Any
.NET Misconfiguration: Use of...
Absolute Path Traversal
Acceptance of Extraneous Untru...
Access of Memory Location Afte...
Access of Memory Location Befo...
Access of Resource Using Incom...
Access of Uninitialized Pointe...
Access to Critical Private Var...
Active Debug Code
Addition of Data Structure Sen...
Allocation of File Descriptors...
Allocation of Resources Withou...
Always-Incorrect Control Flow...
Application-Level Admin Tool w...
Architecture with Number of Ho...
Array Declared Public, Final,...
ASP.NET Misconfiguration: Crea...
ASP.NET Misconfiguration: Impr...
ASP.NET Misconfiguration: Miss...
ASP.NET Misconfiguration: Not...
ASP.NET Misconfiguration: Pass...
ASP.NET Misconfiguration: Use...
Assigning instead of Comparing
Assignment of a Fixed Address...
Assignment to Variable without...
Asymmetric Resource Consumptio...
Attempt to Access Child of a N...
Authentication Bypass by Alter...
Authentication Bypass by Assum...
Authentication Bypass by Captu...
Authentication Bypass by Prima...
Authentication Bypass by Spoof...
Authentication Bypass Using an...
Authentication Bypass: OpenSSL...
Authorization Bypass Through U...
Authorization Bypass Through U...
Automated Recognition Mechanis...
Behavioral Change in New Versi...
Buffer Access Using Size of So...
Buffer Access with Incorrect L...
Buffer Copy without Checking S...
Buffer Over-read
Buffer Under-read
Buffer Underwrite ('Buffer Und...
Call to Non-ubiquitous API
Call to Thread run() instead o...
Callable with Insufficient Beh...
Channel Accessible by Non-Endp...
Class Instance Self Destructio...
Class with Excessive Number of...
Class with Excessively Deep In...
Class with Virtual Method with...
Cleartext Storage in a File or...
Cleartext Storage in the Regis...
Cleartext Storage of Sensitive...
Cleartext Storage of Sensitive...
Cleartext Storage of Sensitive...
Cleartext Storage of Sensitive...
Cleartext Storage of Sensitive...
Cleartext Transmission of Sens...
Client-Side Enforcement of Ser...
clone() Method Without super.c...
Cloneable Class Containing Sen...
Collapse of Data into Unsafe V...
Command Shell in Externally Ac...
Comparing instead of Assigning
Comparison of Classes by Name
Comparison of Incompatible Typ...
Comparison of Object Reference...
Comparison Using Wrong Factors
Compilation with Insufficient...
Compiler Optimization Removal...
Compiler Removal of Code to Cl...
Concurrent Execution using Sha...
Context Switching Race Conditi...
Covert Channel
Covert Storage Channel
Covert Timing Channel
CPU Hardware Not Configured to...
Creation of chroot Jail Withou...
Creation of Class Instance wit...
Creation of Emergent Resource
Creation of Immutable Text Usi...
Creation of Temporary File in...
Creation of Temporary File Wit...
Critical Data Element Declared...
Critical Public Variable Witho...
Cross-Site Request Forgery (CS...
Dangerous Signal Handler not D...
Dangling Database Cursor ('Cur...
Data Access from Outside Expec...
Data Access Operations Outside...
Data Element Aggregating an Ex...
Data Element containing Pointe...
Data Resource Access without U...
Dead Code
Deadlock
Declaration of Catch for Gener...
Declaration of Throws for Gene...
Declaration of Variable with U...
Deletion of Data Structure Sen...
Deployment of Wrong Handler
DEPRECATED (Duplicate): Covert...
DEPRECATED (Duplicate): Failur...
DEPRECATED (Duplicate): Genera...
DEPRECATED (Duplicate): HTTP r...
DEPRECATED (Duplicate): Miscal...
DEPRECATED (Duplicate): Proxie...
DEPRECATED (Duplicate): Relian...
DEPRECATED (Duplicate): Trusti...
DEPRECATED: Apple '.DS_Store'
DEPRECATED: Authentication Byp...
DEPRECATED: Containment Errors...
DEPRECATED: Failure to Protect...
DEPRECATED: Improper Sanitizat...
DEPRECATED: Incorrect Initiali...
