Movatterモバイル変換

[0]ホーム
URL:

CodeQL documentation
CodeQL resources

CWE coverage for JavaScript and TypeScript

An overview of CWE coverage for JavaScript and TypeScript in the latest release of CodeQL.

Overview

CWELanguageQuery idQuery name
CWE-20JavaScript/TypeScriptjs/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-20JavaScript/TypeScriptjs/incomplete-hostname-regexpIncomplete regular expression for hostnames
CWE-20JavaScript/TypeScriptjs/incomplete-url-scheme-checkIncomplete URL scheme check
CWE-20JavaScript/TypeScriptjs/incomplete-url-substring-sanitizationIncomplete URL substring sanitization
CWE-20JavaScript/TypeScriptjs/incorrect-suffix-checkIncorrect suffix check
CWE-20JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-20JavaScript/TypeScriptjs/regex/missing-regexp-anchorMissing regular expression anchor
CWE-20JavaScript/TypeScriptjs/overly-large-rangeOverly permissive regular expression range
CWE-20JavaScript/TypeScriptjs/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-20JavaScript/TypeScriptjs/useless-regexp-character-escapeUseless regular-expression character escape
CWE-20JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-20JavaScript/TypeScriptjs/double-escapingDouble escaping or unescaping
CWE-20JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-20JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-20JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-20JavaScript/TypeScriptjs/untrusted-data-to-external-api-more-sourcesUntrusted data passed to external API with additional heuristic sources
CWE-22JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-22JavaScript/TypeScriptjs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-23JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-36JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-73JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-73JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-74JavaScript/TypeScriptjs/disabling-electron-websecurityDisabling Electron webSecurity
CWE-74JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-74JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-74JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-74JavaScript/TypeScriptjs/command-line-injectionUncontrolled command line
CWE-74JavaScript/TypeScriptjs/indirect-command-line-injectionIndirect uncontrolled command line
CWE-74JavaScript/TypeScriptjs/second-order-command-line-injectionSecond order command injection
CWE-74JavaScript/TypeScriptjs/shell-command-injection-from-environmentShell command built from environment values
CWE-74JavaScript/TypeScriptjs/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-74JavaScript/TypeScriptjs/unnecessary-use-of-catUnnecessary use ofcat process
CWE-74JavaScript/TypeScriptjs/xss-through-exceptionException text reinterpreted as HTML
CWE-74JavaScript/TypeScriptjs/reflected-xssReflected cross-site scripting
CWE-74JavaScript/TypeScriptjs/stored-xssStored cross-site scripting
CWE-74JavaScript/TypeScriptjs/html-constructed-from-inputUnsafe HTML constructed from library input
CWE-74JavaScript/TypeScriptjs/unsafe-jquery-pluginUnsafe jQuery plugin
CWE-74JavaScript/TypeScriptjs/xssClient-side cross-site scripting
CWE-74JavaScript/TypeScriptjs/xss-through-domDOM text reinterpreted as HTML
CWE-74JavaScript/TypeScriptjs/sql-injectionDatabase query built from user-controlled sources
CWE-74JavaScript/TypeScriptjs/code-injectionCode injection
CWE-74JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-74JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-74JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-74JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-74JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-74JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-74JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-74JavaScript/TypeScriptjs/unsafe-html-expansionUnsafe expansion of self-closing HTML tag
CWE-74JavaScript/TypeScriptjs/tainted-format-stringUse of externally-controlled format string
CWE-74JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-74JavaScript/TypeScriptjs/xpath-injectionXPath injection
CWE-74JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-74JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-74JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-74JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-74JavaScript/TypeScriptjs/env-key-and-value-injectionUser controlled arbitrary environment variable injection
CWE-74JavaScript/TypeScriptjs/env-value-injectionUser controlled environment variable value injection
CWE-74JavaScript/TypeScriptjs/command-line-injection-more-sourcesUncontrolled command line with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/xss-more-sourcesClient-side cross-site scripting with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/sql-injection-more-sourcesDatabase query built from user-controlled sources with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/tainted-format-string-more-sourcesUse of externally-controlled format string with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/xpath-injection-more-sourcesXPath injection with additional heuristic sources
CWE-74JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-77JavaScript/TypeScriptjs/command-line-injectionUncontrolled command line
CWE-77JavaScript/TypeScriptjs/indirect-command-line-injectionIndirect uncontrolled command line
CWE-77JavaScript/TypeScriptjs/second-order-command-line-injectionSecond order command injection
CWE-77JavaScript/TypeScriptjs/shell-command-injection-from-environmentShell command built from environment values
CWE-77JavaScript/TypeScriptjs/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-77JavaScript/TypeScriptjs/unnecessary-use-of-catUnnecessary use ofcat process
CWE-77JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-77JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-77JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-77JavaScript/TypeScriptjs/command-line-injection-more-sourcesUncontrolled command line with additional heuristic sources
CWE-77JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-78JavaScript/TypeScriptjs/command-line-injectionUncontrolled command line
CWE-78JavaScript/TypeScriptjs/indirect-command-line-injectionIndirect uncontrolled command line
CWE-78JavaScript/TypeScriptjs/second-order-command-line-injectionSecond order command injection
CWE-78JavaScript/TypeScriptjs/shell-command-injection-from-environmentShell command built from environment values
CWE-78JavaScript/TypeScriptjs/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-78JavaScript/TypeScriptjs/unnecessary-use-of-catUnnecessary use ofcat process
CWE-78JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-78JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-78JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-78JavaScript/TypeScriptjs/command-line-injection-more-sourcesUncontrolled command line with additional heuristic sources
CWE-78JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-79JavaScript/TypeScriptjs/disabling-electron-websecurityDisabling Electron webSecurity
CWE-79JavaScript/TypeScriptjs/xss-through-exceptionException text reinterpreted as HTML
CWE-79JavaScript/TypeScriptjs/reflected-xssReflected cross-site scripting
CWE-79JavaScript/TypeScriptjs/stored-xssStored cross-site scripting
CWE-79JavaScript/TypeScriptjs/html-constructed-from-inputUnsafe HTML constructed from library input
CWE-79JavaScript/TypeScriptjs/unsafe-jquery-pluginUnsafe jQuery plugin
CWE-79JavaScript/TypeScriptjs/xssClient-side cross-site scripting
CWE-79JavaScript/TypeScriptjs/xss-through-domDOM text reinterpreted as HTML
CWE-79JavaScript/TypeScriptjs/code-injectionCode injection
CWE-79JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-79JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-79JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-79JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-79JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-79JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-79JavaScript/TypeScriptjs/unsafe-html-expansionUnsafe expansion of self-closing HTML tag
