Movatterモバイル変換

[0]ホーム
URL:

CodeQL documentation
CodeQL resources

CWE coverage for Python

An overview of CWE coverage for Python in the latest release of CodeQL.

Overview

CWELanguageQuery idQuery name
CWE-20Pythonpy/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-20Pythonpy/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-20Pythonpy/cookie-injectionConstruction of a cookie using user-supplied input
CWE-20Pythonpy/incomplete-hostname-regexpIncomplete regular expression for hostnames
CWE-20Pythonpy/incomplete-url-substring-sanitizationIncomplete URL substring sanitization
CWE-20Pythonpy/overly-large-rangeOverly permissive regular expression range
CWE-20Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-22Pythonpy/path-injectionUncontrolled data used in path expression
CWE-22Pythonpy/tarslipArbitrary file write during tarfile extraction
CWE-22Pythonpy/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-22Pythonpy/tarslip-extendedArbitrary file write during tarfile extraction
CWE-22Pythonpy/unsafe-unpackingArbitrary file write during a tarball extraction from a user controlled source
CWE-23Pythonpy/path-injectionUncontrolled data used in path expression
CWE-36Pythonpy/path-injectionUncontrolled data used in path expression
CWE-73Pythonpy/path-injectionUncontrolled data used in path expression
CWE-73Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-74Pythonpy/use-of-input'input' function used in Python 2
CWE-74Pythonpy/path-injectionUncontrolled data used in path expression
CWE-74Pythonpy/template-injectionServer Side Template Injection
CWE-74Pythonpy/command-line-injectionUncontrolled command line
CWE-74Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-74Pythonpy/jinja2/autoescape-falseJinja2 templating with autoescape=False
CWE-74Pythonpy/reflective-xssReflected server-side cross-site scripting
CWE-74Pythonpy/sql-injectionSQL query built from user-controlled sources
CWE-74Pythonpy/ldap-injectionLDAP query built from user-controlled sources
CWE-74Pythonpy/code-injectionCode injection
CWE-74Pythonpy/http-response-splittingHTTP Response Splitting
CWE-74Pythonpy/xpath-injectionXPath query built from user-controlled sources
CWE-74Pythonpy/nosql-injectionNoSQL Injection
CWE-74Pythonpy/paramiko-command-injectionCommand execution on a secondary remote server
CWE-74Pythonpy/reflective-xss-emailReflected server-side cross-site scripting
CWE-74Pythonpy/xslt-injectionXSLT query built from user-controlled sources
CWE-74Pythonpy/js2py-rceJavaScript code execution.
CWE-77Pythonpy/command-line-injectionUncontrolled command line
CWE-77Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-78Pythonpy/command-line-injectionUncontrolled command line
CWE-78Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-79Pythonpy/jinja2/autoescape-falseJinja2 templating with autoescape=False
CWE-79Pythonpy/reflective-xssReflected server-side cross-site scripting
CWE-79Pythonpy/http-response-splittingHTTP Response Splitting
CWE-79Pythonpy/reflective-xss-emailReflected server-side cross-site scripting
CWE-88Pythonpy/command-line-injectionUncontrolled command line
CWE-88Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-89Pythonpy/sql-injectionSQL query built from user-controlled sources
CWE-90Pythonpy/ldap-injectionLDAP query built from user-controlled sources
CWE-91Pythonpy/xpath-injectionXPath query built from user-controlled sources
CWE-91Pythonpy/xslt-injectionXSLT query built from user-controlled sources
CWE-93Pythonpy/http-response-splittingHTTP Response Splitting
CWE-94Pythonpy/use-of-input'input' function used in Python 2
CWE-94Pythonpy/code-injectionCode injection
CWE-94Pythonpy/js2py-rceJavaScript code execution.
CWE-95Pythonpy/use-of-input'input' function used in Python 2
CWE-95Pythonpy/code-injectionCode injection
CWE-99Pythonpy/path-injectionUncontrolled data used in path expression
CWE-113Pythonpy/http-response-splittingHTTP Response Splitting
CWE-116Pythonpy/reflective-xssReflected server-side cross-site scripting
CWE-116Pythonpy/code-injectionCode injection
CWE-116Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-116Pythonpy/log-injectionLog Injection
CWE-116Pythonpy/reflective-xss-emailReflected server-side cross-site scripting
CWE-117Pythonpy/log-injectionLog Injection
CWE-172Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-176Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-179Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-180Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-183Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-185Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-186Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-200Pythonpy/bind-socket-all-network-interfacesBinding a socket to all network interfaces
CWE-200Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-200Pythonpy/flask-debugFlask app is run in debug mode
CWE-200Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-200Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-200Pythonpy/possible-timing-attack-against-hashTiming attack against Hash
