GitLab Advanced SAST CWE coverage

  • Tier: Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

GitLab Advanced SAST finds many types of potential security vulnerabilities in code written in supported languages.

GitLab assigns a matching Common Weakness Enumeration (CWE) identifier to each potential vulnerability. CWE identifiers are an industry-standard way to identify security weaknesses, but it’s important to know:

  • CWEs are arranged in a tree structure. For example, CWE-22: Path Traversal is a parent of CWE-23: Relative Path Traversal. A scanner that specifically detects relative path traversal weaknesses (CWE-23) by definition also detects a portion of the more general path traversal category (CWE-22).
  • For clarity, this table identifies the exact CWE identifiers that are assigned to GitLab Advanced SAST rules. It doesn’t report parent identifiers.

To learn more about the rules used in GitLab Advanced SAST, see SAST rules.

CWE coverage by language

GitLab Advanced SAST finds the following types of weaknesses in each programming language:

CWE CWE Description C C++ C# Go Java JavaScript, TypeScript PHP Python Ruby
CWE-15 External Control of System or Configuration Setting dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-23 Relative Path Traversal dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-73 External Control of File Name or Path dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-76 Improper Neutralization of Equivalent Special Elements dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) check-circle Yes dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-88 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-91 XML Injection (aka Blind XPath Injection) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-94 Improper Control of Generation of Code (‘Code Injection’) dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes check-circle Yes
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-116 Improper Encoding or Escaping of Output dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-117 Improper Output Neutralization for Logs dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-118 Incorrect Access of Indexable Resource (‘Range Error’) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-125 Out-of-bounds Read check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-131 Incorrect Calculation of Buffer Size check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-155 Improper Neutralization of Wildcards or Matching Symbols dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-182 Collapse of Data into Unsafe Value dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-185 Incorrect Regular Expression dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes
CWE-190 Integer Overflow or Wraparound check-circle Yes check-circle Yes dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-191 Integer Underflow (Wrap or Wraparound) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-208 Observable Timing Discrepancy dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-209 Generation of Error Message Containing Sensitive Information dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-242 Use of Inherently Dangerous Function check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-243 Creation of chroot Jail Without Changing Working Directory check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-252 Unchecked Return Value check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-253 Incorrect Check of Function Return Value check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-256 Plaintext Storage of a Password dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-271 Privilege Dropping / Lowering Errors check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-272 Least Privilege Violation dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-276 Incorrect Default Permissions dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-295 Improper Certificate Validation dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-297 Improper Validation of Certificate with Host Mismatch dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-306 Missing Authentication for Critical Function dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-311 Missing Encryption of Sensitive Data dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-319 Cleartext Transmission of Sensitive Information dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No
CWE-322 Key Exchange without Entity Authentication dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-323 Reusing a Nonce, Key Pair in Encryption dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-326 Inadequate Encryption Strength dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes check-circle Yes
CWE-327 Use of a Broken or Risky Cryptographic Algorithm dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No
CWE-328 Use of Weak Hash dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes
CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No
CWE-346 Origin Validation Error dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-347 Improper Verification of Cryptographic Signature dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-348 Use of Less Trusted Source dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-352 Cross-Site Request Forgery (CSRF) dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes check-circle Yes
CWE-358 Improperly Implemented Security Check for Standard dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-369 Divide By Zero check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-377 Insecure Temporary File check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-398 Code Quality check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-400 Uncontrolled Resource Consumption check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-401 Missing Release of Memory after Effective Lifetime check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-404 Improper Resource Shutdown or Release check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-413 Improper Resource Locking check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-415 Double Free check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-416 Use After Free check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-448 Excessive Use of Hard-Coded Literals in Initialization check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-457 Use of Uninitialized Variable check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-459 Incomplete Cleanup check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-466 Return of Pointer Value Outside of Expected Range check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-467 Use of sizeof() on a Pointer Type check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-469 Use of Pointer Subtraction to Determine Size check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-470 Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-476 NULL Pointer Dereference check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-477 Use of Obsolete Function check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-489 Active Debug Code dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No