CWE-79JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-79JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-79JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-79JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-79JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-79JavaScript/TypeScriptjs/xss-more-sourcesClient-side cross-site scripting with additional heuristic sources
CWE-79JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-79JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-80JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-80JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-80JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-88JavaScript/TypeScriptjs/command-line-injectionUncontrolled command line
CWE-88JavaScript/TypeScriptjs/indirect-command-line-injectionIndirect uncontrolled command line
CWE-88JavaScript/TypeScriptjs/second-order-command-line-injectionSecond order command injection
CWE-88JavaScript/TypeScriptjs/shell-command-injection-from-environmentShell command built from environment values
CWE-88JavaScript/TypeScriptjs/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-88JavaScript/TypeScriptjs/command-line-injection-more-sourcesUncontrolled command line with additional heuristic sources
CWE-89JavaScript/TypeScriptjs/sql-injectionDatabase query built from user-controlled sources
CWE-89JavaScript/TypeScriptjs/env-key-and-value-injectionUser controlled arbitrary environment variable injection
CWE-89JavaScript/TypeScriptjs/env-value-injectionUser controlled environment variable value injection
CWE-89JavaScript/TypeScriptjs/sql-injection-more-sourcesDatabase query built from user-controlled sources with additional heuristic sources
CWE-90JavaScript/TypeScriptjs/sql-injectionDatabase query built from user-controlled sources
CWE-90JavaScript/TypeScriptjs/sql-injection-more-sourcesDatabase query built from user-controlled sources with additional heuristic sources
CWE-91JavaScript/TypeScriptjs/xpath-injectionXPath injection
CWE-91JavaScript/TypeScriptjs/xpath-injection-more-sourcesXPath injection with additional heuristic sources
CWE-94JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-94JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-94JavaScript/TypeScriptjs/code-injectionCode injection
CWE-94JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-94JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-94JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-94JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-94JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-94JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-94JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-94JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-94JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-95JavaScript/TypeScriptjs/code-injectionCode injection
CWE-95JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-95JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-99JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-116JavaScript/TypeScriptjs/angular/disabling-sceDisabling SCE
CWE-116JavaScript/TypeScriptjs/identity-replacementReplacement of a substring with itself
CWE-116JavaScript/TypeScriptjs/xss-through-exceptionException text reinterpreted as HTML
CWE-116JavaScript/TypeScriptjs/reflected-xssReflected cross-site scripting
CWE-116JavaScript/TypeScriptjs/stored-xssStored cross-site scripting
CWE-116JavaScript/TypeScriptjs/html-constructed-from-inputUnsafe HTML constructed from library input
CWE-116JavaScript/TypeScriptjs/unsafe-jquery-pluginUnsafe jQuery plugin
CWE-116JavaScript/TypeScriptjs/xssClient-side cross-site scripting
CWE-116JavaScript/TypeScriptjs/xss-through-domDOM text reinterpreted as HTML
CWE-116JavaScript/TypeScriptjs/code-injectionCode injection
CWE-116JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-116JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-116JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-116JavaScript/TypeScriptjs/double-escapingDouble escaping or unescaping
CWE-116JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-116JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-116JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-116JavaScript/TypeScriptjs/unsafe-html-expansionUnsafe expansion of self-closing HTML tag
CWE-116JavaScript/TypeScriptjs/log-injectionLog injection
CWE-116JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-116JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-116JavaScript/TypeScriptjs/xss-more-sourcesClient-side cross-site scripting with additional heuristic sources
CWE-116JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-116JavaScript/TypeScriptjs/log-injection-more-sourcesLog injection with additional heuristic sources
CWE-117JavaScript/TypeScriptjs/log-injectionLog injection
CWE-117JavaScript/TypeScriptjs/log-injection-more-sourcesLog injection with additional heuristic sources
CWE-134JavaScript/TypeScriptjs/tainted-format-stringUse of externally-controlled format string
CWE-134JavaScript/TypeScriptjs/tainted-format-string-more-sourcesUse of externally-controlled format string with additional heuristic sources
CWE-178JavaScript/TypeScriptjs/case-sensitive-middleware-pathCase-sensitive middleware path
CWE-183JavaScript/TypeScriptjs/angular/insecure-url-whitelistInsecure URL whitelist
CWE-183JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-183JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-183JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-184JavaScript/TypeScriptjs/incomplete-url-scheme-checkIncomplete URL scheme check
CWE-184JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-185JavaScript/TypeScriptjs/angular/insecure-url-whitelistInsecure URL whitelist
CWE-185JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-186JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-193JavaScript/TypeScriptjs/index-out-of-boundsOff-by-one comparison against length
CWE-197JavaScript/TypeScriptjs/shift-out-of-rangeShift out of range
CWE-200JavaScript/TypeScriptjs/unsafe-external-linkPotentially unsafe external link
CWE-200JavaScript/TypeScriptjs/file-access-to-httpFile data in outbound network request
CWE-200JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-200JavaScript/TypeScriptjs/cross-window-information-leakCross-window communication with unrestricted target origin
CWE-200JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-200JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-200JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-200JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-200JavaScript/TypeScriptjs/sensitive-get-querySensitive data read from GET request
CWE-201JavaScript/TypeScriptjs/cross-window-information-leakCross-window communication with unrestricted target origin
CWE-209JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-216JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-219JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-221JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-227JavaScript/TypeScriptjs/superfluous-trailing-argumentsSuperfluous trailing arguments
CWE-227JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-248JavaScript/TypeScriptjs/server-crashServer crash
CWE-250JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-250JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-256JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-258JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-259JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-260JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-260JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-269JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-269JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-284JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-284JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-284JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-284JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-284JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-284JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-284JavaScript/TypeScriptjs/session-fixationFailure to abandon session
