malware
insufficient logging
type confusion
insufficient behavioral summary
incorrect privilege
externally-controlled format string
unchecked input
missing endpoint authentication
inappropriate encoding
eval injection
improper cross-boundary removal
incorrect default permissions
incorrect authorization
missing critical step
missing lock check
empty synchronized block
insufficient entropy
uncontrolled resource consumption
expired pointer dereference
permissive whitelist
incorrect permission assignment
insecure resource permissions
identity impersonation
restrictive regular expression
broken cryptography
poison null byte
machine-dependent data representation
heap-based buffer overflow
integer underflow
worm
buffer overflows
incorrect implementation
tainted input
permission race condition
missing encryption
insecure default initialization
single-factor authentication
cross-site request forgery
improper resource locking
insecure automated optimizations
externally-generated error message
infinite loop
failed chroot jail
attack
unsynchronized access
sensitive communication
improper control
missing handler
unsafe reflection
unprotected alternate channel
faulty buffer
irrelevant code
logic/time bomb
path traversal
incorrect behavior
multiple unlocks
encoding error
out-of-bounds
incorrect pointer scaling
untrusted data
algorithm downgrade
stack-based buffer overflow
unchecked status condition
unnecessary complexity
permissive regular expression
malicious code
variable extraction error
element injection
bypass
unrestricted authentication
unreachable exit condition
xpath injection
improper authorization
out-of-range pointer
uncontrolled recursion
incorrect regular expression
input validation problems
xss
incorrect check
insufficient control
intentional information exposure
glitch
excessive authentication attempts
missing xml validation
null pointer dereference
validation problems
insufficient access control
incorrect privilege assignment
excessive code complexity
missing reference
pathname traversal
inconsistent naming conventions
hard-coded credentials
improper null termination
improper handling
excessive halstead complexity
missing documentation
incomplete filtering
faulty buffer access
insufficient privileges
excessive iteration
weak password
unchecked error
sensitive information
improper check
spyware
information leakage
incorrect type conversion
file descriptor leak
improper error handling
improper authentication
risky resource management
redundant code
guessable captcha
insecure permissions
incorrect type
suspicious comment
hard-coded literals
improper model validation
incorrect operator
missing initialization
least privilege violation
unchecked return value
adversarial input perturbations
session fixation
excessive attack surface
buffer under-read
always-incorrect control flow
unauthorized control sphere
spoofing
unexpected sign extension
improper sanitization
insecure cryptographic storage
insecure interaction
integer overflow
incorrect input handling
inefficient cpu computation
insufficient compartmentalization
untrusted caller
incorrect buffer length
unexpected status code
faulty endpoint authentication
weak cryptography
behavioral inconsistency
missing custom error page
security misconfiguration
unrestricted lock
empty password
out-of-bounds read
improper synchronization
out-of-range pointer offset
improper output neutralization
risky cryptographic algorithm
mismatched memory management
incomplete blacklist
protection mechanism failure
improper address validation
off-by-one error
incomplete design documentation
multiple locks
response discrepancy
insecure authentication policy
insecure resource access
incorrect input
untrusted inputs
ambiguous exception type
inadequate encryption strength
self-generated error message
empty exception block
incorrect conversion
missing authentication
insufficient session-id length
data sanitization
authorization bypass
insecure configuration
insufficient encapsulation
cross-site scripting
incorrect behavior order
os command injection
insecure configuration management
reflection attack
missing authorization
input validation
predictable salt
secure coding
improper restriction
origin validation error
vulnerabilities
incorrect use
wrong status code
untrusted pointer dereference
buffer underflow
incomplete identification
insecure communications
missing lock
trojan
virus
porous defenses
non-ubiquitous api
uncaught exception
leftover debug code
dead code
uncontrolled search path
incorrect exception behavior
conversion error
faulty resource use
insufficient psychological acceptability
xml injection
improper protection
untrusted control sphere
improper ownership management
improper preservation
insecure session management
faulty pointer
insufficient isolation
inefficient algorithmic complexity
untrusted method
improper neutralization
improper link resolution
inaccurate comments
object model violation
hijack
weak password recovery
insecure storage
weak access permissions
underflow
asymmetric resource consumption
improper access control
unrestricted upload
misconfiguration
code injection
untrusted target
unprotected storage
missing check
improper limitation
sensitive data
unmaintained third party
improper initialization
covert storage channel
empty code block
malicious file
trust boundary violation
unvalidated redirects
http request smuggling
improper certificate validation
wrap-around error
sensitive data exposure
out-of-bounds write
information leak
untrusted site
faulty memory release
sensitive cookie
broken access control
untrusted search path
expression language injection
external behavioral inconsistency
injection
path equivalence
cleartext storage
forgery
data exposure
attack surface
protect
improper privilege management
inadequate encryption
