|
CWE Number
|
Name
|
Number Of Related Vulnerabilities
|
|
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
4122
|
|
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
4075
|
|
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
3530
|
|
20 |
Improper Input Validation |
2244
|
|
94 |
Failure to Control Generation of Code ('Code Injection') |
1695
|
|
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
1434
|
|
200 |
Information Exposure |
1297
|
|
287 |
Improper Authentication |
726
|
|
59 |
Improper Link Resolution Before File Access ('Link Following') |
322
|
|
362 |
Race Condition |
245
|
|
134 |
Uncontrolled Format String |
137
|
|
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
75
|
|
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
|
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
|
|
97 |
Failure to Sanitize Server-Side Includes (SSI) Within a Web Page |
|
|
96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
|
95 |
Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
|
93 |
Failure to Sanitize CRLF Sequences ('CRLF Injection') |
|
|
92 |
DEPRECATED: Improper Sanitization of Custom Special Characters |
|
|
91 |
XML Injection (aka Blind XPath Injection) |
|
|
90 |
Failure to Sanitize Data into LDAP Queries ('LDAP Injection') |
|
|
9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
|
|
88 |
Argument Injection or Modification |
|
|
87 |
Failure to Sanitize Alternate XSS Syntax |
|
|
86 |
Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
|
|
85 |
Doubled Character XSS Manipulations |
|
|
84 |
Failure to Resolve Encoded URI Schemes in a Web Page |
|
|
83 |
Improper Neutralization of Script in Attributes in a Web Page |
|
|
82 |
Improper Sanitization of Script in Attributes of IMG Tags in a Web Page |
|
|
81 |
Improper Sanitization of Script in an Error Message Web Page |
|
|
807 |
Reliance on Untrusted Inputs in a Security Decision |
|
|
806 |
Buffer Access Using Size of Source Buffer |
|
|
805 |
Buffer Access with Incorrect Length Value |
|
|
804 |
Guessable CAPTCHA |
|
|
80 |
Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
|
8 |
J2EE Misconfiguration: Entity Bean Declared Remote |
|
|
799 |
Improper Control of Interaction Frequency |
|
|
798 |
Use of Hard-coded Credentials |
|
|
797 |
Only Filtering Special Elements at an Absolute Position |
|
|
796 |
Only Filtering Special Elements Relative to a Marker |
|
|
795 |
Only Filtering Special Elements at a Specified Location |
|
|
794 |
Incomplete Filtering of Multiple Instances of Special Elements |
|
|
793 |
Only Filtering One Instance of a Special Element |
|
|
792 |
Incomplete Filtering of One or More Instances of Special Elements |
|
|
791 |
Incomplete Filtering of Special Elements |
|
|
790 |
Improper Filtering of Special Elements |
|
|
789 |
Uncontrolled Memory Allocation |
|
|
788 |
Access of Memory Location After End of Buffer |
|
|
787 |
Out-of-bounds Write |
|
|
786 |
Access of Memory Location Before Start of Buffer |
|