CWE-284JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-284JavaScript/TypeScriptjs/host-header-forgery-in-email-generationHost header poisoning in email generation
CWE-284JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-284JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-284JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-284JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-284JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-284JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-284JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-284JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-284JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-284JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-285JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-285JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-285JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-285JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-287JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-287JavaScript/TypeScriptjs/session-fixationFailure to abandon session
CWE-287JavaScript/TypeScriptjs/host-header-forgery-in-email-generationHost header poisoning in email generation
CWE-287JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-287JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-287JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-287JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-287JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-287JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-287JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-290JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-290JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-290JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-295JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-297JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-300JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-307JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-311JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-311JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-311JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-311JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-311JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-311JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-312JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-312JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-312JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-312JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-312JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-313JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-315JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-315JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-319JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-319JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-321JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-326JavaScript/TypeScriptjs/insufficient-key-sizeUse of a weak cryptographic key
CWE-326JavaScript/TypeScriptjs/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-327JavaScript/TypeScriptjs/biased-cryptographic-randomCreating biased random numbers from a cryptographically secure source
CWE-327JavaScript/TypeScriptjs/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-327JavaScript/TypeScriptjs/insufficient-password-hashUse of password hash with insufficient computational effort
CWE-328JavaScript/TypeScriptjs/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-330JavaScript/TypeScriptjs/insecure-randomnessInsecure randomness
CWE-330JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-330JavaScript/TypeScriptjs/predictable-tokenPredictable token
CWE-338JavaScript/TypeScriptjs/insecure-randomnessInsecure randomness
CWE-340JavaScript/TypeScriptjs/predictable-tokenPredictable token
CWE-344JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-345JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-345JavaScript/TypeScriptjs/jwt-missing-verificationJWT missing secret or public key verification
CWE-345JavaScript/TypeScriptjs/missing-token-validationMissing CSRF middleware
CWE-345JavaScript/TypeScriptjs/decode-jwt-without-verificationJWT missing secret or public key verification
CWE-345JavaScript/TypeScriptjs/decode-jwt-without-verification-local-sourceJWT missing secret or public key verification
CWE-345JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-346JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-346JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-347JavaScript/TypeScriptjs/jwt-missing-verificationJWT missing secret or public key verification
CWE-347JavaScript/TypeScriptjs/decode-jwt-without-verificationJWT missing secret or public key verification
CWE-347JavaScript/TypeScriptjs/decode-jwt-without-verification-local-sourceJWT missing secret or public key verification
CWE-352JavaScript/TypeScriptjs/missing-token-validationMissing CSRF middleware
CWE-359JavaScript/TypeScriptjs/cross-window-information-leakCross-window communication with unrestricted target origin
CWE-359JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-359JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-359JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-362JavaScript/TypeScriptjs/file-system-racePotential file system race condition
CWE-367JavaScript/TypeScriptjs/file-system-racePotential file system race condition
CWE-377JavaScript/TypeScriptjs/insecure-temporary-fileInsecure temporary file
CWE-378JavaScript/TypeScriptjs/insecure-temporary-fileInsecure temporary file
CWE-384JavaScript/TypeScriptjs/session-fixationFailure to abandon session
CWE-398JavaScript/TypeScriptjs/todo-commentTODO comment
CWE-398JavaScript/TypeScriptjs/eval-like-callCall to eval-like DOM function
CWE-398JavaScript/TypeScriptjs/variable-initialization-conflictConflicting variable initialization
CWE-398JavaScript/TypeScriptjs/function-declaration-conflictConflicting function declarations
CWE-398JavaScript/TypeScriptjs/useless-assignment-to-globalUseless assignment to global variable
CWE-398JavaScript/TypeScriptjs/useless-assignment-to-localUseless assignment to local variable
CWE-398JavaScript/TypeScriptjs/overwritten-propertyOverwritten property
CWE-398JavaScript/TypeScriptjs/comparison-of-identical-expressionsComparison of identical values
CWE-398JavaScript/TypeScriptjs/comparison-with-nanComparison with NaN
CWE-398JavaScript/TypeScriptjs/duplicate-conditionDuplicate 'if' condition
CWE-398JavaScript/TypeScriptjs/duplicate-propertyDuplicate property
CWE-398JavaScript/TypeScriptjs/duplicate-switch-caseDuplicate switch case
CWE-398JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-398JavaScript/TypeScriptjs/comparison-between-incompatible-typesComparison between inconvertible types
CWE-398JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-398JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-398JavaScript/TypeScriptjs/call-to-non-callableInvocation of non-function
CWE-398JavaScript/TypeScriptjs/property-access-on-non-objectProperty access on null or undefined
CWE-398JavaScript/TypeScriptjs/unneeded-defensive-codeUnneeded defensive code
CWE-398JavaScript/TypeScriptjs/useless-type-testUseless type test
CWE-398JavaScript/TypeScriptjs/eval-callUse of eval
CWE-398JavaScript/TypeScriptjs/node/assignment-to-exports-variableAssignment to exports variable
CWE-398JavaScript/TypeScriptjs/regex/unmatchable-caretUnmatchable caret in regular expression
CWE-398JavaScript/TypeScriptjs/regex/unmatchable-dollarUnmatchable dollar in regular expression
CWE-398JavaScript/TypeScriptjs/useless-assignment-in-returnReturn statement assigns local variable
CWE-398JavaScript/TypeScriptjs/unreachable-statementUnreachable statement
CWE-398JavaScript/TypeScriptjs/trivial-conditionalUseless conditional
CWE-400JavaScript/TypeScriptjs/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-400JavaScript/TypeScriptjs/redosInefficient regular expression