DEPRECATED: Incorrect Semantic...
DEPRECATED: Information Exposu...
DEPRECATED: Information Exposu...
DEPRECATED: Information Exposu...
DEPRECATED: Often Misused: Pat...
DEPRECATED: State Synchronizat...
DEPRECATED: Uncontrolled File...
DEPRECATED: Use of Dynamic Cla...
DEPRECATED: Use of Uninitializ...
Deserialization of Untrusted D...
Detection of Error Condition W...
Direct Request ('Forced Browsi...
Direct Use of Unsafe JNI
Divide By Zero
DMA Device Enabled Too Early i...
Double Decoding of the Same Da...
Double Free
Double-Checked Locking
Doubled Character XSS Manipula...
Download of Code Without Integ...
Duplicate Key in Associative L...
Duplicate Operations on Resour...
Dynamic Variable Evaluation
EJB Bad Practices: Use of AWT...
EJB Bad Practices: Use of Clas...
EJB Bad Practices: Use of Java...
EJB Bad Practices: Use of Sock...
EJB Bad Practices: Use of Sync...
Embedded Malicious Code
Empty Code Block
Empty Exception Block
Empty Password in Configuratio...
Empty Synchronized Block
Encoding Error
Excessive Attack Surface
Excessive Code Complexity
Excessive Data Query Operation...
Excessive Execution of Sequent...
Excessive Halstead Complexity
Excessive Index Range Scan for...
Excessive Iteration
Excessive McCabe Cyclomatic Co...
Excessive Number of Inefficien...
Excessive Platform Resource Co...
Excessive Reliance on Global V...
Excessive Use of Hard-Coded Li...
Excessive Use of Self-Modifyin...
Excessive Use of Unconditional...
Excessively Complex Data Repre...
Excessively Deep Nesting
Executable Regular Expression...
Execution After Redirect (EAR)
Execution with Unnecessary Pri...
Expected Behavior Violation
Expired Pointer Dereference
Explicit Call to Finalize()
Exposed Chip Debug Interface W...
Exposed Dangerous Method or Fu...
Exposed IOCTL with Insufficien...
Exposed Unsafe ActiveX Method
Exposure of Access Control Lis...
Exposure of Backup File to an...
Exposure of Core Dump File to...
Exposure of Data Element to Wr...
Exposure of File Descriptor to...
Exposure of Information Throug...
Exposure of Information Throug...
Exposure of Private Personal I...
Exposure of Resource to Wrong...
Exposure of Security-Sensitive...
Exposure of Sensitive Informat...
Exposure of Sensitive Informat...
Exposure of Sensitive Informat...
Exposure of Sensitive Informat...
Exposure of Sensitive Informat...
Exposure of Sensitive Informat...
Exposure of Sensitive System I...
Exposure of Version-Control Re...
Exposure of WSDL File Containi...
Expression is Always False
Expression is Always True
External Control of Assumed-Im...
External Control of Critical S...
External Control of File Name...
External Control of System or...
External Influence of Sphere D...
External Initialization of Tru...
Externally Controlled Referenc...
Externally-Generated Error Mes...
Failure to Disable Reserved Bi...
Failure to Handle Incomplete E...
Failure to Handle Missing Para...
Failure to Sanitize Paired Del...
Failure to Sanitize Special El...
Files or Directories Accessibl...
finalize() Method Declared Pub...
finalize() Method Without supe...
Floating Point Comparison with...
Free of Memory not on the Heap
Free of Pointer not at Start o...
Function Call With Incorrect A...
Function Call With Incorrect N...
Function Call With Incorrect O...
Function Call With Incorrect V...
Function Call With Incorrectly...
Function Call with Incorrectly...
Generation of Error Message Co...
Generation of Predictable Numb...
Guessable CAPTCHA
Hardware Internal or Debug Mod...
Heap-based Buffer Overflow
Hidden Functionality
Improper Access Control
Improper Address Validation in...
Improper Adherence to Coding S...
Improper Authentication
Improper Authorization
Improper Authorization in Hand...
Improper Authorization of Inde...
Improper Authorization on Phys...
Improper Certificate Validatio...
Improper Check for Certificate...
Improper Check for Dropped Pri...
Improper Check for Unusual or...
Improper Check or Handling of...
