Common Weakness Enumeration
Browse CWEs ranked by the number of vulnerabilities referencing them, and pivot to weakness details, mitigations, and related attack patterns.
765 CWEs
API response| CWE | Name | Mapping usage | Occurrences |
|---|---|---|---|
| CWE-1076 | Insufficient Adherence to Expected Conventions | Prohibited | 2 |
| CWE-920 | Improper Restriction of Power Consumption | Allowed | 1 |
| CWE-828 | Signal Handler with Functionality that is not Asynchronous-Safe | Allowed | 1 |
| CWE-768 | Incorrect Short Circuit Evaluation | Allowed | 1 |
| CWE-765 | Multiple Unlocks of a Critical Resource | Allowed | 1 |
| CWE-761 | Free of Pointer not at Start of Buffer | Allowed | 1 |
| CWE-695 | Use of Low-Level Functionality | Allowed | 1 |
| CWE-69 | Improper Handling of Windows ::DATA Alternate Data Stream | Allowed | 1 |
| CWE-673 | External Influence of Sphere Definition | Allowed-with-Review | 1 |
| CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | Allowed | 1 |
| CWE-66 | Improper Handling of File Names that Identify Virtual Resources | Allowed | 1 |
| CWE-654 | Reliance on a Single Factor in a Security Decision | Allowed | 1 |
| CWE-638 | Not Using Complete Mediation | Allowed-with-Review | 1 |
| CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | Allowed-with-Review | 1 |
| CWE-621 | Variable Extraction Error | Allowed | 1 |
| CWE-618 | Exposed Unsafe ActiveX Method | Allowed | 1 |
| CWE-615 | Inclusion of Sensitive Information in Source Code Comments | Allowed | 1 |
| CWE-600 | Uncaught Exception in Servlet | Allowed | 1 |
| CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length | Allowed | 1 |
| CWE-587 | Assignment of a Fixed Address to a Pointer | Allowed | 1 |
| CWE-571 | Expression is Always True | Allowed | 1 |
| CWE-570 | Expression is Always False | Allowed | 1 |
| CWE-555 | J2EE Misconfiguration: Plaintext Password in Configuration File | Allowed | 1 |
| CWE-553 | Command Shell in Externally Accessible Directory | Allowed | 1 |
| CWE-541 | Inclusion of Sensitive Information in an Include File | Allowed | 1 |
| CWE-533 | DEPRECATED: Information Exposure Through Server Log Files | Prohibited | 1 |
| CWE-529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | Allowed | 1 |
| CWE-515 | Covert Storage Channel | Allowed | 1 |
| CWE-514 | Covert Channel | Allowed-with-Review | 1 |
| CWE-509 | Replicating Malicious Code (Virus or Worm) | Allowed | 1 |
| CWE-507 | Trojan Horse | Allowed | 1 |
| CWE-50 | Path Equivalence: '//multiple/leading/slash' | Allowed | 1 |
| CWE-495 | Private Data Structure Returned From A Public Method | Allowed | 1 |
| CWE-484 | Omitted Break Statement in Switch | Allowed | 1 |
| CWE-482 | Comparing instead of Assigning | Allowed | 1 |
| CWE-478 | Missing Default Case in Multiple Condition Expression | Allowed | 1 |
| CWE-469 | Use of Pointer Subtraction to Determine Size | Allowed | 1 |
| CWE-463 | Deletion of Data Structure Sentinel | Allowed | 1 |
| CWE-462 | Duplicate Key in Associative List (Alist) | Allowed | 1 |
| CWE-455 | Non-exit on Failed Initialization | Allowed | 1 |
| CWE-443 | DEPRECATED: HTTP response splitting | Prohibited | 1 |