CWE-400JavaScript/TypeScriptjs/resource-exhaustion-from-deep-object-traversalResources exhaustion from deep object traversal
CWE-400JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-400JavaScript/TypeScriptjs/regex-injectionRegular expression injection
CWE-400JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-400JavaScript/TypeScriptjs/resource-exhaustionResource exhaustion
CWE-400JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-400JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-400JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-400JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-400JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-400JavaScript/TypeScriptjs/regex-injection-more-sourcesRegular expression injection with additional heuristic sources
CWE-400JavaScript/TypeScriptjs/resource-exhaustion-more-sourcesResource exhaustion with additional heuristic sources
CWE-400JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-400JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-405JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-405JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-409JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-409JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-434JavaScript/TypeScriptjs/http-to-file-accessNetwork data written to file
CWE-435JavaScript/TypeScriptjs/insecure-http-parserInsecure http parser
CWE-436JavaScript/TypeScriptjs/insecure-http-parserInsecure http parser
CWE-441JavaScript/TypeScriptjs/client-side-request-forgeryClient-side request forgery
CWE-441JavaScript/TypeScriptjs/request-forgeryServer-side request forgery
CWE-441JavaScript/TypeScriptjavascript/ssrfUncontrolled data used in network request
CWE-444JavaScript/TypeScriptjs/insecure-http-parserInsecure http parser
CWE-451JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-471JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-471JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-471JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-471JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-476JavaScript/TypeScriptjs/call-to-non-callableInvocation of non-function
CWE-476JavaScript/TypeScriptjs/property-access-on-non-objectProperty access on null or undefined
CWE-480JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-480JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-480JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-480JavaScript/TypeScriptjs/deletion-of-non-propertyDeleting non-property
CWE-483JavaScript/TypeScriptjs/misleading-indentation-of-dangling-elseMisleading indentation of dangling 'else'
CWE-483JavaScript/TypeScriptjs/misleading-indentation-after-control-statementMisleading indentation after control statement
CWE-485JavaScript/TypeScriptjs/alert-callInvocation of alert
CWE-485JavaScript/TypeScriptjs/debugger-statementUse of debugger statement
CWE-485JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-489JavaScript/TypeScriptjs/alert-callInvocation of alert
CWE-489JavaScript/TypeScriptjs/debugger-statementUse of debugger statement
CWE-494JavaScript/TypeScriptjs/enabling-electron-insecure-contentEnabling Electron allowRunningInsecureContent
CWE-494JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-497JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-502JavaScript/TypeScriptjs/unsafe-deserializationDeserialization of user-controlled data
CWE-502JavaScript/TypeScriptjs/unsafe-deserialization-more-sourcesDeserialization of user-controlled data with additional heuristic sources
CWE-506JavaScript/TypeScriptjs/hardcoded-data-interpreted-as-codeHard-coded data interpreted as code
CWE-521JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-522JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-522JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-522JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-532JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-538JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-538JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-546JavaScript/TypeScriptjs/todo-commentTODO comment
CWE-548JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-552JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-552JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-561JavaScript/TypeScriptjs/comparison-of-identical-expressionsComparison of identical values
CWE-561JavaScript/TypeScriptjs/comparison-with-nanComparison with NaN
CWE-561JavaScript/TypeScriptjs/duplicate-conditionDuplicate 'if' condition
CWE-561JavaScript/TypeScriptjs/duplicate-switch-caseDuplicate switch case
CWE-561JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-561JavaScript/TypeScriptjs/comparison-between-incompatible-typesComparison between inconvertible types
CWE-561JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-561JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-561JavaScript/TypeScriptjs/unneeded-defensive-codeUnneeded defensive code
CWE-561JavaScript/TypeScriptjs/useless-type-testUseless type test
CWE-561JavaScript/TypeScriptjs/regex/unmatchable-caretUnmatchable caret in regular expression
CWE-561JavaScript/TypeScriptjs/regex/unmatchable-dollarUnmatchable dollar in regular expression
CWE-561JavaScript/TypeScriptjs/unreachable-statementUnreachable statement
CWE-561JavaScript/TypeScriptjs/trivial-conditionalUseless conditional
CWE-563JavaScript/TypeScriptjs/variable-initialization-conflictConflicting variable initialization
CWE-563JavaScript/TypeScriptjs/function-declaration-conflictConflicting function declarations
CWE-563JavaScript/TypeScriptjs/useless-assignment-to-globalUseless assignment to global variable
CWE-563JavaScript/TypeScriptjs/useless-assignment-to-localUseless assignment to local variable
CWE-563JavaScript/TypeScriptjs/overwritten-propertyOverwritten property
CWE-563JavaScript/TypeScriptjs/duplicate-propertyDuplicate property
CWE-563JavaScript/TypeScriptjs/node/assignment-to-exports-variableAssignment to exports variable
CWE-563JavaScript/TypeScriptjs/useless-assignment-in-returnReturn statement assigns local variable
CWE-570JavaScript/TypeScriptjs/comparison-of-identical-expressionsComparison of identical values
CWE-570JavaScript/TypeScriptjs/comparison-with-nanComparison with NaN
CWE-570JavaScript/TypeScriptjs/comparison-between-incompatible-typesComparison between inconvertible types
CWE-570JavaScript/TypeScriptjs/unneeded-defensive-codeUnneeded defensive code
CWE-570JavaScript/TypeScriptjs/useless-type-testUseless type test
CWE-570JavaScript/TypeScriptjs/trivial-conditionalUseless conditional
CWE-571JavaScript/TypeScriptjs/comparison-of-identical-expressionsComparison of identical values
CWE-571JavaScript/TypeScriptjs/comparison-with-nanComparison with NaN
CWE-571JavaScript/TypeScriptjs/comparison-between-incompatible-typesComparison between inconvertible types
CWE-571JavaScript/TypeScriptjs/unneeded-defensive-codeUnneeded defensive code
CWE-571JavaScript/TypeScriptjs/useless-type-testUseless type test
CWE-571JavaScript/TypeScriptjs/trivial-conditionalUseless conditional
CWE-573JavaScript/TypeScriptjs/superfluous-trailing-argumentsSuperfluous trailing arguments
CWE-584JavaScript/TypeScriptjs/exit-from-finallyJump from finally
CWE-592JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-592JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-592JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-598JavaScript/TypeScriptjs/sensitive-get-querySensitive data read from GET request
CWE-601JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-601JavaScript/TypeScriptjs/server-side-unvalidated-url-redirectionServer-side URL redirect
CWE-610JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-610JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-610JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-610JavaScript/TypeScriptjs/server-side-unvalidated-url-redirectionServer-side URL redirect
CWE-610JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-610JavaScript/TypeScriptjs/client-side-request-forgeryClient-side request forgery
CWE-610JavaScript/TypeScriptjs/request-forgeryServer-side request forgery
