Movatterモバイル変換

[0]ホーム
URL:

CodeQL documentation
CodeQL resources

CWE coverage for Java and Kotlin

An overview of CWE coverage for Java in the latest release of CodeQL.

Overview

CWELanguageQuery idQuery name
CWE-20Java/Kotlinjava/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-20Java/Kotlinjava/overly-large-rangeOverly permissive regular expression range
CWE-20Java/Kotlinjava/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-20Java/Kotlinjava/improper-validation-of-array-constructionImproper validation of user-provided size used for array construction
CWE-20Java/Kotlinjava/improper-validation-of-array-construction-code-specifiedImproper validation of code-specified size used for array construction
CWE-20Java/Kotlinjava/improper-validation-of-array-indexImproper validation of user-provided array index
CWE-20Java/Kotlinjava/improper-validation-of-array-index-code-specifiedImproper validation of code-specified array index
CWE-20Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-22Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-22Java/Kotlinjava/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-22Java/Kotlinjava/partial-path-traversalPartial path traversal vulnerability
CWE-22Java/Kotlinjava/partial-path-traversal-from-remotePartial path traversal vulnerability from remote
CWE-22Java/Kotlinjava/openstream-called-on-tainted-urlopenStream called on URLs created from remote source
CWE-23Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-23Java/Kotlinjava/partial-path-traversalPartial path traversal vulnerability
CWE-23Java/Kotlinjava/partial-path-traversal-from-remotePartial path traversal vulnerability from remote
CWE-36Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-36Java/Kotlinjava/openstream-called-on-tainted-urlopenStream called on URLs created from remote source
CWE-73Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-73Java/Kotlinjava/file-path-injectionFile Path Injection
CWE-74Java/Kotlinjava/jndi-injectionJNDI lookup with user-controlled name
CWE-74Java/Kotlinjava/xslt-injectionXSLT transformation with user-controlled stylesheet
CWE-74Java/Kotlinjava/relative-path-commandExecuting a command with a relative path
CWE-74Java/Kotlinjava/command-line-injectionUncontrolled command line
CWE-74Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-74Java/Kotlinjava/concatenated-command-lineBuilding a command line with string concatenation
CWE-74Java/Kotlinjava/android/webview-addjavascriptinterfaceAccess Java object methods through JavaScript exposure
CWE-74Java/Kotlinjava/android/websettings-javascript-enabledAndroid WebView JavaScript settings
CWE-74Java/Kotlinjava/xssCross-site scripting
CWE-74Java/Kotlinjava/concatenated-sql-queryQuery built by concatenation with a possibly-untrusted string
CWE-74Java/Kotlinjava/sql-injectionQuery built from user-controlled sources
CWE-74Java/Kotlinjava/ldap-injectionLDAP query built from user-controlled sources
CWE-74Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-74Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-74Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-74Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-74Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-74Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-74Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-74Java/Kotlinjava/netty-http-request-or-response-splittingDisabled Netty HTTP header validation
CWE-74Java/Kotlinjava/http-response-splittingHTTP response splitting
CWE-74Java/Kotlinjava/tainted-format-stringUse of externally-controlled format string
CWE-74Java/Kotlinjava/xml/xpath-injectionXPath injection
CWE-74Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-74Java/Kotlinjava/ognl-injectionOGNL Expression Language statement with user-controlled input
CWE-74Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-74Java/Kotlinjava/command-line-injection-extraCommand Injection into Runtime.exec() with dangerous command
CWE-74Java/Kotlinjava/command-line-injection-extra-localCommand Injection into Runtime.exec() with dangerous command
CWE-74Java/Kotlinjava/command-line-injection-experimentalUncontrolled command line (experimental sinks)
CWE-74Java/Kotlinjava/mybatis-annotation-sql-injectionSQL injection in MyBatis annotation
CWE-74Java/Kotlinjava/mybatis-xml-sql-injectionSQL injection in MyBatis Mapper XML
CWE-74Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-74Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-74Java/Kotlinjava/jshell-injectionJShell injection
CWE-74Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-74Java/Kotlinjava/jython-injectionInjection in Jython
CWE-74Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-74Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-74Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-74Java/Kotlinjava/xquery-injectionXQuery query built from user-controlled sources
CWE-77Java/Kotlinjava/relative-path-commandExecuting a command with a relative path
CWE-77Java/Kotlinjava/command-line-injectionUncontrolled command line
CWE-77Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-77Java/Kotlinjava/concatenated-command-lineBuilding a command line with string concatenation
CWE-77Java/Kotlinjava/ognl-injectionOGNL Expression Language statement with user-controlled input
CWE-77Java/Kotlinjava/command-line-injection-extraCommand Injection into Runtime.exec() with dangerous command
CWE-77Java/Kotlinjava/command-line-injection-extra-localCommand Injection into Runtime.exec() with dangerous command
CWE-77Java/Kotlinjava/command-line-injection-experimentalUncontrolled command line (experimental sinks)
CWE-78Java/Kotlinjava/relative-path-commandExecuting a command with a relative path
CWE-78Java/Kotlinjava/command-line-injectionUncontrolled command line
CWE-78Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-78Java/Kotlinjava/concatenated-command-lineBuilding a command line with string concatenation
CWE-78Java/Kotlinjava/command-line-injection-extraCommand Injection into Runtime.exec() with dangerous command
CWE-78Java/Kotlinjava/command-line-injection-extra-localCommand Injection into Runtime.exec() with dangerous command
CWE-78Java/Kotlinjava/command-line-injection-experimentalUncontrolled command line (experimental sinks)
CWE-79Java/Kotlinjava/android/webview-addjavascriptinterfaceAccess Java object methods through JavaScript exposure
CWE-79Java/Kotlinjava/android/websettings-javascript-enabledAndroid WebView JavaScript settings
CWE-79Java/Kotlinjava/xssCross-site scripting
CWE-79Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-88Java/Kotlinjava/relative-path-commandExecuting a command with a relative path
CWE-88Java/Kotlinjava/command-line-injectionUncontrolled command line
CWE-88Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-88Java/Kotlinjava/concatenated-command-lineBuilding a command line with string concatenation
CWE-88Java/Kotlinjava/command-line-injection-experimentalUncontrolled command line (experimental sinks)
CWE-89Java/Kotlinjava/concatenated-sql-queryQuery built by concatenation with a possibly-untrusted string
CWE-89Java/Kotlinjava/sql-injectionQuery built from user-controlled sources
CWE-89Java/Kotlinjava/mybatis-annotation-sql-injectionSQL injection in MyBatis annotation
CWE-89Java/Kotlinjava/mybatis-xml-sql-injectionSQL injection in MyBatis Mapper XML
CWE-90Java/Kotlinjava/ldap-injectionLDAP query built from user-controlled sources
CWE-91Java/Kotlinjava/xml/xpath-injectionXPath injection
CWE-91Java/Kotlinjava/xquery-injectionXQuery query built from user-controlled sources
CWE-93Java/Kotlinjava/netty-http-request-or-response-splittingDisabled Netty HTTP header validation
CWE-93Java/Kotlinjava/http-response-splittingHTTP response splitting
CWE-94Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-94Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-94Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-94Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-94Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-94Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-94Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-94Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-94Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-94Java/Kotlinjava/jshell-injectionJShell injection
CWE-94Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-94Java/Kotlinjava/jython-injectionInjection in Jython
CWE-94Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-94Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-94Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-95Java/Kotlinjava/jython-injectionInjection in Jython
CWE-113Java/Kotlinjava/netty-http-request-or-response-splittingDisabled Netty HTTP header validation
CWE-113Java/Kotlinjava/http-response-splittingHTTP response splitting
CWE-116Java/Kotlinjava/log-injectionLog Injection
CWE-117Java/Kotlinjava/log-injectionLog Injection
CWE-129Java/Kotlinjava/improper-validation-of-array-constructionImproper validation of user-provided size used for array construction
CWE-129Java/Kotlinjava/improper-validation-of-array-construction-code-specifiedImproper validation of code-specified size used for array construction
CWE-129Java/Kotlinjava/improper-validation-of-array-indexImproper validation of user-provided array index
CWE-129Java/Kotlinjava/improper-validation-of-array-index-code-specifiedImproper validation of code-specified array index
CWE-134Java/Kotlinjava/tainted-format-stringUse of externally-controlled format string
CWE-185Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-190Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-190Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-190Java/Kotlinjava/tainted-arithmeticUser-controlled data in arithmetic expression
CWE-190Java/Kotlinjava/uncontrolled-arithmeticUncontrolled data in arithmetic expression
CWE-190Java/Kotlinjava/extreme-value-arithmeticUse of extreme values in arithmetic expression
CWE-190Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-191Java/Kotlinjava/tainted-arithmeticUser-controlled data in arithmetic expression
CWE-191Java/Kotlinjava/uncontrolled-arithmeticUncontrolled data in arithmetic expression
CWE-191Java/Kotlinjava/extreme-value-arithmeticUse of extreme values in arithmetic expression
CWE-193Java/Kotlinjava/index-out-of-boundsArray index out of bounds
CWE-197Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-197Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-197Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-197Java/Kotlinjava/tainted-numeric-castUser-controlled data in numeric cast
CWE-200Java/Kotlinjava/android/sensitive-notificationExposure of sensitive information to notifications
CWE-200Java/Kotlinjava/android/sensitive-textExposure of sensitive information to UI text views
CWE-200Java/Kotlinjava/android/websettings-allow-content-accessAndroid WebView settings allows access to content links
CWE-200Java/Kotlinjava/android/websettings-file-accessAndroid WebSettings file access
CWE-200Java/Kotlinjava/spring-boot-exposed-actuatorsExposed Spring Boot actuators
CWE-200Java/Kotlinjava/spring-boot-exposed-actuators-configExposed Spring Boot actuators in configuration file
CWE-200Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-200Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-200Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-200Java/Kotlinjava/android/sensitive-keyboard-cacheAndroid sensitive keyboard cache