Improper Cleanup on Thrown Exc...
Improper Clearing of Heap Memo...
Improper Control of a Resource...
Improper Control of Document T...
Improper Control of Dynamicall...
Improper Control of Dynamicall...
Improper Control of Filename f...
Improper Control of Generation...
Improper Control of Interactio...
Improper Control of Resource I...
Improper Encoding or Escaping...
Improper Enforcement of a Sing...
Improper Enforcement of Behavi...
Improper Enforcement of Messag...
Improper Export of Android App...
Improper Filtering of Special...
Improper Finite State Machines...
Improper Following of a Certif...
Improper Following of Specific...
Improper Handling of Additiona...
Improper Handling of Alternate...
Improper Handling of Apple HFS...
Improper Handling of Case Sens...
Improper Handling of Exception...
Improper Handling of Extra Par...
Improper Handling of Extra Val...
Improper Handling of File Name...
Improper Handling of Highly Co...
Improper Handling of Incomplet...
Improper Handling of Inconsist...
Improper Handling of Inconsist...
Improper Handling of Insuffici...
Improper Handling of Insuffici...
Improper Handling of Insuffici...
Improper Handling of Invalid U...
Improper Handling of Length Pa...
Improper Handling of Missing S...
Improper Handling of Missing V...
Improper Handling of Mixed Enc...
Improper Handling of Parameter...
Improper Handling of Structura...
Improper Handling of Syntactic...
Improper Handling of Undefined...
Improper Handling of Undefined...
Improper Handling of Unexpecte...
Improper Handling of Unicode E...
Improper Handling of URL Encod...
Improper Handling of Values
Improper Handling of Windows :...
Improper Handling of Windows D...
Improper Hardware Lock Protect...
Improper Implementation of Loc...
Improper Initialization
Improper Input Validation
Improper Interaction Between M...
Improper Isolation of Shared R...
Improper Limitation of a Pathn...
Improper Link Resolution Befor...
Improper Lock Behavior After P...
Improper Locking
Improper Neutralization
Improper Neutralization of Alt...
Improper Neutralization of Arg...
Improper Neutralization of Com...
Improper Neutralization of CRL...
Improper Neutralization of CRL...
Improper Neutralization of Dat...
Improper Neutralization of Dat...
Improper Neutralization of Del...
Improper Neutralization of Dir...
Improper Neutralization of Dir...
Improper Neutralization of Enc...
Improper Neutralization of Equ...
Improper Neutralization of Esc...
Improper Neutralization of Exp...
Improper Neutralization of For...
Improper Neutralization of HTT...
Improper Neutralization of Inp...
Improper Neutralization of Inp...
Improper Neutralization of Inp...
Improper Neutralization of Int...
Improper Neutralization of Inv...
Improper Neutralization of Lea...
Improper Neutralization of Lin...
Improper Neutralization of Mac...
Improper Neutralization of Mul...
Improper Neutralization of Mul...
Improper Neutralization of Mul...
Improper Neutralization of Nul...
Improper Neutralization of Par...
Improper Neutralization of Quo...
Improper Neutralization of Rec...
Improper Neutralization of Scr...
Improper Neutralization of Scr...
Improper Neutralization of Scr...
Improper Neutralization of Scr...
Improper Neutralization of Sec...
Improper Neutralization of Ser...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Spe...
Improper Neutralization of Sub...
Improper Neutralization of Tra...
Improper Neutralization of Val...
Improper Neutralization of Var...
Improper Neutralization of Whi...
Improper Neutralization of Wil...
Improper Null Termination
Improper Output Neutralization...
Improper Ownership Management
Improper Preservation of Consi...
Improper Preservation of Permi...
Improper Privilege Management
Improper Protection of Alterna...
Improper Removal of Sensitive...
Improper Resolution of Path Eq...
Improper Resource Locking
Improper Resource Shutdown or...
Improper Restriction of Commun...
Improper Restriction of Excess...
Improper Restriction of Names...
Improper Restriction of Operat...
Improper Restriction of Power...
Improper Restriction of Recurs...
Improper Restriction of Render...
Improper Restriction of Write-...
Improper Restriction of XML Ex...
Improper Synchronization
Improper Update of Reference C...
Improper Use of Validation Fra...