CWE-610JavaScript/TypeScriptjavascript/ssrfUncontrolled data used in network request
CWE-610JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-611JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-611JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-614JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-625JavaScript/TypeScriptjs/angular/insecure-url-whitelistInsecure URL whitelist
CWE-628JavaScript/TypeScriptjs/superfluous-trailing-argumentsSuperfluous trailing arguments
CWE-639JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-639JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-640JavaScript/TypeScriptjs/host-header-forgery-in-email-generationHost header poisoning in email generation
CWE-642JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-642JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-643JavaScript/TypeScriptjs/xpath-injectionXPath injection
CWE-643JavaScript/TypeScriptjs/xpath-injection-more-sourcesXPath injection with additional heuristic sources
CWE-657JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-657JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-657JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/alert-callInvocation of alert
CWE-664JavaScript/TypeScriptjs/unsafe-external-linkPotentially unsafe external link
CWE-664JavaScript/TypeScriptjs/enabling-electron-insecure-contentEnabling Electron allowRunningInsecureContent
CWE-664JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-664JavaScript/TypeScriptjs/implicit-operand-conversionImplicit operand conversion
CWE-664JavaScript/TypeScriptjs/shift-out-of-rangeShift out of range
CWE-664JavaScript/TypeScriptjs/debugger-statementUse of debugger statement
CWE-664JavaScript/TypeScriptjs/invalid-prototype-valueInvalid prototype value
CWE-664JavaScript/TypeScriptjs/property-assignment-on-primitiveAssignment to property of primitive value
CWE-664JavaScript/TypeScriptjs/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-664JavaScript/TypeScriptjs/redosInefficient regular expression
CWE-664JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-664JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-664JavaScript/TypeScriptjs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-664JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-664JavaScript/TypeScriptjs/code-injectionCode injection
CWE-664JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-664JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-664JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-664JavaScript/TypeScriptjs/case-sensitive-middleware-pathCase-sensitive middleware path
CWE-664JavaScript/TypeScriptjs/file-access-to-httpFile data in outbound network request
CWE-664JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-664JavaScript/TypeScriptjs/cross-window-information-leakCross-window communication with unrestricted target origin
CWE-664JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-664JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-664JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-664JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-664JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-664JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-664JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-664JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-664JavaScript/TypeScriptjs/insecure-temporary-fileInsecure temporary file
CWE-664JavaScript/TypeScriptjs/session-fixationFailure to abandon session
CWE-664JavaScript/TypeScriptjs/resource-exhaustion-from-deep-object-traversalResources exhaustion from deep object traversal
CWE-664JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-664JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-664JavaScript/TypeScriptjs/unsafe-deserializationDeserialization of user-controlled data
CWE-664JavaScript/TypeScriptjs/sensitive-get-querySensitive data read from GET request
CWE-664JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-664JavaScript/TypeScriptjs/server-side-unvalidated-url-redirectionServer-side URL redirect
CWE-664JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-664JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-664JavaScript/TypeScriptjs/host-header-forgery-in-email-generationHost header poisoning in email generation
CWE-664JavaScript/TypeScriptjs/regex-injectionRegular expression injection
CWE-664JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-664JavaScript/TypeScriptjs/resource-exhaustionResource exhaustion
CWE-664JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-664JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-664JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-664JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-664JavaScript/TypeScriptjs/insecure-downloadDownload of sensitive file through insecure connection
CWE-664JavaScript/TypeScriptjs/functionality-from-untrusted-domainUntrusted domain used in script or other content
CWE-664JavaScript/TypeScriptjs/functionality-from-untrusted-sourceInclusion of functionality from an untrusted source
CWE-664JavaScript/TypeScriptjs/type-confusion-through-parameter-tamperingType confusion through parameter tampering
CWE-664JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-664JavaScript/TypeScriptjs/http-to-file-accessNetwork data written to file
CWE-664JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-664JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-664JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-664JavaScript/TypeScriptjs/client-side-request-forgeryClient-side request forgery
CWE-664JavaScript/TypeScriptjs/request-forgeryServer-side request forgery
CWE-664JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-664JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-664JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-664JavaScript/TypeScriptjavascript/ssrfUncontrolled data used in network request
CWE-664JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/unsafe-deserialization-more-sourcesDeserialization of user-controlled data with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/regex-injection-more-sourcesRegular expression injection with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/resource-exhaustion-more-sourcesResource exhaustion with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-664JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-665JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-665JavaScript/TypeScriptjs/resource-exhaustionResource exhaustion
CWE-665JavaScript/TypeScriptjs/resource-exhaustion-more-sourcesResource exhaustion with additional heuristic sources
CWE-668JavaScript/TypeScriptjs/unsafe-external-linkPotentially unsafe external link
CWE-668JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-668JavaScript/TypeScriptjs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-668JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-668JavaScript/TypeScriptjs/file-access-to-httpFile data in outbound network request
CWE-668JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-668JavaScript/TypeScriptjs/cross-window-information-leakCross-window communication with unrestricted target origin
CWE-668JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-668JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-668JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-668JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-668JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-668JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-668JavaScript/TypeScriptjs/insecure-temporary-fileInsecure temporary file
CWE-668JavaScript/TypeScriptjs/sensitive-get-querySensitive data read from GET request
CWE-668JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-668JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-668JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-668JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-669JavaScript/TypeScriptjs/enabling-electron-insecure-contentEnabling Electron allowRunningInsecureContent