CWE-200Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-200Java/Kotlinjava/insecure-webview-resource-responseInsecure Android WebView Resource Response
CWE-200Java/Kotlinjava/sensitive-android-file-leakLeaking sensitive Android file
CWE-200Java/Kotlinjava/possible-timing-attack-against-signaturePossible timing attack against signature validation
CWE-200Java/Kotlinjava/timing-attack-against-headers-valueTiming attack against header value
CWE-200Java/Kotlinjava/timing-attack-against-signatureTiming attack against signature validation
CWE-200Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-200Java/Kotlinjava/sensitive-query-with-getSensitive GET Query
CWE-203Java/Kotlinjava/possible-timing-attack-against-signaturePossible timing attack against signature validation
CWE-203Java/Kotlinjava/timing-attack-against-headers-valueTiming attack against header value
CWE-203Java/Kotlinjava/timing-attack-against-signatureTiming attack against signature validation
CWE-208Java/Kotlinjava/possible-timing-attack-against-signaturePossible timing attack against signature validation
CWE-208Java/Kotlinjava/timing-attack-against-headers-valueTiming attack against header value
CWE-208Java/Kotlinjava/timing-attack-against-signatureTiming attack against signature validation
CWE-209Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-209Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-221Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-227Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-227Java/Kotlinjava/ejb/file-ioEJB uses file input/output
CWE-227Java/Kotlinjava/ejb/graphicsEJB uses graphics
CWE-227Java/Kotlinjava/ejb/native-codeEJB uses native code
CWE-227Java/Kotlinjava/ejb/reflectionEJB uses reflection
CWE-227Java/Kotlinjava/ejb/security-configuration-accessEJB accesses security configuration
CWE-227Java/Kotlinjava/ejb/substitution-in-serializationEJB uses substitution in serialization
CWE-227Java/Kotlinjava/ejb/socket-or-stream-handler-factoryEJB sets socket factory or URL stream handler factory
CWE-227Java/Kotlinjava/ejb/server-socketEJB uses server socket
CWE-227Java/Kotlinjava/ejb/non-final-static-fieldEJB uses non-final static field
CWE-227Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-227Java/Kotlinjava/ejb/thisEJB uses 'this' as argument or result
CWE-227Java/Kotlinjava/ejb/threadsEJB uses threads
CWE-227Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-227Java/Kotlinjava/inconsistent-equals-and-hashcodeInconsistent equals and hashCode
CWE-227Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-227Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-227Java/Kotlinjava/missing-format-argumentMissing format argument
CWE-227Java/Kotlinjava/unused-format-argumentUnused format argument
CWE-227Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-227Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-227Java/Kotlinjava/do-not-call-finalizeDo not callfinalize()
CWE-248Java/Kotlinjava/uncaught-number-format-exceptionMissing catch of NumberFormatException
CWE-248Java/Kotlinjava/uncaught-servlet-exceptionUncaught Servlet Exception
CWE-252Java/Kotlinjava/inconsistent-call-on-resultInconsistent operation on return value
CWE-252Java/Kotlinjava/return-value-ignoredMethod result ignored
CWE-256Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-256Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-260Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-260Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-266Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-269Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-269Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-271Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-273Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-284Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-284Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-284Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-284Java/Kotlinjava/android/insecure-local-key-genInsecurely generated keys for local authentication
CWE-284Java/Kotlinjava/android/insecure-local-authenticationInsecure local authentication
CWE-284Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-284Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-284Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-284Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-284Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-284Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-284Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-284Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-284Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-284Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-284Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-284Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-284Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-284Java/Kotlinjava/improper-intent-verificationImproper verification of intent by broadcast receiver
CWE-284Java/Kotlinjava/android/incomplete-provider-permissionsMissing read or write permission in a content provider
CWE-284Java/Kotlinjava/android/implicitly-exported-componentImplicitly exported Android component
CWE-284Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-284Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-284Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-284Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-284Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-284Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-284Java/Kotlinjava/unvalidated-cors-origin-setCORS is derived from untrusted input
CWE-284Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-284Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-284Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-284Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-285Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-285Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-285Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-285Java/Kotlinjava/android/incomplete-provider-permissionsMissing read or write permission in a content provider
CWE-285Java/Kotlinjava/android/implicitly-exported-componentImplicitly exported Android component
CWE-285Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-285Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-285Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-285Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-285Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-285Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-287Java/Kotlinjava/android/insecure-local-key-genInsecurely generated keys for local authentication
CWE-287Java/Kotlinjava/android/insecure-local-authenticationInsecure local authentication
CWE-287Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-287Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-287Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-287Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-287Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-287Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-287Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-287Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-287Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-287Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-290Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-290Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-295Java/Kotlinjava/android/missing-certificate-pinningAndroid missing certificate pinning
CWE-295Java/Kotlinjava/improper-webview-certificate-validationAndroidWebView that accepts all certificates
CWE-295Java/Kotlinjava/insecure-trustmanagerTrustManager that accepts all certificates
CWE-295Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-295Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-295Java/Kotlinjava/jxbrowser/disabled-certificate-validationJxBrowser with disabled certificate validation
CWE-295Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-295Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-295Java/Kotlinjava/disabled-certificate-revocation-checkingDisabled certificate revocation checking
CWE-297Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-297Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-297Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-297Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-299Java/Kotlinjava/disabled-certificate-revocation-checkingDisabled certificate revocation checking
CWE-300Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-311Java/Kotlinjava/android/backup-enabledApplication backup allowed
CWE-311Java/Kotlinjava/android/cleartext-storage-databaseCleartext storage of sensitive information using a local database on Android
CWE-311Java/Kotlinjava/android/cleartext-storage-filesystemCleartext storage of sensitive information in the Android filesystem
CWE-311Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-311Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-311Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-311Java/Kotlinjava/android/cleartext-storage-shared-prefsCleartext storage of sensitive information usingSharedPreferences on Android
CWE-311Java/Kotlinjava/non-https-urlFailure to use HTTPS URLs
CWE-311Java/Kotlinjava/non-ssl-connectionFailure to use SSL
CWE-311Java/Kotlinjava/non-ssl-socket-factoryFailure to use SSL socket factories
CWE-311Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-311Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-311Java/Kotlinjava/insecure-cookieFailure to use secure cookies
CWE-311Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-312Java/Kotlinjava/android/backup-enabledApplication backup allowed
CWE-312Java/Kotlinjava/android/cleartext-storage-databaseCleartext storage of sensitive information using a local database on Android
CWE-312Java/Kotlinjava/android/cleartext-storage-filesystemCleartext storage of sensitive information in the Android filesystem
CWE-312Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-312Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-312Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-312Java/Kotlinjava/android/cleartext-storage-shared-prefsCleartext storage of sensitive information usingSharedPreferences on Android
CWE-313Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-315Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-319Java/Kotlinjava/non-https-urlFailure to use HTTPS URLs
CWE-319Java/Kotlinjava/non-ssl-connectionFailure to use SSL
CWE-319Java/Kotlinjava/non-ssl-socket-factoryFailure to use SSL socket factories
CWE-319Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-319Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-319Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-326Java/Kotlinjava/insufficient-key-sizeUse of a cryptographic algorithm with insufficient key size
CWE-326Java/Kotlinjava/weak-cryptographic-algorithmUse of a broken or risky cryptographic algorithm
CWE-326Java/Kotlinjava/potentially-weak-cryptographic-algorithmUse of a potentially broken or risky cryptographic algorithm
CWE-326Java/Kotlinjava/weak-cryptographic-algorithm-new-modelUse of a broken or risky cryptographic algorithm
CWE-327Java/Kotlinjava/weak-cryptographic-algorithmUse of a broken or risky cryptographic algorithm