Improper Validation of Array I...
Improper Validation of Certifi...
Improper Validation of Certifi...
Improper Validation of Functio...
Improper Validation of Integri...
Improper Verification of Crypt...
Improper Verification of Inten...
Improper Verification of Sourc...
Improper Write Handling in Lim...
Improper Zeroization of Hardwa...
Improperly Controlled Modifica...
Improperly Implemented Securit...
Inaccurate Comments
Inadequate Encryption Strength
Inappropriate Comment Style
Inappropriate Encoding for Out...
Inappropriate Source Code Styl...
Inappropriate Whitespace Style
Inclusion of Functionality fro...
Inclusion of Sensitive Informa...
Inclusion of Sensitive Informa...
Inclusion of Sensitive Informa...
Inclusion of Sensitive Informa...
Inclusion of Undocumented Feat...
Inclusion of Web Functionality...
Incomplete Blacklist to Cross-...
Incomplete Cleanup
Incomplete Comparison with Mis...
Incomplete Design Documentatio...
Incomplete Documentation
Incomplete Documentation of Pr...
Incomplete Filtering of Multip...
Incomplete Filtering of One or...
Incomplete Filtering of Specia...
Incomplete I/O Documentation
Incomplete Identification of U...
Incomplete Internal State Dist...
Incomplete List of Disallowed...
Incomplete Model of Endpoint F...
Inconsistency Between Implemen...
Inconsistent Interpretation of...
Inconsistent Naming Convention...
Incorrect Access of Indexable...
Incorrect Authorization
Incorrect Behavior Order
Incorrect Behavior Order: Auth...
Incorrect Behavior Order: Earl...
Incorrect Behavior Order: Earl...
Incorrect Behavior Order: Vali...
Incorrect Behavior Order: Vali...
Incorrect Block Delimitation
Incorrect Calculation
Incorrect Calculation of Buffe...
Incorrect Calculation of Multi...
Incorrect Check of Function Re...
Incorrect Comparison
Incorrect Control Flow Scoping
Incorrect Conversion between N...
Incorrect Default Permissions
Incorrect Execution-Assigned P...
Incorrect Implementation of Au...
Incorrect Ownership Assignment
Incorrect Permission Assignmen...
Incorrect Pointer Scaling
Incorrect Privilege Assignment
Incorrect Provision of Specifi...
Incorrect Register Defaults or...
Incorrect Regular Expression
Incorrect Resource Transfer Be...
Incorrect Short Circuit Evalua...
Incorrect Synchronization
Incorrect Type Conversion or C...
Incorrect Usage of Seeds in Ps...
Incorrect Use of Autoboxing an...
Incorrect Use of Privileged AP...
Incorrect User Management
Incorrectly Specified Destinat...
Inefficient Algorithmic Comple...
Inefficient CPU Computation
Information Loss or Omission
Initialization with Hard-Coded...
Insecure Automated Optimizatio...
Insecure Default Initializatio...
Insecure Default Variable Init...
Insecure Inherited Permissions
Insecure Preserved Inherited P...
Insecure Storage of Sensitive...
Insecure Temporary File
Insertion of Sensitive Informa...
Insertion of Sensitive Informa...
Insertion of Sensitive Informa...
Insufficient Adherence to Expe...
Insufficient Compartmentalizat...
Insufficient Control Flow Mana...
Insufficient Control of Networ...
Insufficient Documentation of...
Insufficient Encapsulation
Insufficient Encapsulation of...
Insufficient Entropy
Insufficient Entropy in PRNG
Insufficient Granularity of Ac...
Insufficient Granularity of Ad...
Insufficient Isolation of Symb...
Insufficient Isolation of Syst...
Insufficient Logging
Insufficient Psychological Acc...
Insufficient Resource Pool
Insufficient Session Expiratio...
Insufficient Type Distinction
Insufficient UI Warning of Dan...
Insufficient Use of Symbolic C...
Insufficient Verification of D...
Insufficient Visual Distinctio...
Insufficiently Protected Crede...
Integer Coercion Error
Integer Overflow or Wraparound
Integer Overflow to Buffer Ove...
Integer Underflow (Wrap or Wra...
Interpretation Conflict
Invocation of a Control Elemen...