CWE-669JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-669JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-669JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-669JavaScript/TypeScriptjs/insecure-downloadDownload of sensitive file through insecure connection
CWE-669JavaScript/TypeScriptjs/functionality-from-untrusted-domainUntrusted domain used in script or other content
CWE-669JavaScript/TypeScriptjs/functionality-from-untrusted-sourceInclusion of functionality from an untrusted source
CWE-669JavaScript/TypeScriptjs/http-to-file-accessNetwork data written to file
CWE-669JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-670JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-670JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-670JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-670JavaScript/TypeScriptjs/unclear-operator-precedenceUnclear precedence of nested operators
CWE-670JavaScript/TypeScriptjs/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-670JavaScript/TypeScriptjs/deletion-of-non-propertyDeleting non-property
CWE-670JavaScript/TypeScriptjs/misleading-indentation-of-dangling-elseMisleading indentation of dangling 'else'
CWE-670JavaScript/TypeScriptjs/misleading-indentation-after-control-statementMisleading indentation after control statement
CWE-671JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-674JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-674JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-676JavaScript/TypeScriptjs/eval-like-callCall to eval-like DOM function
CWE-676JavaScript/TypeScriptjs/eval-callUse of eval
CWE-681JavaScript/TypeScriptjs/shift-out-of-rangeShift out of range
CWE-682JavaScript/TypeScriptjs/index-out-of-boundsOff-by-one comparison against length
CWE-684JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-685JavaScript/TypeScriptjs/superfluous-trailing-argumentsSuperfluous trailing arguments
CWE-691JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-691JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-691JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-691JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-691JavaScript/TypeScriptjs/unclear-operator-precedenceUnclear precedence of nested operators
CWE-691JavaScript/TypeScriptjs/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-691JavaScript/TypeScriptjs/deletion-of-non-propertyDeleting non-property
CWE-691JavaScript/TypeScriptjs/exit-from-finallyJump from finally
CWE-691JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-691JavaScript/TypeScriptjs/code-injectionCode injection
CWE-691JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-691JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-691JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-691JavaScript/TypeScriptjs/file-system-racePotential file system race condition
CWE-691JavaScript/TypeScriptjs/server-crashServer crash
CWE-691JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-691JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-691JavaScript/TypeScriptjs/loop-bound-injectionLoop bound injection
CWE-691JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-691JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-691JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-691JavaScript/TypeScriptjs/misleading-indentation-of-dangling-elseMisleading indentation of dangling 'else'
CWE-691JavaScript/TypeScriptjs/inconsistent-loop-directionInconsistent direction of for loop
CWE-691JavaScript/TypeScriptjs/misleading-indentation-after-control-statementMisleading indentation after control statement
CWE-691JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-691JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-691JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-691JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-693JavaScript/TypeScriptjs/angular/insecure-url-whitelistInsecure URL whitelist
CWE-693JavaScript/TypeScriptjs/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-693JavaScript/TypeScriptjs/incomplete-hostname-regexpIncomplete regular expression for hostnames
CWE-693JavaScript/TypeScriptjs/incomplete-url-scheme-checkIncomplete URL scheme check
CWE-693JavaScript/TypeScriptjs/incomplete-url-substring-sanitizationIncomplete URL substring sanitization
CWE-693JavaScript/TypeScriptjs/incorrect-suffix-checkIncorrect suffix check
CWE-693JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-693JavaScript/TypeScriptjs/regex/missing-regexp-anchorMissing regular expression anchor
CWE-693JavaScript/TypeScriptjs/overly-large-rangeOverly permissive regular expression range
CWE-693JavaScript/TypeScriptjs/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-693JavaScript/TypeScriptjs/useless-regexp-character-escapeUseless regular-expression character escape
CWE-693JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-693JavaScript/TypeScriptjs/double-escapingDouble escaping or unescaping
CWE-693JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-693JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-693JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-693JavaScript/TypeScriptjs/exposure-of-private-filesExposure of private files
CWE-693JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-693JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-693JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-693JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-693JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-693JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-693JavaScript/TypeScriptjs/insufficient-key-sizeUse of a weak cryptographic key
CWE-693JavaScript/TypeScriptjs/biased-cryptographic-randomCreating biased random numbers from a cryptographically secure source
CWE-693JavaScript/TypeScriptjs/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-693JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-693JavaScript/TypeScriptjs/jwt-missing-verificationJWT missing secret or public key verification
CWE-693JavaScript/TypeScriptjs/missing-token-validationMissing CSRF middleware
CWE-693JavaScript/TypeScriptjs/session-fixationFailure to abandon session
CWE-693JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-693JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-693JavaScript/TypeScriptjs/host-header-forgery-in-email-generationHost header poisoning in email generation
CWE-693JavaScript/TypeScriptjs/insecure-helmet-configurationInsecure configuration of Helmet security middleware
CWE-693JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-693JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-693JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-693JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-693JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-693JavaScript/TypeScriptjs/insufficient-password-hashUse of password hash with insufficient computational effort
CWE-693JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-693JavaScript/TypeScriptjs/decode-jwt-without-verificationJWT missing secret or public key verification
CWE-693JavaScript/TypeScriptjs/decode-jwt-without-verification-local-sourceJWT missing secret or public key verification
CWE-693JavaScript/TypeScriptjs/user-controlled-data-decompressionUser-controlled file decompression
CWE-693JavaScript/TypeScriptjs/untrusted-data-to-external-api-more-sourcesUntrusted data passed to external API with additional heuristic sources
CWE-693JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-693JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-693JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-697JavaScript/TypeScriptjs/angular/insecure-url-whitelistInsecure URL whitelist
CWE-697JavaScript/TypeScriptjs/incomplete-url-scheme-checkIncomplete URL scheme check
CWE-697JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-697JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-697JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-697JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-703JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-703JavaScript/TypeScriptjs/server-crashServer crash
CWE-703JavaScript/TypeScriptjs/unvalidated-dynamic-method-callUnvalidated dynamic method call
CWE-704JavaScript/TypeScriptjs/implicit-operand-conversionImplicit operand conversion