CWE-327Java/Kotlinjava/potentially-weak-cryptographic-algorithmUse of a potentially broken or risky cryptographic algorithm
CWE-327Java/Kotlinjava/rsa-without-oaepUse of RSA algorithm without OAEP
CWE-327Java/Kotlinjava/azure-storage/unsafe-client-side-encryption-in-useUnsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
CWE-327Java/Kotlinjava/unsafe-tls-versionUnsafe TLS version
CWE-327Java/Kotlinjava/hash-without-saltUse of a hash function without a salt
CWE-327Java/Kotlinjava/weak-cryptographic-algorithm-new-modelUse of a broken or risky cryptographic algorithm
CWE-328Java/Kotlinjava/weak-cryptographic-algorithmUse of a broken or risky cryptographic algorithm
CWE-328Java/Kotlinjava/potentially-weak-cryptographic-algorithmUse of a potentially broken or risky cryptographic algorithm
CWE-328Java/Kotlinjava/weak-cryptographic-algorithm-new-modelUse of a broken or risky cryptographic algorithm
CWE-329Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-330Java/Kotlinjava/random-used-onceRandom used only once
CWE-330Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-330Java/Kotlinjava/insecure-randomnessInsecure randomness
CWE-330Java/Kotlinjava/predictable-seedUse of a predictable seed in a secure random number generator
CWE-330Java/Kotlinjava/jhipster-prngDetect JHipster Generator Vulnerability CVE-2019-16303
CWE-330Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-330Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-330Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-330Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-335Java/Kotlinjava/random-used-onceRandom used only once
CWE-335Java/Kotlinjava/predictable-seedUse of a predictable seed in a secure random number generator
CWE-337Java/Kotlinjava/predictable-seedUse of a predictable seed in a secure random number generator
CWE-338Java/Kotlinjava/insecure-randomnessInsecure randomness
CWE-338Java/Kotlinjava/jhipster-prngDetect JHipster Generator Vulnerability CVE-2019-16303
CWE-344Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-344Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-344Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-344Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-345Java/Kotlinjava/non-https-urlFailure to use HTTPS URLs
CWE-345Java/Kotlinjava/missing-jwt-signature-checkMissing JWT signature check
CWE-345Java/Kotlinjava/csrf-unprotected-request-typeHTTP request type unprotected from CSRF
CWE-345Java/Kotlinjava/spring-disabled-csrf-protectionDisabled Spring CSRF protection
CWE-345Java/Kotlinjava/unvalidated-cors-origin-setCORS is derived from untrusted input
CWE-345Java/Kotlinjava/missing-jwt-signature-check-auth0Missing JWT signature check
CWE-345Java/Kotlinjava/ip-address-spoofingIP address spoofing
CWE-345Java/Kotlinjava/jsonp-injectionJSONP Injection
CWE-346Java/Kotlinjava/unvalidated-cors-origin-setCORS is derived from untrusted input
CWE-347Java/Kotlinjava/missing-jwt-signature-checkMissing JWT signature check
CWE-347Java/Kotlinjava/missing-jwt-signature-check-auth0Missing JWT signature check
CWE-348Java/Kotlinjava/ip-address-spoofingIP address spoofing
CWE-352Java/Kotlinjava/csrf-unprotected-request-typeHTTP request type unprotected from CSRF
CWE-352Java/Kotlinjava/spring-disabled-csrf-protectionDisabled Spring CSRF protection
CWE-352Java/Kotlinjava/jsonp-injectionJSONP Injection
CWE-362Java/Kotlinjava/toctou-race-conditionTime-of-check time-of-use race condition
CWE-362Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-367Java/Kotlinjava/toctou-race-conditionTime-of-check time-of-use race condition
CWE-382Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-382Java/Kotlinjava/jvm-exitForcible JVM termination
CWE-383Java/Kotlinjava/ejb/threadsEJB uses threads
CWE-391Java/Kotlinjava/discarded-exceptionDiscarded exception
CWE-391Java/Kotlinjava/ignored-error-status-of-callIgnored error status of call
CWE-396Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-398Java/Kotlinjava/deprecated-callDeprecated method or constructor invocation
CWE-398Java/Kotlinjava/dead-classDead class
CWE-398Java/Kotlinjava/dead-enum-constantDead enum constant
CWE-398Java/Kotlinjava/dead-fieldDead field
CWE-398Java/Kotlinjava/dead-functionDead method
CWE-398Java/Kotlinjava/lines-of-dead-codeLines of dead code in files
CWE-398Java/Kotlinjava/unused-parameterUseless parameter
CWE-398Java/Kotlinjava/useless-null-checkUseless null check
CWE-398Java/Kotlinjava/useless-type-testUseless type test
CWE-398Java/Kotlinjava/useless-upcastUseless upcast
CWE-398Java/Kotlinjava/empty-containerContainer contents are never initialized
CWE-398Java/Kotlinjava/unused-containerContainer contents are never accessed
CWE-398Java/Kotlinjava/equals-on-unrelated-typesEquals on incomparable types
CWE-398Java/Kotlinjava/constant-comparisonUseless comparison test
CWE-398Java/Kotlinjava/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-398Java/Kotlinjava/dereferenced-expr-may-be-nullDereferenced expression may be null
CWE-398Java/Kotlinjava/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-398Java/Kotlinjava/empty-synchronized-blockEmpty synchronized block
CWE-398Java/Kotlinjava/unreachable-catch-clauseUnreachable catch clause
CWE-398Java/Kotlinjava/potentially-dangerous-functionUse of a potentially dangerous function
CWE-398Java/Kotlinjava/todo-commentTODO/FIXME comments
CWE-398Java/Kotlinjava/unused-reference-typeUnused classes and interfaces
CWE-398Java/Kotlinjava/overwritten-assignment-to-localAssigned value is overwritten
CWE-398Java/Kotlinjava/useless-assignment-to-localUseless assignment to local variable
CWE-398Java/Kotlinjava/unused-initialized-localLocal variable is initialized but not used
CWE-398Java/Kotlinjava/local-variable-is-never-readUnread local variable
CWE-398Java/Kotlinjava/unused-fieldUnused field
CWE-398Java/Kotlinjava/unused-labelUnused label
CWE-398Java/Kotlinjava/unused-local-variableUnused local variable
CWE-398Java/Kotlinjava/switch-fall-throughUnterminated switch case
CWE-398Java/Kotlinjava/redundant-castUnnecessary cast
CWE-398Java/Kotlinjava/unused-importUnnecessary import
CWE-400Java/Kotlinjava/input-resource-leakPotential input resource leak
CWE-400Java/Kotlinjava/database-resource-leakPotential database resource leak
CWE-400Java/Kotlinjava/output-resource-leakPotential output resource leak
CWE-400Java/Kotlinjava/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-400Java/Kotlinjava/redosInefficient regular expression
CWE-400Java/Kotlinjava/regex-injectionRegular expression injection
CWE-400Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-400Java/Kotlinjava/local-thread-resource-abuseUncontrolled thread resource consumption from local input source
CWE-400Java/Kotlinjava/thread-resource-abuseUncontrolled thread resource consumption
CWE-404Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-404Java/Kotlinjava/input-resource-leakPotential input resource leak
CWE-404Java/Kotlinjava/database-resource-leakPotential database resource leak
CWE-404Java/Kotlinjava/output-resource-leakPotential output resource leak
CWE-404Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-404Java/Kotlinjava/disabled-certificate-revocation-checkingDisabled certificate revocation checking
CWE-405Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-405Java/Kotlinjava/uncontrolled-file-decompressionUncontrolled file decompression
CWE-409Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-409Java/Kotlinjava/uncontrolled-file-decompressionUncontrolled file decompression
CWE-413Java/Kotlinjava/unsynchronized-getterInconsistent synchronization of getter and setter
CWE-420Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-421Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-441Java/Kotlinjava/android/unsafe-content-uri-resolutionUncontrolled data used in content resolution
CWE-441Java/Kotlinjava/ssrfServer-side request forgery
CWE-454Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-457Java/Kotlinjava/unassigned-fieldField is never assigned a non-null value
CWE-459Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-459Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-470Java/Kotlinjava/android/fragment-injectionAndroid fragment injection
CWE-470Java/Kotlinjava/android/fragment-injection-preference-activityAndroid fragment injection in PreferenceActivity
CWE-470Java/Kotlinjava/android/unsafe-reflectionLoad 3rd party classes or code ('unsafe reflection') without signature check
CWE-470Java/Kotlinjava/unsafe-reflectionUse of externally-controlled input to select classes or code ('unsafe reflection')
CWE-476Java/Kotlinjava/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-476Java/Kotlinjava/dereferenced-expr-may-be-nullDereferenced expression may be null
CWE-476Java/Kotlinjava/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-477Java/Kotlinjava/deprecated-callDeprecated method or constructor invocation
CWE-478Java/Kotlinjava/missing-default-in-switchMissing default case in switch
CWE-478Java/Kotlinjava/missing-case-in-switchMissing enum case in switch
CWE-480Java/Kotlinjava/assignment-in-boolean-expressionAssignment in Boolean expression
CWE-480Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-481Java/Kotlinjava/assignment-in-boolean-expressionAssignment in Boolean expression
CWE-484Java/Kotlinjava/switch-fall-throughUnterminated switch case
CWE-485Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-485Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-485Java/Kotlinjava/android/debuggable-attribute-enabledAndroid debuggable attribute enabled
CWE-485Java/Kotlinjava/android/webview-debugging-enabledAndroid Webview debugging enabled
CWE-485Java/Kotlinjava/trust-boundary-violationTrust boundary violation
CWE-485Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-485Java/Kotlinjava/abstract-to-concrete-castCast from abstract to concrete collection
CWE-485Java/Kotlinjava/internal-representation-exposureExposing internal representation
CWE-485Java/Kotlinjava/main-method-in-enterprise-beanMain Method in Enterprise Java Bean
CWE-485Java/Kotlinjava/main-method-in-web-componentsMain Method in Java EE Web Components
CWE-485Java/Kotlinjava/struts-development-modeApache Struts development mode enabled
CWE-489Java/Kotlinjava/android/debuggable-attribute-enabledAndroid debuggable attribute enabled
CWE-489Java/Kotlinjava/android/webview-debugging-enabledAndroid Webview debugging enabled
CWE-489Java/Kotlinjava/main-method-in-enterprise-beanMain Method in Enterprise Java Bean
CWE-489Java/Kotlinjava/main-method-in-web-componentsMain Method in Java EE Web Components
CWE-489Java/Kotlinjava/struts-development-modeApache Struts development mode enabled
CWE-494Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-497Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-499Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-501Java/Kotlinjava/trust-boundary-violationTrust boundary violation
CWE-502Java/Kotlinjava/unsafe-deserializationDeserialization of user-controlled data
CWE-502Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-502Java/Kotlinjava/unsafe-deserialization-rmiUnsafe deserialization in a remotely callable method.
CWE-502Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-configuration-classUnsafe deserialization with Spring's remote service exporters.
CWE-502Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-xml-configurationUnsafe deserialization with Spring's remote service exporters.