Invocation of Process Using Vi...
Invokable Control Element in M...
Invokable Control Element with...
Invokable Control Element with...
Invokable Control Element with...
Invokable Control Element with...
Invokable Control Element with...
Irrelevant Code
J2EE Bad Practices: Direct Man...
J2EE Bad Practices: Direct Use...
J2EE Bad Practices: Direct Use...
J2EE Bad Practices: Non-serial...
J2EE Bad Practices: Use of Sys...
J2EE Framework: Saving Unseria...
J2EE Misconfiguration: Data Tr...
J2EE Misconfiguration: Entity...
J2EE Misconfiguration: Insuffi...
J2EE Misconfiguration: Missing...
J2EE Misconfiguration: Plainte...
J2EE Misconfiguration: Weak Ac...
Java Runtime Error Message Con...
Key Exchange without Entity Au...
Lack of Administrator Control...
Large Data Table with Excessiv...
Least Privilege Violation
Logging of Excessive Data
Logic/Time Bomb
Loop Condition Value Update wi...
Loop with Unreachable Exit Con...
Method Containing Access of a...
Mirrored Regions with Differen...
Misinterpretation of Input
Mismatched Memory Management R...
Missing Authentication for Cri...
Missing Authorization
Missing Check for Certificate...
Missing Critical Step in Authe...
Missing Custom Error Page
Missing Default Case in Switch...
Missing Documentation for Desi...
Missing Encryption of Sensitiv...
Missing Handler
Missing Initialization of a Va...
Missing Initialization of Reso...
Missing Lock Check
Missing Password Field Masking
Missing Protection Against Vol...
Missing Reference to Active Al...
Missing Reference to Active Fi...
Missing Release of File Descri...
Missing Release of Memory afte...
Missing Release of Resource af...
Missing Report of Error Condit...
Missing Required Cryptographic...
Missing Serialization Control...
Missing Standardized Error Han...
Missing Support for Integrity...
Missing Synchronization
Missing Validation of OpenSSL...
Missing XML Validation
Modification of Assumed-Immuta...
Modules with Circular Dependen...
Multiple Binds to the Same Por...
Multiple Inheritance from Conc...
Multiple Interpretations of UI...
Multiple Locks of a Critical R...
Multiple Unlocks of a Critical...
Non-exit on Failed Initializat...
Non-Replicating Malicious Code
Non-SQL Invokable Control Elem...
Not Failing Securely ('Failing...
Not Using a Random IV with CBC...
Not Using Complete Mediation
Not Using Password Aging
Null Byte Interaction Error (P...
NULL Pointer Dereference
Numeric Range Comparison Witho...
Numeric Truncation Error
Object Model Violation: Just O...
Obscured Security-relevant Inf...
Observable Behavioral Discrepa...
Observable Behavioral Discrepa...
Observable Discrepancy
Observable Internal Behavioral...
Observable Response Discrepanc...
Observable Timing Discrepancy
Obsolete Feature in UI
Off-by-one Error
Omission of Security-relevant...
Omitted Break Statement in Swi...
Only Filtering One Instance of...
Only Filtering Special Element...
Only Filtering Special Element...
Only Filtering Special Element...
Operation on a Resource after...
Operation on Resource in Wrong...
Operator Precedence Logic Erro...
Origin Validation Error
Out-of-bounds Read
Out-of-bounds Write
Overly Permissive Cross-domain...
Overly Restrictive Account Loc...
Overly Restrictive Regular Exp...
Parent Class with a Virtual De...
Parent Class with References t...
Parent Class without Virtual D...
Partial String Comparison
Passing Mutable Objects to an...
Password Aging with Long Expir...
Password in Configuration File
Path Equivalence: ' filename'...
Path Equivalence: '/./' (Singl...
Path Equivalence: '//multiple/...
Path Equivalence: '/multiple//...
Path Equivalence: '/multiple/t...
Path Equivalence: '\multiple\\...
Path Equivalence: 'fakedir/../...
Path Equivalence: 'file name'...
Path Equivalence: 'file...name...
Path Equivalence: 'file.name'...
Path Equivalence: 'filedir*' (...
Path Equivalence: 'filedir\' (...
Path Equivalence: 'filename '...
Path Equivalence: 'filename......