CWE-704JavaScript/TypeScriptjs/shift-out-of-rangeShift out of range
CWE-704JavaScript/TypeScriptjs/invalid-prototype-valueInvalid prototype value
CWE-704JavaScript/TypeScriptjs/property-assignment-on-primitiveAssignment to property of primitive value
CWE-704JavaScript/TypeScriptjs/type-confusion-through-parameter-tamperingType confusion through parameter tampering
CWE-705JavaScript/TypeScriptjs/exit-from-finallyJump from finally
CWE-705JavaScript/TypeScriptjs/server-crashServer crash
CWE-706JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-706JavaScript/TypeScriptjs/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-706JavaScript/TypeScriptjs/case-sensitive-middleware-pathCase-sensitive middleware path
CWE-706JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-706JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/angular/disabling-sceDisabling SCE
CWE-707JavaScript/TypeScriptjs/disabling-electron-websecurityDisabling Electron webSecurity
CWE-707JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-707JavaScript/TypeScriptjs/identity-replacementReplacement of a substring with itself
CWE-707JavaScript/TypeScriptjs/path-injectionUncontrolled data used in path expression
CWE-707JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-707JavaScript/TypeScriptjs/command-line-injectionUncontrolled command line
CWE-707JavaScript/TypeScriptjs/indirect-command-line-injectionIndirect uncontrolled command line
CWE-707JavaScript/TypeScriptjs/second-order-command-line-injectionSecond order command injection
CWE-707JavaScript/TypeScriptjs/shell-command-injection-from-environmentShell command built from environment values
CWE-707JavaScript/TypeScriptjs/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-707JavaScript/TypeScriptjs/unnecessary-use-of-catUnnecessary use ofcat process
CWE-707JavaScript/TypeScriptjs/xss-through-exceptionException text reinterpreted as HTML
CWE-707JavaScript/TypeScriptjs/reflected-xssReflected cross-site scripting
CWE-707JavaScript/TypeScriptjs/stored-xssStored cross-site scripting
CWE-707JavaScript/TypeScriptjs/html-constructed-from-inputUnsafe HTML constructed from library input
CWE-707JavaScript/TypeScriptjs/unsafe-jquery-pluginUnsafe jQuery plugin
CWE-707JavaScript/TypeScriptjs/xssClient-side cross-site scripting
CWE-707JavaScript/TypeScriptjs/xss-through-domDOM text reinterpreted as HTML
CWE-707JavaScript/TypeScriptjs/sql-injectionDatabase query built from user-controlled sources
CWE-707JavaScript/TypeScriptjs/code-injectionCode injection
CWE-707JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-707JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-707JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-707JavaScript/TypeScriptjs/bad-tag-filterBad HTML filtering regexp
CWE-707JavaScript/TypeScriptjs/double-escapingDouble escaping or unescaping
CWE-707JavaScript/TypeScriptjs/incomplete-html-attribute-sanitizationIncomplete HTML attribute sanitization
CWE-707JavaScript/TypeScriptjs/incomplete-multi-character-sanitizationIncomplete multi-character sanitization
CWE-707JavaScript/TypeScriptjs/incomplete-sanitizationIncomplete string escaping or encoding
CWE-707JavaScript/TypeScriptjs/unsafe-html-expansionUnsafe expansion of self-closing HTML tag
CWE-707JavaScript/TypeScriptjs/log-injectionLog injection
CWE-707JavaScript/TypeScriptjs/tainted-format-stringUse of externally-controlled format string
CWE-707JavaScript/TypeScriptjs/client-side-unvalidated-url-redirectionClient-side URL redirect
CWE-707JavaScript/TypeScriptjs/xpath-injectionXPath injection
CWE-707JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-707JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-707JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-707JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-707JavaScript/TypeScriptjs/env-key-and-value-injectionUser controlled arbitrary environment variable injection
CWE-707JavaScript/TypeScriptjs/env-value-injectionUser controlled environment variable value injection
CWE-707JavaScript/TypeScriptjs/command-line-injection-more-sourcesUncontrolled command line with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/xss-more-sourcesClient-side cross-site scripting with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/sql-injection-more-sourcesDatabase query built from user-controlled sources with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/log-injection-more-sourcesLog injection with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/tainted-format-string-more-sourcesUse of externally-controlled format string with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/xpath-injection-more-sourcesXPath injection with additional heuristic sources
CWE-707JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-710JavaScript/TypeScriptjs/todo-commentTODO comment
CWE-710JavaScript/TypeScriptjs/conflicting-html-attributeConflicting HTML element attributes
CWE-710JavaScript/TypeScriptjs/malformed-html-idMalformed id attribute
CWE-710JavaScript/TypeScriptjs/eval-like-callCall to eval-like DOM function
CWE-710JavaScript/TypeScriptjs/variable-initialization-conflictConflicting variable initialization
CWE-710JavaScript/TypeScriptjs/function-declaration-conflictConflicting function declarations
CWE-710JavaScript/TypeScriptjs/useless-assignment-to-globalUseless assignment to global variable
CWE-710JavaScript/TypeScriptjs/useless-assignment-to-localUseless assignment to local variable
CWE-710JavaScript/TypeScriptjs/overwritten-propertyOverwritten property
CWE-710JavaScript/TypeScriptjs/comparison-of-identical-expressionsComparison of identical values
CWE-710JavaScript/TypeScriptjs/comparison-with-nanComparison with NaN
CWE-710JavaScript/TypeScriptjs/duplicate-conditionDuplicate 'if' condition
CWE-710JavaScript/TypeScriptjs/duplicate-propertyDuplicate property
CWE-710JavaScript/TypeScriptjs/duplicate-switch-caseDuplicate switch case
CWE-710JavaScript/TypeScriptjs/useless-expressionExpression has no effect
CWE-710JavaScript/TypeScriptjs/comparison-between-incompatible-typesComparison between inconvertible types
CWE-710JavaScript/TypeScriptjs/redundant-operationIdentical operands
CWE-710JavaScript/TypeScriptjs/redundant-assignmentSelf assignment
CWE-710JavaScript/TypeScriptjs/call-to-non-callableInvocation of non-function
CWE-710JavaScript/TypeScriptjs/property-access-on-non-objectProperty access on null or undefined
CWE-710JavaScript/TypeScriptjs/unneeded-defensive-codeUnneeded defensive code
CWE-710JavaScript/TypeScriptjs/useless-type-testUseless type test
CWE-710JavaScript/TypeScriptjs/conditional-commentConditional comments
CWE-710JavaScript/TypeScriptjs/eval-callUse of eval
CWE-710JavaScript/TypeScriptjs/non-standard-language-featureUse of platform-specific language features
CWE-710JavaScript/TypeScriptjs/for-in-comprehensionUse of for-in comprehension blocks
CWE-710JavaScript/TypeScriptjs/superfluous-trailing-argumentsSuperfluous trailing arguments
CWE-710JavaScript/TypeScriptjs/yield-outside-generatorYield in non-generator function
CWE-710JavaScript/TypeScriptjs/node/assignment-to-exports-variableAssignment to exports variable
CWE-710JavaScript/TypeScriptjs/regex/unmatchable-caretUnmatchable caret in regular expression
CWE-710JavaScript/TypeScriptjs/regex/unmatchable-dollarUnmatchable dollar in regular expression
CWE-710JavaScript/TypeScriptjs/remote-property-injectionRemote property injection
CWE-710JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-710JavaScript/TypeScriptjs/hardcoded-data-interpreted-as-codeHard-coded data interpreted as code
CWE-710JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-710JavaScript/TypeScriptjs/http-to-file-accessNetwork data written to file
CWE-710JavaScript/TypeScriptjs/useless-assignment-in-returnReturn statement assigns local variable
CWE-710JavaScript/TypeScriptjs/unreachable-statementUnreachable statement
CWE-710JavaScript/TypeScriptjs/trivial-conditionalUseless conditional
CWE-710JavaScript/TypeScriptjs/remote-property-injection-more-sourcesRemote property injection with additional heuristic sources
CWE-754JavaScript/TypeScriptjs/unvalidated-dynamic-method-callUnvalidated dynamic method call