CWE-522Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-522Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-522Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-522Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-524Java/Kotlinjava/android/sensitive-keyboard-cacheAndroid sensitive keyboard cache
CWE-532Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-538Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-538Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-543Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-546Java/Kotlinjava/todo-commentTODO/FIXME comments
CWE-548Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-552Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-552Java/Kotlinjava/unvalidated-url-forwardURL forward from a remote source
CWE-552Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-555Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-555Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-561Java/Kotlinjava/dead-classDead class
CWE-561Java/Kotlinjava/dead-enum-constantDead enum constant
CWE-561Java/Kotlinjava/dead-fieldDead field
CWE-561Java/Kotlinjava/dead-functionDead method
CWE-561Java/Kotlinjava/lines-of-dead-codeLines of dead code in files
CWE-561Java/Kotlinjava/unused-parameterUseless parameter
CWE-561Java/Kotlinjava/useless-null-checkUseless null check
CWE-561Java/Kotlinjava/useless-type-testUseless type test
CWE-561Java/Kotlinjava/useless-upcastUseless upcast
CWE-561Java/Kotlinjava/empty-containerContainer contents are never initialized
CWE-561Java/Kotlinjava/unused-containerContainer contents are never accessed
CWE-561Java/Kotlinjava/equals-on-unrelated-typesEquals on incomparable types
CWE-561Java/Kotlinjava/constant-comparisonUseless comparison test
CWE-561Java/Kotlinjava/unreachable-catch-clauseUnreachable catch clause
CWE-561Java/Kotlinjava/unused-reference-typeUnused classes and interfaces
CWE-561Java/Kotlinjava/useless-assignment-to-localUseless assignment to local variable
CWE-561Java/Kotlinjava/local-variable-is-never-readUnread local variable
CWE-561Java/Kotlinjava/unused-fieldUnused field
CWE-561Java/Kotlinjava/unused-labelUnused label
CWE-561Java/Kotlinjava/redundant-castUnnecessary cast
CWE-561Java/Kotlinjava/unused-importUnnecessary import
CWE-563Java/Kotlinjava/overwritten-assignment-to-localAssigned value is overwritten
CWE-563Java/Kotlinjava/unused-initialized-localLocal variable is initialized but not used
CWE-563Java/Kotlinjava/unused-local-variableUnused local variable
CWE-564Java/Kotlinjava/concatenated-sql-queryQuery built by concatenation with a possibly-untrusted string
CWE-564Java/Kotlinjava/sql-injectionQuery built from user-controlled sources
CWE-568Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-568Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-570Java/Kotlinjava/constant-comparisonUseless comparison test
CWE-571Java/Kotlinjava/equals-on-unrelated-typesEquals on incomparable types
CWE-571Java/Kotlinjava/constant-comparisonUseless comparison test
CWE-572Java/Kotlinjava/call-to-thread-runDirect call to a run() method
CWE-573Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-573Java/Kotlinjava/ejb/file-ioEJB uses file input/output
CWE-573Java/Kotlinjava/ejb/graphicsEJB uses graphics
CWE-573Java/Kotlinjava/ejb/native-codeEJB uses native code
CWE-573Java/Kotlinjava/ejb/reflectionEJB uses reflection
CWE-573Java/Kotlinjava/ejb/security-configuration-accessEJB accesses security configuration
CWE-573Java/Kotlinjava/ejb/substitution-in-serializationEJB uses substitution in serialization
CWE-573Java/Kotlinjava/ejb/socket-or-stream-handler-factoryEJB sets socket factory or URL stream handler factory
CWE-573Java/Kotlinjava/ejb/server-socketEJB uses server socket
CWE-573Java/Kotlinjava/ejb/non-final-static-fieldEJB uses non-final static field
CWE-573Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-573Java/Kotlinjava/ejb/thisEJB uses 'this' as argument or result
CWE-573Java/Kotlinjava/ejb/threadsEJB uses threads
CWE-573Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-573Java/Kotlinjava/inconsistent-equals-and-hashcodeInconsistent equals and hashCode
CWE-573Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-573Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-573Java/Kotlinjava/missing-format-argumentMissing format argument
CWE-573Java/Kotlinjava/unused-format-argumentUnused format argument
CWE-573Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-573Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-574Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-575Java/Kotlinjava/ejb/graphicsEJB uses graphics
CWE-576Java/Kotlinjava/ejb/file-ioEJB uses file input/output
CWE-577Java/Kotlinjava/ejb/socket-or-stream-handler-factoryEJB sets socket factory or URL stream handler factory
CWE-577Java/Kotlinjava/ejb/server-socketEJB uses server socket
CWE-578Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-580Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-581Java/Kotlinjava/inconsistent-equals-and-hashcodeInconsistent equals and hashCode
CWE-582Java/Kotlinjava/static-arrayArray constant vulnerable to change
CWE-584Java/Kotlinjava/abnormal-finally-completionFinally block may not complete normally
CWE-585Java/Kotlinjava/empty-synchronized-blockEmpty synchronized block
CWE-586Java/Kotlinjava/do-not-call-finalizeDo not callfinalize()
CWE-592Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-592Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-595Java/Kotlinjava/reference-equality-with-objectReference equality test on java.lang.Object
CWE-595Java/Kotlinjava/reference-equality-of-boxed-typesReference equality test of boxed types
CWE-595Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-597Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-598Java/Kotlinjava/sensitive-query-with-getSensitive GET Query
CWE-600Java/Kotlinjava/uncaught-servlet-exceptionUncaught Servlet Exception
CWE-601Java/Kotlinjava/unvalidated-url-redirectionURL redirection from remote source
CWE-601Java/Kotlinjava/spring-unvalidated-url-redirectionSpring url redirection from remote source
CWE-609Java/Kotlinjava/unsafe-double-checked-lockingDouble-checked locking is not thread-safe
CWE-609Java/Kotlinjava/unsafe-double-checked-locking-init-orderRace condition in double-checked locking object initialization
CWE-609Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-610Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-610Java/Kotlinjava/android/unsafe-content-uri-resolutionUncontrolled data used in content resolution
CWE-610Java/Kotlinjava/android/fragment-injectionAndroid fragment injection
CWE-610Java/Kotlinjava/android/fragment-injection-preference-activityAndroid fragment injection in PreferenceActivity
CWE-610Java/Kotlinjava/unvalidated-url-redirectionURL redirection from remote source
CWE-610Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-610Java/Kotlinjava/ssrfServer-side request forgery
CWE-610Java/Kotlinjava/file-path-injectionFile Path Injection
CWE-610Java/Kotlinjava/android/unsafe-reflectionLoad 3rd party classes or code ('unsafe reflection') without signature check
CWE-610Java/Kotlinjava/unsafe-reflectionUse of externally-controlled input to select classes or code ('unsafe reflection')
CWE-610Java/Kotlinjava/spring-unvalidated-url-redirectionSpring url redirection from remote source
CWE-611Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-614Java/Kotlinjava/insecure-cookieFailure to use secure cookies
CWE-625Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-628Java/Kotlinjava/missing-format-argumentMissing format argument
CWE-628Java/Kotlinjava/unused-format-argumentUnused format argument
CWE-642Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-642Java/Kotlinjava/file-path-injectionFile Path Injection
CWE-643Java/Kotlinjava/xml/xpath-injectionXPath injection
CWE-652Java/Kotlinjava/xquery-injectionXQuery query built from user-controlled sources
CWE-657Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-657Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-657Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-657Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-662Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-662Java/Kotlinjava/wait-on-condition-interfaceWait on condition
CWE-662Java/Kotlinjava/call-to-thread-runDirect call to a run() method
CWE-662Java/Kotlinjava/unsafe-double-checked-lockingDouble-checked locking is not thread-safe
CWE-662Java/Kotlinjava/unsafe-double-checked-locking-init-orderRace condition in double-checked locking object initialization
CWE-662Java/Kotlinjava/unsafe-sync-on-fieldFutile synchronization on field
CWE-662Java/Kotlinjava/inconsistent-field-synchronizationInconsistent synchronization for field
CWE-662Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-662Java/Kotlinjava/non-sync-overrideNon-synchronized override of synchronized method
CWE-662Java/Kotlinjava/notify-instead-of-notify-allnotify instead of notifyAll
CWE-662Java/Kotlinjava/sleep-with-lock-heldSleep with lock held
CWE-662Java/Kotlinjava/sync-on-boxed-typesSynchronization on boxed types or strings
CWE-662Java/Kotlinjava/unsynchronized-getterInconsistent synchronization of getter and setter
CWE-662Java/Kotlinjava/inconsistent-sync-writeobjectInconsistent synchronization for writeObject()
CWE-662Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-662Java/Kotlinjava/wait-with-two-locksWait with two locks held
CWE-662Java/Kotlinjava/lock-order-inconsistencyLock order inconsistency
CWE-664Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-664Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-664Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-664Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-664Java/Kotlinjava/wait-on-condition-interfaceWait on condition
CWE-664Java/Kotlinjava/call-to-thread-runDirect call to a run() method
CWE-664Java/Kotlinjava/unsafe-double-checked-lockingDouble-checked locking is not thread-safe
CWE-664Java/Kotlinjava/unsafe-double-checked-locking-init-orderRace condition in double-checked locking object initialization
CWE-664Java/Kotlinjava/unsafe-sync-on-fieldFutile synchronization on field
CWE-664Java/Kotlinjava/inconsistent-field-synchronizationInconsistent synchronization for field
CWE-664Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-664Java/Kotlinjava/non-sync-overrideNon-synchronized override of synchronized method
CWE-664Java/Kotlinjava/notify-instead-of-notify-allnotify instead of notifyAll
CWE-664Java/Kotlinjava/sleep-with-lock-heldSleep with lock held
CWE-664Java/Kotlinjava/sync-on-boxed-typesSynchronization on boxed types or strings
CWE-664Java/Kotlinjava/unsynchronized-getterInconsistent synchronization of getter and setter
CWE-664Java/Kotlinjava/inconsistent-sync-writeobjectInconsistent synchronization for writeObject()