privacy violation
time-of-check
time-of-use
insecure temporary file
resource leak
shatter
confused deputy
insecure default variable
object hijack
poison
incorrect permission
doubled character xss
argument injection
overflows
exposed data
faulty pointer use
coding standard
neutralization
improper use
improper clearing
improper resolution
improper interaction
improper cleanup
improper adherence
improper update
improper cross boundary removal
improper following
missing release
missing serialization
missing serialization control element
directory traversal
dot dot slash
bad practices
bad coding practices
sensitive information uncleared
crosssite scripting
cross site request forgery
crosssite request forgery
csrf
weakness
denial of service
dos
protection
cisq
excessive use
excessive data
excessive data query
excessive execution
excessive complex
excessive index
excessive reliance
excessive mccabe cyclomatic complexity
insufficient documentation
out of range pointer
out of range pointer offset
leak
management errors
flaws
http response splitting
uninitialized resource
out of bounds
outofbounds
insecure cryptographic
insecure direct object reference
insecure deserialization
generic exception
insufficient adherence
injection flaws
null byte injection
xxe injection
hard link
known vulnerabilities
failure to restrict url access
duplicate validation
duplicate validation forms
incomplete comparison
incomplete validate
incompatible types
comparison using wrong factors
circular dependencies
hard coded
hard-coded network resource configuration
hard coded network resource configuration
hardcoded network resource configuration
hard coded literals
hardcoded literals
hard coded password
hardcoded password
hard-coded cryptographic
hard coded cryptographic
hardcoded cryptographic
hard coded cryptographic key
hardcoded cryptographic key
hard coded credentials
hardcoded credentials
inefficient server-side data access
inefficient server side data access
inefficient serverside data access
empty exception
unconditional control flow
inconsistent naming
unmaintained third party components
machine dependent data representation
platform dependent third party
unsafe jni
deep nesting
incorrect access
stack based buffer overflow
stackbased buffer overflow
heap based buffer overflow
heapbased buffer overflow
out of bounds read
outofbounds read
buffer over read
buffer under read
wrap around error
uncontrolled format string
externally controlled format string
write what where condition
write-what-where condition
double decoding
early validation
unsafe value
partial string comparison
off by one error
unsigned conversion error
signed conversion error
self generated error message
externally generated error message
containment errors
container errors
privilege context switching error
insecure preserved inherited permissions
insufficient permissions
incorrect execution assigned permissions
incorrect execution-assigned permissions
ip spoofing
man in the middle
single factor authentication
singlefactor authentication
missing required cryptographic step
reversible one way hash
reversible oneway hash
reversible one-way hash
incorrect usage
weak pseudo random number
weak pseudorandom number
weak pseudo-random number
predictability problems
missing support
dangerous operations
time of check time of use
timeofcheck timeofuse
incomplete internal state distinction
missing report
unprotected windows messaging channel
wrong handler
unparsed raw web content delivery
incomplete model
inconsistent interpretation
unintended proxy
unintended intermediary
misrepresentation
insecure default variable initialization
incomplete cleanup
inconsistent implementations
missing default case
logic bomb
time bomb
bomb
missing standardized error handling
missing password field masking
non serializable object stored
nonserializable object stored
non-serializable object stored
non ubiquitous api
nonubiquitous api
saving unserializable objects
incorrect semantic object comparison
insufficient session id length
insufficient sessionid length
open redirect
double checked locking
doublechecked locking
symlink
symlink following
xml external entity reference
xxe
dangling database cursor
null byte interaction
failing open
restrictive account lockout
always incorrect control flow
incorrect order
incorrect provision
incorrect comparison
insufficient control flow management
duplicate identifier
incorrect control flow scoping
incorrect scope
incorrectly resolved name
incorrectly-resolved name
incorrect ownership assignment
dangerous method
less secure algorithm
memory leak
invalid pointer
incorrect short circuit evaluation
uncontrolled file descriptor consumption
precedence logic error
out of bounds write
outofbounds write
incorrect length
incorrect length value
premature release
incorrect group
incompatible type
double character xss manipulations
alternate xss
back door
insufficient computational effort
server side request forgery
serverside request forgery
ssrf
remote file inclusion
php remote file inclusion
unexpected entry points
cross cutting
string errors
type errors
representation errors
comparison errors
numeric errors
processing errors
data processing errors
information management errors
permission issues
cryptographic issues
key management errors
interface security issues
file issues
temporary file issues
signal errors
resource management errors
locking problems
resource locking problems
path errors
channel errors
handler errors
business logic errors
logic errors
behavioral problems
web problems
user interface errors
cleanup errors
data structure issues
pointer issues
mobile code issues
concurrency issues
expression issues
insufficient transport layer protection
risky values
missing function level access control
faulty memory
incorrect buffer length computation