CWE-755JavaScript/TypeScriptjs/stack-trace-exposureInformation exposure through a stack trace
CWE-758JavaScript/TypeScriptjs/conflicting-html-attributeConflicting HTML element attributes
CWE-758JavaScript/TypeScriptjs/malformed-html-idMalformed id attribute
CWE-758JavaScript/TypeScriptjs/conditional-commentConditional comments
CWE-758JavaScript/TypeScriptjs/non-standard-language-featureUse of platform-specific language features
CWE-758JavaScript/TypeScriptjs/for-in-comprehensionUse of for-in comprehension blocks
CWE-758JavaScript/TypeScriptjs/yield-outside-generatorYield in non-generator function
CWE-770JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-770JavaScript/TypeScriptjs/resource-exhaustionResource exhaustion
CWE-770JavaScript/TypeScriptjs/resource-exhaustion-more-sourcesResource exhaustion with additional heuristic sources
CWE-776JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-776JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-783JavaScript/TypeScriptjs/unclear-operator-precedenceUnclear precedence of nested operators
CWE-783JavaScript/TypeScriptjs/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-798JavaScript/TypeScriptjs/hardcoded-credentialsHard-coded credentials
CWE-799JavaScript/TypeScriptjs/missing-rate-limitingMissing rate limiting
CWE-807JavaScript/TypeScriptjs/user-controlled-bypassUser-controlled bypass of security check
CWE-807JavaScript/TypeScriptjs/different-kinds-comparison-bypassComparison of user-controlled data of different kinds
CWE-807JavaScript/TypeScriptjs/user-controlled-bypass-more-sourcesUser-controlled bypass of security check with additional heuristic sources
CWE-827JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-827JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-829JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-829JavaScript/TypeScriptjs/missing-x-frame-optionsMissing X-Frame-Options HTTP header
CWE-829JavaScript/TypeScriptjs/xxeXML external entity expansion
CWE-829JavaScript/TypeScriptjs/insecure-downloadDownload of sensitive file through insecure connection
CWE-829JavaScript/TypeScriptjs/functionality-from-untrusted-domainUntrusted domain used in script or other content
CWE-829JavaScript/TypeScriptjs/functionality-from-untrusted-sourceInclusion of functionality from an untrusted source
CWE-829JavaScript/TypeScriptjs/xxe-more-sourcesXML external entity expansion with additional heuristic sources
CWE-830JavaScript/TypeScriptjs/functionality-from-untrusted-domainUntrusted domain used in script or other content
CWE-830JavaScript/TypeScriptjs/functionality-from-untrusted-sourceInclusion of functionality from an untrusted source
CWE-834JavaScript/TypeScriptjs/xml-bombXML internal entity expansion
CWE-834JavaScript/TypeScriptjs/loop-bound-injectionLoop bound injection
CWE-834JavaScript/TypeScriptjs/inconsistent-loop-directionInconsistent direction of for loop
CWE-834JavaScript/TypeScriptjs/xml-bomb-more-sourcesXML internal entity expansion with additional heuristic sources
CWE-835JavaScript/TypeScriptjs/inconsistent-loop-directionInconsistent direction of for loop
CWE-843JavaScript/TypeScriptjs/type-confusion-through-parameter-tamperingType confusion through parameter tampering
CWE-862JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-862JavaScript/TypeScriptjs/empty-password-in-configuration-fileEmpty password in configuration file
CWE-862JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-912JavaScript/TypeScriptjs/hardcoded-data-interpreted-as-codeHard-coded data interpreted as code
CWE-912JavaScript/TypeScriptjs/http-to-file-accessNetwork data written to file
CWE-913JavaScript/TypeScriptjs/enabling-electron-renderer-node-integrationEnabling Node.js integration for Electron web content renderers
CWE-913JavaScript/TypeScriptjs/template-object-injectionTemplate Object Injection
CWE-913JavaScript/TypeScriptjs/code-injectionCode injection
CWE-913JavaScript/TypeScriptjs/bad-code-sanitizationImproper code sanitization
CWE-913JavaScript/TypeScriptjs/unsafe-code-constructionUnsafe code constructed from library input
CWE-913JavaScript/TypeScriptjs/unsafe-dynamic-method-accessUnsafe dynamic method access
CWE-913JavaScript/TypeScriptjs/unsafe-deserializationDeserialization of user-controlled data
CWE-913JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-913JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-913JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-913JavaScript/TypeScriptjs/code-injection-dynamic-importCode injection from dynamically imported code
CWE-913JavaScript/TypeScriptjs/code-injection-more-sourcesCode injection with additional heuristic sources
CWE-913JavaScript/TypeScriptjs/unsafe-deserialization-more-sourcesDeserialization of user-controlled data with additional heuristic sources
CWE-913JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-915JavaScript/TypeScriptjs/prototype-polluting-assignmentPrototype-polluting assignment
CWE-915JavaScript/TypeScriptjs/prototype-pollution-utilityPrototype-polluting function
CWE-915JavaScript/TypeScriptjs/prototype-pollutionPrototype-polluting merge call
CWE-915JavaScript/TypeScriptjs/prototype-polluting-assignment-more-sourcesPrototype-polluting assignment with additional heuristic sources
CWE-916JavaScript/TypeScriptjs/insufficient-password-hashUse of password hash with insufficient computational effort
CWE-918JavaScript/TypeScriptjs/client-side-request-forgeryClient-side request forgery
CWE-918JavaScript/TypeScriptjs/request-forgeryServer-side request forgery
CWE-918JavaScript/TypeScriptjavascript/ssrfUncontrolled data used in network request
CWE-922JavaScript/TypeScriptjs/build-artifact-leakStorage of sensitive information in build artifact
CWE-922JavaScript/TypeScriptjs/clear-text-loggingClear-text logging of sensitive information
CWE-922JavaScript/TypeScriptjs/clear-text-storage-of-sensitive-dataClear text storage of sensitive information
CWE-922JavaScript/TypeScriptjs/password-in-configuration-filePassword in configuration file
CWE-922JavaScript/TypeScriptjs/clear-text-cookieClear text transmission of sensitive cookie
CWE-923JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-923JavaScript/TypeScriptjs/disabling-certificate-validationDisabling certificate validation
CWE-923JavaScript/TypeScriptjs/insecure-dependencyDependency download using unencrypted communication channel
CWE-940JavaScript/TypeScriptjs/missing-origin-checkMissing origin verification inpostMessage handler
CWE-942JavaScript/TypeScriptjs/cors-misconfiguration-for-credentialsCORS misconfiguration for credentials transfer
CWE-942JavaScript/TypeScriptjs/cors-permissive-configurationPermissive CORS configuration
CWE-942JavaScript/TypeScriptjs/cors-misconfiguration-for-credentials-more-sourcesCORS misconfiguration for credentials transfer with additional heuristic sources
CWE-943JavaScript/TypeScriptjs/sql-injectionDatabase query built from user-controlled sources
CWE-943JavaScript/TypeScriptjs/xpath-injectionXPath injection
CWE-943JavaScript/TypeScriptjs/env-key-and-value-injectionUser controlled arbitrary environment variable injection
CWE-943JavaScript/TypeScriptjs/env-value-injectionUser controlled environment variable value injection
CWE-943JavaScript/TypeScriptjs/sql-injection-more-sourcesDatabase query built from user-controlled sources with additional heuristic sources
CWE-943JavaScript/TypeScriptjs/xpath-injection-more-sourcesXPath injection with additional heuristic sources
CWE-1004JavaScript/TypeScriptjs/client-exposed-cookieSensitive server cookie exposed to the client
CWE-1021JavaScript/TypeScriptjs/insecure-helmet-configurationInsecure configuration of Helmet security middleware
CWE-1022JavaScript/TypeScriptjs/unsafe-external-linkPotentially unsafe external link
CWE-1176JavaScript/TypeScriptjs/angular/double-compilationDouble compilation
CWE-1275JavaScript/TypeScriptjs/samesite-none-cookieSensitive cookie without SameSite restrictions
CWE-1333JavaScript/TypeScriptjs/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-1333JavaScript/TypeScriptjs/redosInefficient regular expression
[8]ページ先頭
©2009-2025 Movatter.jp