CWE-664Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-664Java/Kotlinjava/wait-with-two-locksWait with two locks held
CWE-664Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-664Java/Kotlinjava/input-resource-leakPotential input resource leak
CWE-664Java/Kotlinjava/database-resource-leakPotential database resource leak
CWE-664Java/Kotlinjava/output-resource-leakPotential output resource leak
CWE-664Java/Kotlinjava/impossible-array-castImpossible array cast
CWE-664Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-664Java/Kotlinjava/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-664Java/Kotlinjava/partial-path-traversalPartial path traversal vulnerability
CWE-664Java/Kotlinjava/partial-path-traversal-from-remotePartial path traversal vulnerability from remote
CWE-664Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-664Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-664Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-664Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-664Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-664Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-664Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-664Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-664Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-664Java/Kotlinjava/android/sensitive-notificationExposure of sensitive information to notifications
CWE-664Java/Kotlinjava/android/sensitive-textExposure of sensitive information to UI text views
CWE-664Java/Kotlinjava/android/websettings-allow-content-accessAndroid WebView settings allows access to content links
CWE-664Java/Kotlinjava/android/websettings-file-accessAndroid WebSettings file access
CWE-664Java/Kotlinjava/spring-boot-exposed-actuatorsExposed Spring Boot actuators
CWE-664Java/Kotlinjava/spring-boot-exposed-actuators-configExposed Spring Boot actuators in configuration file
CWE-664Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-664Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-664Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-664Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-664Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-664Java/Kotlinjava/android/insecure-local-key-genInsecurely generated keys for local authentication
CWE-664Java/Kotlinjava/android/insecure-local-authenticationInsecure local authentication
CWE-664Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-664Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-664Java/Kotlinjava/android/backup-enabledApplication backup allowed
CWE-664Java/Kotlinjava/android/cleartext-storage-databaseCleartext storage of sensitive information using a local database on Android
CWE-664Java/Kotlinjava/android/cleartext-storage-filesystemCleartext storage of sensitive information in the Android filesystem
CWE-664Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-664Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-664Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-664Java/Kotlinjava/android/cleartext-storage-shared-prefsCleartext storage of sensitive information usingSharedPreferences on Android
CWE-664Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-664Java/Kotlinjava/android/unsafe-content-uri-resolutionUncontrolled data used in content resolution
CWE-664Java/Kotlinjava/android/fragment-injectionAndroid fragment injection
CWE-664Java/Kotlinjava/android/fragment-injection-preference-activityAndroid fragment injection in PreferenceActivity
CWE-664Java/Kotlinjava/android/debuggable-attribute-enabledAndroid debuggable attribute enabled
CWE-664Java/Kotlinjava/android/webview-debugging-enabledAndroid Webview debugging enabled
CWE-664Java/Kotlinjava/trust-boundary-violationTrust boundary violation
CWE-664Java/Kotlinjava/unsafe-deserializationDeserialization of user-controlled data
CWE-664Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-664Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-664Java/Kotlinjava/android/sensitive-keyboard-cacheAndroid sensitive keyboard cache
CWE-664Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-664Java/Kotlinjava/unvalidated-url-forwardURL forward from a remote source
CWE-664Java/Kotlinjava/unvalidated-url-redirectionURL redirection from remote source
CWE-664Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-664Java/Kotlinjava/tainted-numeric-castUser-controlled data in numeric cast
CWE-664Java/Kotlinjava/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-664Java/Kotlinjava/redosInefficient regular expression
CWE-664Java/Kotlinjava/regex-injectionRegular expression injection
CWE-664Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-664Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-664Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-664Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-664Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-664Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-664Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-664Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-664Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-664Java/Kotlinjava/lock-order-inconsistencyLock order inconsistency
CWE-664Java/Kotlinjava/ssrfServer-side request forgery
CWE-664Java/Kotlinjava/improper-intent-verificationImproper verification of intent by broadcast receiver
CWE-664Java/Kotlinjava/android/incomplete-provider-permissionsMissing read or write permission in a content provider
CWE-664Java/Kotlinjava/android/implicitly-exported-componentImplicitly exported Android component
CWE-664Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-664Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-664Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-664Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-664Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-664Java/Kotlinjava/unassigned-fieldField is never assigned a non-null value
CWE-664Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-664Java/Kotlinjava/abstract-to-concrete-castCast from abstract to concrete collection
CWE-664Java/Kotlinjava/internal-representation-exposureExposing internal representation
CWE-664Java/Kotlinjava/static-arrayArray constant vulnerable to change
CWE-664Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-664Java/Kotlinjava/openstream-called-on-tainted-urlopenStream called on URLs created from remote source
CWE-664Java/Kotlinjava/file-path-injectionFile Path Injection
CWE-664Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-664Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-664Java/Kotlinjava/jshell-injectionJShell injection
CWE-664Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-664Java/Kotlinjava/jython-injectionInjection in Jython
CWE-664Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-664Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-664Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-664Java/Kotlinjava/insecure-webview-resource-responseInsecure Android WebView Resource Response
CWE-664Java/Kotlinjava/sensitive-android-file-leakLeaking sensitive Android file
CWE-664Java/Kotlinjava/possible-timing-attack-against-signaturePossible timing attack against signature validation
CWE-664Java/Kotlinjava/timing-attack-against-headers-valueTiming attack against header value
CWE-664Java/Kotlinjava/timing-attack-against-signatureTiming attack against signature validation
CWE-664Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-664Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-664Java/Kotlinjava/disabled-certificate-revocation-checkingDisabled certificate revocation checking
CWE-664Java/Kotlinjava/unvalidated-cors-origin-setCORS is derived from untrusted input
CWE-664Java/Kotlinjava/local-thread-resource-abuseUncontrolled thread resource consumption from local input source
CWE-664Java/Kotlinjava/thread-resource-abuseUncontrolled thread resource consumption
CWE-664Java/Kotlinjava/android/unsafe-reflectionLoad 3rd party classes or code ('unsafe reflection') without signature check
CWE-664Java/Kotlinjava/unsafe-reflectionUse of externally-controlled input to select classes or code ('unsafe reflection')
CWE-664Java/Kotlinjava/main-method-in-enterprise-beanMain Method in Enterprise Java Bean
CWE-664Java/Kotlinjava/main-method-in-web-componentsMain Method in Java EE Web Components
CWE-664Java/Kotlinjava/struts-development-modeApache Struts development mode enabled
CWE-664Java/Kotlinjava/unsafe-deserialization-rmiUnsafe deserialization in a remotely callable method.
CWE-664Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-configuration-classUnsafe deserialization with Spring's remote service exporters.
CWE-664Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-xml-configurationUnsafe deserialization with Spring's remote service exporters.
CWE-664Java/Kotlinjava/uncontrolled-file-decompressionUncontrolled file decompression
CWE-664Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-664Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-664Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-664Java/Kotlinjava/sensitive-query-with-getSensitive GET Query
CWE-664Java/Kotlinjava/spring-unvalidated-url-redirectionSpring url redirection from remote source
CWE-664Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-664Java/Kotlinjava/insecure-rmi-jmx-server-initializationInsecureRmiJmxAuthenticationEnvironment
CWE-664Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-665Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-665Java/Kotlinjava/unassigned-fieldField is never assigned a non-null value
CWE-665Java/Kotlinjava/insecure-rmi-jmx-server-initializationInsecureRmiJmxAuthenticationEnvironment
CWE-667Java/Kotlinjava/unsafe-double-checked-lockingDouble-checked locking is not thread-safe
CWE-667Java/Kotlinjava/unsafe-double-checked-locking-init-orderRace condition in double-checked locking object initialization
CWE-667Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-667Java/Kotlinjava/sleep-with-lock-heldSleep with lock held
CWE-667Java/Kotlinjava/unsynchronized-getterInconsistent synchronization of getter and setter
CWE-667Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-667Java/Kotlinjava/wait-with-two-locksWait with two locks held
CWE-667Java/Kotlinjava/lock-order-inconsistencyLock order inconsistency
CWE-668Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-668Java/Kotlinjava/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-668Java/Kotlinjava/partial-path-traversalPartial path traversal vulnerability
CWE-668Java/Kotlinjava/partial-path-traversal-from-remotePartial path traversal vulnerability from remote
CWE-668Java/Kotlinjava/android/sensitive-notificationExposure of sensitive information to notifications
CWE-668Java/Kotlinjava/android/sensitive-textExposure of sensitive information to UI text views