Path Equivalence: 'filename.'...
Path Equivalence: 'filename/'...
Path Equivalence: Windows 8.3...
Path Traversal: '....' (Multip...
Path Traversal: '....//'
Path Traversal: '...' (Triple...
Path Traversal: '.../...//'
Path Traversal: '../filedir'
Path Traversal: '..\filedir'
Path Traversal: '/../filedir'
Path Traversal: '/absolute/pat...
Path Traversal: '/dir/../filen...
Path Traversal: '\..\filename'
Path Traversal: '\\UNC\share\n...
Path Traversal: '\absolute\pat...
Path Traversal: '\dir\..\filen...
Path Traversal: 'C:dirname'
Path Traversal: 'dir/../../fil...
Path Traversal: 'dir\..\..\fil...
Permission Race Condition Duri...
Permissive List of Allowed Inp...
Permissive Regular Expression
Persistent Storable Data Eleme...
PHP External Variable Modifica...
Placement of User into Incorre...
Power-On of Untrusted Executio...
Predictable Exact Value from P...
Predictable from Observable St...
Predictable Seed in Pseudo-Ran...
Predictable Value Range from P...
Premature Release of Resource...
Private Data Structure Returne...
Privilege Chaining
Privilege Context Switching Er...
Privilege Defined With Unsafe...
Privilege Dropping / Lowering...
Process Control
Processor Optimization Removal...
Product UI does not Warn User...
Protection Mechanism Failure
Public cloneable() Method With...
Public Data Assigned to Privat...
Public Static Field Not Marked...
Public Static Final Field Refe...
Race Condition During Access t...
Race Condition Enabling Link F...
Race Condition for Write-Once...
Race Condition in Switch
Race Condition within a Thread
Reachable Assertion
Reflection Attack in an Authen...
Regular Expression without Anc...
Relative Path Traversal
Release of Invalid Pointer or...
Reliance on a Single Factor in...
Reliance on Cookies without Va...
Reliance on Cookies without Va...
Reliance on Data/Memory Layout
Reliance on File Name or Exten...
Reliance on IP Address for Aut...
Reliance on Machine-Dependent...
Reliance on Obfuscation or Enc...
Reliance on Package-level Scop...
Reliance on Reverse DNS Resolu...
Reliance on Runtime Component...
Reliance on Security Through O...
Reliance on Undefined, Unspeci...
Reliance on Untrusted Inputs i...
Replicating Malicious Code (Vi...
Return Inside Finally Block
Return of Pointer Value Outsid...
Return of Stack Variable Addre...
Return of Wrong Status Code
Returning a Mutable Object to...
Reusing a Nonce, Key Pair in E...
Reversible One-Way Hash
Runtime Resource Management Co...
Same Seed in Pseudo-Random Num...
Selection of Less-Secure Algor...
Self-generated Error Message C...
Semiconductor Defects in Hardw...
Sensitive Cookie in HTTPS Sess...
Sensitive Cookie Without 'Http...
Sensitive Data Storage in Impr...
Sensitive Information Uncleare...
Serializable Class Containing...
Serializable Data Element Cont...
Server-generated Error Message...
Server-Side Request Forgery (S...
Servlet Runtime Error Message...
Session Fixation
Signal Handler Function Associ...
Signal Handler Race Condition
Signal Handler Use of a Non-re...
Signal Handler with Functional...
Signed to Unsigned Conversion...
Singleton Class Instance Creat...
Small Seed Space in PRNG
Small Space of Random Values
Source Code Element without St...
Source Code File with Excessiv...
Spyware
SQL Injection: Hibernate
Stack-based Buffer Overflow
Static Member Data Element out...
Storage of File With Sensitive...
Storage of File with Sensitive...
Storage of Sensitive Data in a...
Storing Passwords in a Recover...
Struts: Duplicate Validation F...
Struts: Form Bean Does Not Ext...
Struts: Form Field Without Val...
Struts: Incomplete validate()...
Struts: Non-private Field in A...
Struts: Plug-in Framework not...
Struts: Unused Validation Form
Struts: Unvalidated Action For...
Struts: Validator Turned Off
Struts: Validator Without Form...
Suspicious Comment
Symbolic Name not Mapping to C...