CWE-501 Trust Boundary Violation dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-502 Deserialization of Untrusted Data dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-521 Weak Password Requirements dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-522 Insufficiently Protected Credentials dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-552 Files or Directories Accessible to External Parties dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-554 ASP.NET Misconfiguration: Not Using Input Validation Framework dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-561 Dead Code check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-562 Return of Stack Variable Address check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-563 Assignment to Variable without Use check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-573 Improper Following of Specification by Caller check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-587 Assignment of a Fixed Address to a Pointer check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-588 Attempt to Access Child of a Non-structure Pointer check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-598 Use of GET Request Method With Sensitive Query Strings dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No
CWE-599 Missing Validation of OpenSSL Certificate dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-606 Unchecked Input for Loop Condition dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-611 Improper Restriction of XML External Entity Reference dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No
CWE-613 Insufficient Session Expiration dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-614 Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No dotted-circle No
CWE-639 Authorization Bypass Through User-Controlled Key dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-643 Improper Neutralization of Data within XPath Expressions (‘XPath Injection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-667 Improper Locking check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-670 Always-Incorrect Control Flow Implementation check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-672 Operation on a Resource after Expiration or Release check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-676 Use of Potentially Dangerous Function check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-684 Incorrect Provision of Specified Functionality check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-685 Function Call with Incorrect Number of Arguments check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-686 Function Call With Incorrect Argument Type check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-687 Function Call With Incorrectly Specified Argument Value check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-704 Incorrect Type Conversion or Cast check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-732 Incorrect Permission Assignment for Critical Resource check-circle Yes check-circle Yes dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-749 Exposed Dangerous Method or Function dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-754 Improper Check for Unusual or Exceptional Conditions check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-757 Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-762 Mismatched Memory Management Routines check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-764 Multiple Locks of a Critical Resource check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-770 Allocation of Resources Without Limits or Throttling check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-772 Missing Release of Resource after Effective Lifetime check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-775 Missing Release of File Descriptor or Handle after Effective Lifetime check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-776 Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-780 Use of RSA Algorithm without OAEP dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-787 Out-of-bounds Write check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-789 Memory Allocation with Excessive Size Value check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-798 Use of Hard-coded Credentials dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-805 Buffer Access with Incorrect Length Value check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-821 Incorrect Synchronization check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-823 Use of Out-of-range Pointer Offset check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-824 Access of Uninitialized Pointer check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-825 Expired Pointer Dereference check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-833 Deadlock check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-843 Access of Resource Using Incompatible Type (‘Type Confusion’) check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-908 Use of Uninitialized Resource check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-913 Improper Control of Dynamically-Managed Code Resources dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-918 Server-Side Request Forgery (SSRF) dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-942 Permissive Cross-domain Policy with Untrusted Domains dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No
CWE-943 Improper Neutralization of Special Elements in Data Query Logic dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-1004 Sensitive Cookie Without ‘HttpOnly’ Flag dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes
CWE-1021 Improper Restriction of Rendered UI Layers or Frames dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1024 Comparison of Incompatible Types check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1061 Insufficient Encapsulation check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1077 Floating Point Comparison with Incorrect Operator check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1079 Parent Class without Virtual Destructor Method check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1098 Data Element containing Pointer Item without Proper Copy Control Element check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1104 Use of Unmaintained Third Party Components dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-1116 Inaccurate Comments check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1164 Irrelevant Code check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1204 Generation of Weak Initialization Vector (IV) dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1275 Sensitive Cookie with Improper SameSite Attribute dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No
CWE-1327 Binding to an Unrestricted IP Address dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-1333 Inefficient Regular Expression Complexity dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes
CWE-1335 Incorrect Bitwise Shift of Integer check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No
CWE-1390 Weak Authentication dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No
CWE-1341 Multiple Releases of Same Resource or Handle check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No
CWE-1419 Incorrect Initialization of Resource check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No

Did this page answer the question you had? If not, comment on epic 15343 to share your use case.