CWE-668Java/Kotlinjava/android/websettings-allow-content-accessAndroid WebView settings allows access to content links
CWE-668Java/Kotlinjava/android/websettings-file-accessAndroid WebSettings file access
CWE-668Java/Kotlinjava/spring-boot-exposed-actuatorsExposed Spring Boot actuators
CWE-668Java/Kotlinjava/spring-boot-exposed-actuators-configExposed Spring Boot actuators in configuration file
CWE-668Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-668Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-668Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-668Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-668Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-668Java/Kotlinjava/android/sensitive-keyboard-cacheAndroid sensitive keyboard cache
CWE-668Java/Kotlinjava/sensitive-logInsertion of sensitive information into log files
CWE-668Java/Kotlinjava/unvalidated-url-forwardURL forward from a remote source
CWE-668Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-668Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-668Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-668Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-668Java/Kotlinjava/static-arrayArray constant vulnerable to change
CWE-668Java/Kotlinjava/openstream-called-on-tainted-urlopenStream called on URLs created from remote source
CWE-668Java/Kotlinjava/file-path-injectionFile Path Injection
CWE-668Java/Kotlinjava/insecure-webview-resource-responseInsecure Android WebView Resource Response
CWE-668Java/Kotlinjava/sensitive-android-file-leakLeaking sensitive Android file
CWE-668Java/Kotlinjava/possible-timing-attack-against-signaturePossible timing attack against signature validation
CWE-668Java/Kotlinjava/timing-attack-against-headers-valueTiming attack against header value
CWE-668Java/Kotlinjava/timing-attack-against-signatureTiming attack against signature validation
CWE-668Java/Kotlinjava/server-directory-listingDirectories and files exposure
CWE-668Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-668Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-668Java/Kotlinjava/sensitive-query-with-getSensitive GET Query
CWE-669Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-669Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-670Java/Kotlinjava/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-670Java/Kotlinjava/assignment-in-boolean-expressionAssignment in Boolean expression
CWE-670Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-670Java/Kotlinjava/switch-fall-throughUnterminated switch case
CWE-671Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-671Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-671Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-671Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-674Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-675Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-676Java/Kotlinjava/potentially-dangerous-functionUse of a potentially dangerous function
CWE-681Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-681Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-681Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-681Java/Kotlinjava/tainted-numeric-castUser-controlled data in numeric cast
CWE-682Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-682Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-682Java/Kotlinjava/index-out-of-boundsArray index out of bounds
CWE-682Java/Kotlinjava/tainted-arithmeticUser-controlled data in arithmetic expression
CWE-682Java/Kotlinjava/uncontrolled-arithmeticUncontrolled data in arithmetic expression
CWE-682Java/Kotlinjava/extreme-value-arithmeticUse of extreme values in arithmetic expression
CWE-682Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-685Java/Kotlinjava/missing-format-argumentMissing format argument
CWE-685Java/Kotlinjava/unused-format-argumentUnused format argument
CWE-691Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-691Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-691Java/Kotlinjava/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-691Java/Kotlinjava/assignment-in-boolean-expressionAssignment in Boolean expression
CWE-691Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-691Java/Kotlinjava/wait-on-condition-interfaceWait on condition
CWE-691Java/Kotlinjava/call-to-thread-runDirect call to a run() method
CWE-691Java/Kotlinjava/unsafe-double-checked-lockingDouble-checked locking is not thread-safe
CWE-691Java/Kotlinjava/unsafe-double-checked-locking-init-orderRace condition in double-checked locking object initialization
CWE-691Java/Kotlinjava/unsafe-sync-on-fieldFutile synchronization on field
CWE-691Java/Kotlinjava/inconsistent-field-synchronizationInconsistent synchronization for field
CWE-691Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-691Java/Kotlinjava/non-sync-overrideNon-synchronized override of synchronized method
CWE-691Java/Kotlinjava/notify-instead-of-notify-allnotify instead of notifyAll
CWE-691Java/Kotlinjava/sleep-with-lock-heldSleep with lock held
CWE-691Java/Kotlinjava/sync-on-boxed-typesSynchronization on boxed types or strings
CWE-691Java/Kotlinjava/unsynchronized-getterInconsistent synchronization of getter and setter
CWE-691Java/Kotlinjava/inconsistent-sync-writeobjectInconsistent synchronization for writeObject()
CWE-691Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-691Java/Kotlinjava/wait-with-two-locksWait with two locks held
CWE-691Java/Kotlinjava/non-short-circuit-evaluationDangerous non-short-circuit logic
CWE-691Java/Kotlinjava/constant-loop-conditionConstant loop condition
CWE-691Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-691Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-691Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-691Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-691Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-691Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-691Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-691Java/Kotlinjava/toctou-race-conditionTime-of-check time-of-use race condition
CWE-691Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-691Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-691Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-691Java/Kotlinjava/lock-order-inconsistencyLock order inconsistency
CWE-691Java/Kotlinjava/unreachable-exit-in-loopLoop with unreachable exit condition
CWE-691Java/Kotlinjava/switch-fall-throughUnterminated switch case
CWE-691Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-691Java/Kotlinjava/uncaught-number-format-exceptionMissing catch of NumberFormatException
CWE-691Java/Kotlinjava/jvm-exitForcible JVM termination
CWE-691Java/Kotlinjava/abnormal-finally-completionFinally block may not complete normally
CWE-691Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-691Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-691Java/Kotlinjava/jshell-injectionJShell injection
CWE-691Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-691Java/Kotlinjava/jython-injectionInjection in Jython
CWE-691Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-691Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-691Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-691Java/Kotlinjava/uncaught-servlet-exceptionUncaught Servlet Exception
CWE-693Java/Kotlinjava/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-693Java/Kotlinjava/overly-large-rangeOverly permissive regular expression range
CWE-693Java/Kotlinjava/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-693Java/Kotlinjava/improper-validation-of-array-constructionImproper validation of user-provided size used for array construction
CWE-693Java/Kotlinjava/improper-validation-of-array-construction-code-specifiedImproper validation of code-specified size used for array construction
CWE-693Java/Kotlinjava/improper-validation-of-array-indexImproper validation of user-provided array index
CWE-693Java/Kotlinjava/improper-validation-of-array-index-code-specifiedImproper validation of code-specified array index
CWE-693Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-693Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-693Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-693Java/Kotlinjava/android/insecure-local-key-genInsecurely generated keys for local authentication
CWE-693Java/Kotlinjava/android/insecure-local-authenticationInsecure local authentication
CWE-693Java/Kotlinjava/android/missing-certificate-pinningAndroid missing certificate pinning
CWE-693Java/Kotlinjava/improper-webview-certificate-validationAndroidWebView that accepts all certificates
CWE-693Java/Kotlinjava/insecure-trustmanagerTrustManager that accepts all certificates
CWE-693Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-693Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-693Java/Kotlinjava/android/backup-enabledApplication backup allowed
CWE-693Java/Kotlinjava/android/cleartext-storage-databaseCleartext storage of sensitive information using a local database on Android
CWE-693Java/Kotlinjava/android/cleartext-storage-filesystemCleartext storage of sensitive information in the Android filesystem
CWE-693Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-693Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-693Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-693Java/Kotlinjava/android/cleartext-storage-shared-prefsCleartext storage of sensitive information usingSharedPreferences on Android
CWE-693Java/Kotlinjava/non-https-urlFailure to use HTTPS URLs
CWE-693Java/Kotlinjava/non-ssl-connectionFailure to use SSL
CWE-693Java/Kotlinjava/non-ssl-socket-factoryFailure to use SSL socket factories
CWE-693Java/Kotlinjava/insufficient-key-sizeUse of a cryptographic algorithm with insufficient key size
CWE-693Java/Kotlinjava/weak-cryptographic-algorithmUse of a broken or risky cryptographic algorithm
CWE-693Java/Kotlinjava/potentially-weak-cryptographic-algorithmUse of a potentially broken or risky cryptographic algorithm
CWE-693Java/Kotlinjava/missing-jwt-signature-checkMissing JWT signature check
CWE-693Java/Kotlinjava/csrf-unprotected-request-typeHTTP request type unprotected from CSRF
CWE-693Java/Kotlinjava/spring-disabled-csrf-protectionDisabled Spring CSRF protection
CWE-693Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-693Java/Kotlinjava/insecure-basic-authInsecure basic authentication
CWE-693Java/Kotlinjava/insecure-ldap-authInsecure LDAP authentication
CWE-693Java/Kotlinjava/insecure-cookieFailure to use secure cookies
CWE-693Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-693Java/Kotlinjava/rsa-without-oaepUse of RSA algorithm without OAEP