Synchronous Access of Remote R...
System-on-Chip (SoC) Using Com...
The UI Performs the Wrong Acti...
Time-of-check Time-of-use (TOC...
Transmission of Private Resour...
Trapdoor
Trojan Horse
Truncation of Security-relevan...
Trust Boundary Violation
Trust of System Event Data
Trusting HTTP Permission Metho...
UI Discrepancy for Security Fe...
Uncaught Exception
Uncaught Exception in Servlet
Unchecked Error Condition
Unchecked Input for Loop Condi...
Unchecked Return Value
Unchecked Return Value to NULL...
Unconditional Control Flow Tra...
Uncontrolled Memory Allocation
Uncontrolled Recursion
Uncontrolled Resource Consumpt...
Uncontrolled Search Path Eleme...
Undefined Behavior for Input t...
Unexpected Sign Extension
Unexpected Status Code or Retu...
Unimplemented or Unsupported F...
Unintended Proxy or Intermedia...
UNIX Hard Link
UNIX Symbolic Link (Symlink) F...
Unlock of a Resource that is n...
Unnecessary Complexity in Prot...
Unparsed Raw Web Content Deliv...
Unprotected Alternate Channel
Unprotected Primary Channel
Unprotected Storage of Credent...
Unprotected Transport of Crede...
Unprotected Windows Messaging...
Unquoted Search Path or Elemen...
Unrestricted Externally Access...
Unrestricted Upload of File wi...
Unsafe ActiveX Control Marked...
Unsigned to Signed Conversion...
Unsynchronized Access to Share...
Untrusted Pointer Dereference
Untrusted Search Path
Unverified Ownership
Unverified Password Change
URL Redirection to Untrusted S...
Use After Free
Use of a Broken or Risky Crypt...
Use of a Key Past its Expirati...
Use of a Non-reentrant Functio...
Use of a One-Way Hash with a P...
Use of a One-Way Hash without...
Use of a Risky Cryptographic P...
Use of Cache Containing Sensit...
Use of Client-Side Authenticat...
Use of Cryptographically Weak...
Use of Expired File Descriptor
Use of Externally-Controlled F...
Use of Externally-Controlled I...
Use of Function with Inconsist...
Use of GET Request Method With...
Use of getlogin() in Multithre...
Use of Hard-coded Credentials
Use of Hard-coded Cryptographi...
Use of Hard-coded Password
Use of Hard-coded, Security-re...
Use of Implicit Intent for Sen...
Use of Incorrect Byte Ordering
Use of Incorrect Operator
Use of Incorrectly-Resolved Na...
Use of Inherently Dangerous Fu...
Use of Inner Class Containing...
Use of Insufficiently Random V...
Use of Invariant Value in Dyna...
Use of Less Trusted Source
Use of Low-Level Functionality
Use of Multiple Resources with...
Use of Non-Canonical URL Paths...
Use of NullPointerException Ca...
Use of Object without Invoking...
Use of Obsolete Function
Use of Out-of-range Pointer Of...
Use of Password Hash Instead o...
Use of Password Hash With Insu...
Use of Password System for Pri...
Use of Path Manipulation Funct...
Use of Persistent Cookies Cont...
Use of Platform-Dependent Thir...
Use of Pointer Subtraction to...
Use of Potentially Dangerous F...
Use of Predictable Algorithm i...
Use of Prohibited Code
Use of Redundant Code
Use of RSA Algorithm without O...
Use of Same Invokable Control...
Use of Same Variable for Multi...
Use of Single-factor Authentic...
Use of Singleton Pattern Witho...
Use of sizeof() on a Pointer T...
Use of umask() with chmod-styl...
Use of Uninitialized Resource
Use of Uninitialized Variable
Use of Unmaintained Third Part...
Use of Web Browser Cache Conta...
Use of Web Link to Untrusted T...
Use of Wrong Operator in Strin...
User Interface (UI) Misreprese...
Using Referer Field for Authen...
Variable Extraction Error
Violation of Secure Design Pri...
Weak Encoding for Password
Weak Password Recovery Mechani...
Weak Password Requirements
Windows Hard Link
Windows Shortcut Following (.L...
Wrap-around Error
Write-what-where Condition
XML Injection (aka Blind XPath...