CWE-693Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-693Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-693Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-693Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-693Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-693Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-693Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-693Java/Kotlinjava/improper-intent-verificationImproper verification of intent by broadcast receiver
CWE-693Java/Kotlinjava/android/incomplete-provider-permissionsMissing read or write permission in a content provider
CWE-693Java/Kotlinjava/android/implicitly-exported-componentImplicitly exported Android component
CWE-693Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-693Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-693Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-693Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-693Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-693Java/Kotlinjava/jxbrowser/disabled-certificate-validationJxBrowser with disabled certificate validation
CWE-693Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-693Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-693Java/Kotlinjava/disabled-certificate-revocation-checkingDisabled certificate revocation checking
CWE-693Java/Kotlinjava/azure-storage/unsafe-client-side-encryption-in-useUnsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
CWE-693Java/Kotlinjava/unsafe-tls-versionUnsafe TLS version
CWE-693Java/Kotlinjava/unvalidated-cors-origin-setCORS is derived from untrusted input
CWE-693Java/Kotlinjava/missing-jwt-signature-check-auth0Missing JWT signature check
CWE-693Java/Kotlinjava/ip-address-spoofingIP address spoofing
CWE-693Java/Kotlinjava/jsonp-injectionJSONP Injection
CWE-693Java/Kotlinjava/credentials-in-propertiesCleartext Credentials in Properties File
CWE-693Java/Kotlinjava/password-in-configurationPassword in configuration file
CWE-693Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-693Java/Kotlinjava/hash-without-saltUse of a hash function without a salt
CWE-693Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-693Java/Kotlinjava/weak-cryptographic-algorithm-new-modelUse of a broken or risky cryptographic algorithm
CWE-695Java/Kotlinjava/ejb/file-ioEJB uses file input/output
CWE-695Java/Kotlinjava/ejb/graphicsEJB uses graphics
CWE-695Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-695Java/Kotlinjava/ejb/threadsEJB uses threads
CWE-697Java/Kotlinjava/missing-default-in-switchMissing default case in switch
CWE-697Java/Kotlinjava/reference-equality-with-objectReference equality test on java.lang.Object
CWE-697Java/Kotlinjava/reference-equality-of-boxed-typesReference equality test of boxed types
CWE-697Java/Kotlinjava/reference-equality-on-stringsReference equality test on strings
CWE-697Java/Kotlinjava/missing-case-in-switchMissing enum case in switch
CWE-697Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-703Java/Kotlinjava/inconsistent-call-on-resultInconsistent operation on return value
CWE-703Java/Kotlinjava/return-value-ignoredMethod result ignored
CWE-703Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-703Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-703Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-703Java/Kotlinjava/discarded-exceptionDiscarded exception
CWE-703Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-703Java/Kotlinjava/ignored-error-status-of-callIgnored error status of call
CWE-703Java/Kotlinjava/uncaught-number-format-exceptionMissing catch of NumberFormatException
CWE-703Java/Kotlinjava/uncaught-servlet-exceptionUncaught Servlet Exception
CWE-703Java/Kotlinjava/android/nfe-local-android-dosLocal Android DoS Caused By NumberFormatException
CWE-704Java/Kotlinjava/implicit-cast-in-compound-assignmentImplicit narrowing conversion in compound assignment
CWE-704Java/Kotlinjava/integer-multiplication-cast-to-longResult of multiplication cast to wider type
CWE-704Java/Kotlinjava/impossible-array-castImpossible array cast
CWE-704Java/Kotlinjava/comparison-with-wider-typeComparison of narrow type with wide type in loop condition
CWE-704Java/Kotlinjava/tainted-numeric-castUser-controlled data in numeric cast
CWE-705Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-705Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-705Java/Kotlinjava/uncaught-number-format-exceptionMissing catch of NumberFormatException
CWE-705Java/Kotlinjava/jvm-exitForcible JVM termination
CWE-705Java/Kotlinjava/abnormal-finally-completionFinally block may not complete normally
CWE-705Java/Kotlinjava/uncaught-servlet-exceptionUncaught Servlet Exception
CWE-706Java/Kotlinjava/path-injectionUncontrolled data used in path expression
CWE-706Java/Kotlinjava/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-706Java/Kotlinjava/partial-path-traversalPartial path traversal vulnerability
CWE-706Java/Kotlinjava/partial-path-traversal-from-remotePartial path traversal vulnerability from remote
CWE-706Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-706Java/Kotlinjava/openstream-called-on-tainted-urlopenStream called on URLs created from remote source
CWE-707Java/Kotlinjava/jndi-injectionJNDI lookup with user-controlled name
CWE-707Java/Kotlinjava/xslt-injectionXSLT transformation with user-controlled stylesheet
CWE-707Java/Kotlinjava/relative-path-commandExecuting a command with a relative path
CWE-707Java/Kotlinjava/command-line-injectionUncontrolled command line
CWE-707Java/Kotlinjava/exec-tainted-environmentBuilding a command with an injected environment variable
CWE-707Java/Kotlinjava/concatenated-command-lineBuilding a command line with string concatenation
CWE-707Java/Kotlinjava/android/webview-addjavascriptinterfaceAccess Java object methods through JavaScript exposure
CWE-707Java/Kotlinjava/android/websettings-javascript-enabledAndroid WebView JavaScript settings
CWE-707Java/Kotlinjava/xssCross-site scripting
CWE-707Java/Kotlinjava/concatenated-sql-queryQuery built by concatenation with a possibly-untrusted string
CWE-707Java/Kotlinjava/sql-injectionQuery built from user-controlled sources
CWE-707Java/Kotlinjava/ldap-injectionLDAP query built from user-controlled sources
CWE-707Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-707Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-707Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-707Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-707Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-707Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-707Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-707Java/Kotlinjava/netty-http-request-or-response-splittingDisabled Netty HTTP header validation
CWE-707Java/Kotlinjava/http-response-splittingHTTP response splitting
CWE-707Java/Kotlinjava/log-injectionLog Injection
CWE-707Java/Kotlinjava/tainted-format-stringUse of externally-controlled format string
CWE-707Java/Kotlinjava/xml/xpath-injectionXPath injection
CWE-707Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-707Java/Kotlinjava/ognl-injectionOGNL Expression Language statement with user-controlled input
CWE-707Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-707Java/Kotlinjava/command-line-injection-extraCommand Injection into Runtime.exec() with dangerous command
CWE-707Java/Kotlinjava/command-line-injection-extra-localCommand Injection into Runtime.exec() with dangerous command
CWE-707Java/Kotlinjava/command-line-injection-experimentalUncontrolled command line (experimental sinks)
CWE-707Java/Kotlinjava/mybatis-annotation-sql-injectionSQL injection in MyBatis annotation
CWE-707Java/Kotlinjava/mybatis-xml-sql-injectionSQL injection in MyBatis Mapper XML
CWE-707Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-707Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-707Java/Kotlinjava/jshell-injectionJShell injection
CWE-707Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-707Java/Kotlinjava/jython-injectionInjection in Jython
CWE-707Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-707Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-707Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-707Java/Kotlinjava/xquery-injectionXQuery query built from user-controlled sources
CWE-710Java/Kotlinjava/deprecated-callDeprecated method or constructor invocation
CWE-710Java/Kotlinjava/dead-classDead class
CWE-710Java/Kotlinjava/dead-enum-constantDead enum constant
CWE-710Java/Kotlinjava/dead-fieldDead field
CWE-710Java/Kotlinjava/dead-functionDead method
CWE-710Java/Kotlinjava/lines-of-dead-codeLines of dead code in files
CWE-710Java/Kotlinjava/unused-parameterUseless parameter
CWE-710Java/Kotlinjava/ejb/container-interferenceEJB interferes with container operation
CWE-710Java/Kotlinjava/ejb/file-ioEJB uses file input/output
CWE-710Java/Kotlinjava/ejb/graphicsEJB uses graphics
CWE-710Java/Kotlinjava/ejb/native-codeEJB uses native code
CWE-710Java/Kotlinjava/ejb/reflectionEJB uses reflection
CWE-710Java/Kotlinjava/ejb/security-configuration-accessEJB accesses security configuration
CWE-710Java/Kotlinjava/ejb/substitution-in-serializationEJB uses substitution in serialization
CWE-710Java/Kotlinjava/ejb/socket-or-stream-handler-factoryEJB sets socket factory or URL stream handler factory
CWE-710Java/Kotlinjava/ejb/server-socketEJB uses server socket
CWE-710Java/Kotlinjava/ejb/non-final-static-fieldEJB uses non-final static field
CWE-710Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-710Java/Kotlinjava/ejb/thisEJB uses 'this' as argument or result
CWE-710Java/Kotlinjava/ejb/threadsEJB uses threads
CWE-710Java/Kotlinjava/useless-null-checkUseless null check
CWE-710Java/Kotlinjava/useless-type-testUseless type test
CWE-710Java/Kotlinjava/useless-upcastUseless upcast
CWE-710Java/Kotlinjava/missing-call-to-super-cloneMissing super clone
CWE-710Java/Kotlinjava/empty-containerContainer contents are never initialized
CWE-710Java/Kotlinjava/unused-containerContainer contents are never accessed
CWE-710Java/Kotlinjava/equals-on-unrelated-typesEquals on incomparable types
CWE-710Java/Kotlinjava/inconsistent-equals-and-hashcodeInconsistent equals and hashCode
CWE-710Java/Kotlinjava/constant-comparisonUseless comparison test
CWE-710Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-710Java/Kotlinjava/missing-super-finalizeFinalizer inconsistency
CWE-710Java/Kotlinjava/missing-format-argumentMissing format argument
CWE-710Java/Kotlinjava/unused-format-argumentUnused format argument
CWE-710Java/Kotlinjava/dereferenced-value-is-always-nullDereferenced variable is always null
CWE-710Java/Kotlinjava/dereferenced-expr-may-be-nullDereferenced expression may be null
CWE-710Java/Kotlinjava/dereferenced-value-may-be-nullDereferenced variable may be null
CWE-710Java/Kotlinjava/empty-synchronized-blockEmpty synchronized block
CWE-710Java/Kotlinjava/unreachable-catch-clauseUnreachable catch clause
CWE-710Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-710Java/Kotlinjava/potentially-dangerous-functionUse of a potentially dangerous function
CWE-710Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-710Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-710Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-710Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-710Java/Kotlinjava/todo-commentTODO/FIXME comments
CWE-710Java/Kotlinjava/unused-reference-typeUnused classes and interfaces
CWE-710Java/Kotlinjava/overwritten-assignment-to-localAssigned value is overwritten
CWE-710Java/Kotlinjava/useless-assignment-to-localUseless assignment to local variable
CWE-710Java/Kotlinjava/empty-finalizerEmpty body of finalizer
CWE-710Java/Kotlinjava/unused-initialized-localLocal variable is initialized but not used
CWE-710Java/Kotlinjava/local-variable-is-never-readUnread local variable
CWE-710Java/Kotlinjava/unused-fieldUnused field
CWE-710Java/Kotlinjava/unused-labelUnused label
CWE-710Java/Kotlinjava/unused-local-variableUnused local variable
CWE-710Java/Kotlinjava/switch-fall-throughUnterminated switch case
CWE-710Java/Kotlinjava/do-not-call-finalizeDo not callfinalize()
CWE-710Java/Kotlinjava/redundant-castUnnecessary cast
CWE-710Java/Kotlinjava/unused-importUnnecessary import
CWE-732Java/Kotlinjava/local-temp-file-or-directory-information-disclosureLocal information disclosure in a temporary directory
CWE-732Java/Kotlinjava/world-writable-file-readReading from a world writable file
CWE-749Java/Kotlinjava/android/unsafe-android-webview-fetchUnsafe resource fetching in Android WebView
CWE-754Java/Kotlinjava/inconsistent-call-on-resultInconsistent operation on return value
CWE-754Java/Kotlinjava/return-value-ignoredMethod result ignored
CWE-754Java/Kotlinjava/unsafe-cert-trustUnsafe certificate trust
CWE-755Java/Kotlinjava/error-message-exposureInformation exposure through an error message
CWE-755Java/Kotlinjava/stack-trace-exposureInformation exposure through a stack trace
CWE-755Java/Kotlinjava/overly-general-catchOverly-general catch clause
CWE-755Java/Kotlinjava/android/nfe-local-android-dosLocal Android DoS Caused By NumberFormatException
CWE-759Java/Kotlinjava/hash-without-saltUse of a hash function without a salt
CWE-764Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-772Java/Kotlinjava/input-resource-leakPotential input resource leak
CWE-772Java/Kotlinjava/database-resource-leakPotential database resource leak
CWE-772Java/Kotlinjava/output-resource-leakPotential output resource leak
CWE-776Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-780Java/Kotlinjava/rsa-without-oaepUse of RSA algorithm without OAEP
CWE-783Java/Kotlinjava/whitespace-contradicts-precedenceWhitespace contradicts operator precedence
CWE-798Java/Kotlinjava/hardcoded-credential-api-callHard-coded credential in API call
CWE-798Java/Kotlinjava/hardcoded-credential-comparisonHard-coded credential comparison
CWE-798Java/Kotlinjava/hardcoded-credential-sensitive-callHard-coded credential in sensitive call
CWE-798Java/Kotlinjava/hardcoded-password-fieldHard-coded password field
CWE-807Java/Kotlinjava/user-controlled-bypassUser-controlled bypass of sensitive method
CWE-807Java/Kotlinjava/tainted-permissions-checkUser-controlled data used in permissions check
CWE-820Java/Kotlinjava/lazy-initializationIncorrect lazy initialization of a static field
CWE-820Java/Kotlinjava/non-sync-overrideNon-synchronized override of synchronized method
CWE-821Java/Kotlinjava/ejb/synchronizationEJB uses synchronization
CWE-821Java/Kotlinjava/call-to-thread-runDirect call to a run() method
CWE-827Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-829Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-829Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-833Java/Kotlinjava/sleep-with-lock-heldSleep with lock held
CWE-833Java/Kotlinjava/unreleased-lockUnreleased lock
CWE-833Java/Kotlinjava/wait-with-two-locksWait with two locks held
CWE-833Java/Kotlinjava/lock-order-inconsistencyLock order inconsistency
CWE-834Java/Kotlinjava/constant-loop-conditionConstant loop condition
CWE-834Java/Kotlinjava/xxeResolving XML external entity in user-controlled data
CWE-834Java/Kotlinjava/unreachable-exit-in-loopLoop with unreachable exit condition
CWE-835Java/Kotlinjava/constant-loop-conditionConstant loop condition
CWE-835Java/Kotlinjava/unreachable-exit-in-loopLoop with unreachable exit condition
CWE-862Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-863Java/Kotlinjava/permissive-dot-regexURL matched by permissive. in a regular expression
CWE-913Java/Kotlinjava/android/arbitrary-apk-installationAndroid APK installation
CWE-913Java/Kotlinjava/groovy-injectionGroovy Language injection
CWE-913Java/Kotlinjava/insecure-bean-validationInsecure Bean Validation
CWE-913Java/Kotlinjava/jexl-expression-injectionExpression language injection (JEXL)
CWE-913Java/Kotlinjava/mvel-expression-injectionExpression language injection (MVEL)
CWE-913Java/Kotlinjava/spel-expression-injectionExpression language injection (Spring)
CWE-913Java/Kotlinjava/server-side-template-injectionServer-side template injection
CWE-913Java/Kotlinjava/android/fragment-injectionAndroid fragment injection
CWE-913Java/Kotlinjava/android/fragment-injection-preference-activityAndroid fragment injection in PreferenceActivity
CWE-913Java/Kotlinjava/unsafe-deserializationDeserialization of user-controlled data
CWE-913Java/Kotlinjava/log4j-injectionPotential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE-913Java/Kotlinjava/beanshell-injectionBeanShell injection
CWE-913Java/Kotlinjava/android-insecure-dex-loadingInsecure loading of an Android Dex File
CWE-913Java/Kotlinjava/jshell-injectionJShell injection
CWE-913Java/Kotlinjava/javaee-expression-injectionJakarta Expression Language injection
CWE-913Java/Kotlinjava/jython-injectionInjection in Jython
CWE-913Java/Kotlinjava/unsafe-evalInjection in Java Script Engine
CWE-913Java/Kotlinjava/spring-view-manipulation-implicitSpring Implicit View Manipulation
CWE-913Java/Kotlinjava/spring-view-manipulationSpring View Manipulation
CWE-913Java/Kotlinjava/android/unsafe-reflectionLoad 3rd party classes or code ('unsafe reflection') without signature check
CWE-913Java/Kotlinjava/unsafe-reflectionUse of externally-controlled input to select classes or code ('unsafe reflection')
CWE-913Java/Kotlinjava/unsafe-deserialization-rmiUnsafe deserialization in a remotely callable method.
CWE-913Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-configuration-classUnsafe deserialization with Spring's remote service exporters.
CWE-913Java/Kotlinjava/unsafe-deserialization-spring-exporter-in-xml-configurationUnsafe deserialization with Spring's remote service exporters.
CWE-916Java/Kotlinjava/hash-without-saltUse of a hash function without a salt
CWE-917Java/Kotlinjava/ognl-injectionOGNL Expression Language statement with user-controlled input
CWE-918Java/Kotlinjava/ssrfServer-side request forgery
CWE-922Java/Kotlinjava/android/backup-enabledApplication backup allowed
CWE-922Java/Kotlinjava/android/cleartext-storage-databaseCleartext storage of sensitive information using a local database on Android
CWE-922Java/Kotlinjava/android/cleartext-storage-filesystemCleartext storage of sensitive information in the Android filesystem
CWE-922Java/Kotlinjava/cleartext-storage-in-classCleartext storage of sensitive information using storable class
CWE-922Java/Kotlinjava/cleartext-storage-in-cookieCleartext storage of sensitive information in cookie
CWE-922Java/Kotlinjava/cleartext-storage-in-propertiesCleartext storage of sensitive information using 'Properties' class
CWE-922Java/Kotlinjava/android/cleartext-storage-shared-prefsCleartext storage of sensitive information usingSharedPreferences on Android
CWE-923Java/Kotlinjava/insecure-smtp-sslInsecure JavaMail SSL Configuration
CWE-923Java/Kotlinjava/unsafe-hostname-verificationUnsafe hostname verification
CWE-923Java/Kotlinjava/socket-auth-race-conditionRace condition in socket authentication
CWE-923Java/Kotlinjava/maven/non-https-urlFailure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE-923Java/Kotlinjava/improper-intent-verificationImproper verification of intent by broadcast receiver
CWE-923Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-923Java/Kotlinjava/ignored-hostname-verificationIgnored result of hostname verification
CWE-923Java/Kotlinjava/insecure-ldaps-endpointInsecure LDAPS Endpoint Configuration
CWE-925Java/Kotlinjava/improper-intent-verificationImproper verification of intent by broadcast receiver
CWE-926Java/Kotlinjava/android/intent-uri-permission-manipulationIntent URI permission manipulation
CWE-926Java/Kotlinjava/android/incomplete-provider-permissionsMissing read or write permission in a content provider
CWE-926Java/Kotlinjava/android/implicitly-exported-componentImplicitly exported Android component
CWE-926Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-927Java/Kotlinjava/android/implicit-pendingintentsUse of implicit PendingIntents
CWE-927Java/Kotlinjava/android/sensitive-communicationLeaking sensitive information through an implicit Intent
CWE-927Java/Kotlinjava/android/sensitive-result-receiverLeaking sensitive information through a ResultReceiver
CWE-939Java/Kotlinjava/incorrect-url-verificationIncorrect URL verification
CWE-940Java/Kotlinjava/android/intent-redirectionAndroid Intent redirection
CWE-943Java/Kotlinjava/concatenated-sql-queryQuery built by concatenation with a possibly-untrusted string
CWE-943Java/Kotlinjava/sql-injectionQuery built from user-controlled sources
CWE-943Java/Kotlinjava/ldap-injectionLDAP query built from user-controlled sources
CWE-943Java/Kotlinjava/xml/xpath-injectionXPath injection
CWE-943Java/Kotlinjava/mybatis-annotation-sql-injectionSQL injection in MyBatis annotation
CWE-943Java/Kotlinjava/mybatis-xml-sql-injectionSQL injection in MyBatis Mapper XML
CWE-943Java/Kotlinjava/xquery-injectionXQuery query built from user-controlled sources
CWE-1004Java/Kotlinjava/tomcat-disabled-httponlyTomcat config disables 'HttpOnly' flag (XSS risk)
CWE-1004Java/Kotlinjava/sensitive-cookie-not-httponlySensitive cookies without the HttpOnly response header set
CWE-1071Java/Kotlinjava/empty-methodEmpty method
CWE-1104Java/Kotlinjava/maven/dependency-upon-bintrayDepending upon JCenter/Bintray as an artifact repository
CWE-1176Java/Kotlinjava/string-replace-all-with-non-regexUse ofString#replaceAll with a first argument which is not a regular expression
CWE-1204Java/Kotlinjava/static-initialization-vectorUsing a static initialization vector for encryption
CWE-1333Java/Kotlinjava/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-1333Java/Kotlinjava/redosInefficient regular expression
CWE-1336Java/Kotlinjava/server-side-template-injectionServer-side template injection
[8]ページ先頭
©2009-2025 Movatter.jp