CWE-200Pythonpy/timing-attack-against-hashTiming attack against Hash
CWE-200Pythonpy/timing-attack-against-header-valueTiming attack against header value
CWE-200Pythonpy/possible-timing-attack-sensitive-infoTiming attack against secret
CWE-200Pythonpy/timing-attack-sensitive-infoTiming attack against secret
CWE-203Pythonpy/possible-timing-attack-against-hashTiming attack against Hash
CWE-203Pythonpy/timing-attack-against-hashTiming attack against Hash
CWE-203Pythonpy/timing-attack-against-header-valueTiming attack against header value
CWE-203Pythonpy/possible-timing-attack-sensitive-infoTiming attack against secret
CWE-203Pythonpy/timing-attack-sensitive-infoTiming attack against secret
CWE-208Pythonpy/possible-timing-attack-against-hashTiming attack against Hash
CWE-208Pythonpy/timing-attack-against-hashTiming attack against Hash
CWE-208Pythonpy/timing-attack-against-header-valueTiming attack against header value
CWE-208Pythonpy/possible-timing-attack-sensitive-infoTiming attack against secret
CWE-208Pythonpy/timing-attack-sensitive-infoTiming attack against secret
CWE-209Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-215Pythonpy/flask-debugFlask app is run in debug mode
CWE-221Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-227Pythonpy/equals-hash-mismatchInconsistent equality and hashing
CWE-227Pythonpy/call/wrong-named-class-argumentWrong name for an argument in a class instantiation
CWE-227Pythonpy/call/wrong-number-class-argumentsWrong number of arguments in a class instantiation
CWE-227Pythonpy/super-not-enclosing-classFirst argument to super() is not enclosing class
CWE-227Pythonpy/call/wrong-named-argumentWrong name for an argument in a call
CWE-227Pythonpy/percent-format/wrong-argumentsWrong number of arguments for format
CWE-227Pythonpy/call/wrong-argumentsWrong number of arguments in a call
CWE-252Pythonpy/ignored-return-valueIgnored return value
CWE-259Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-284Pythonpy/pam-auth-bypassPAM authorization bypass due to incorrect usage
CWE-284Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-284Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-284Pythonpy/flask-constant-secret-keyInitializing SECRET_KEY of Flask application with Constant value
CWE-284Pythonpy/improper-ldap-authImproper LDAP Authentication
CWE-284Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-284Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-285Pythonpy/pam-auth-bypassPAM authorization bypass due to incorrect usage
CWE-285Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-287Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-287Pythonpy/flask-constant-secret-keyInitializing SECRET_KEY of Flask application with Constant value
CWE-287Pythonpy/improper-ldap-authImproper LDAP Authentication
CWE-287Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-295Pythonpy/paramiko-missing-host-key-validationAccepting unknown SSH host keys when using Paramiko
CWE-295Pythonpy/request-without-cert-validationRequest without certificate validation
CWE-311Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-311Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-311Pythonpy/insecure-cookieFailure to use secure cookies
CWE-312Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-312Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-315Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-321Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-326Pythonpy/weak-crypto-keyUse of weak cryptographic key
CWE-326Pythonpy/weak-sensitive-data-hashingUse of a broken or weak cryptographic hashing algorithm on sensitive data
CWE-326Pythonpy/unknown-asymmetric-key-gen-sizeUnknown key generation key size
CWE-326Pythonpy/weak-asymmetric-key-gen-sizeWeak key generation key size (< 2048 bits)
CWE-327Pythonpy/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-327Pythonpy/insecure-default-protocolDefault version of SSL/TLS may be insecure
CWE-327Pythonpy/insecure-protocolUse of insecure SSL/TLS version
CWE-327Pythonpy/weak-sensitive-data-hashingUse of a broken or weak cryptographic hashing algorithm on sensitive data
CWE-327Pythonpy/azure-storage/unsafe-client-side-encryption-in-useUnsafe usage of v1 version of Azure Storage client-side encryption.
CWE-327Pythonpy/weak-block-modeWeak block mode
CWE-327Pythonpy/weak-elliptic-curveWeak elliptic curve
CWE-327Pythonpy/weak-hashesWeak hashes
CWE-327Pythonpy/weak-symmetric-encryptionWeak symmetric encryption algorithm
CWE-328Pythonpy/weak-sensitive-data-hashingUse of a broken or weak cryptographic hashing algorithm on sensitive data
CWE-330Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-330Pythonpy/insecure-randomnessInsecure randomness
CWE-330Pythonpy/predictable-tokenPredictable token
CWE-338Pythonpy/insecure-randomnessInsecure randomness
CWE-340Pythonpy/predictable-tokenPredictable token
CWE-344Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-345Pythonpy/csrf-protection-disabledCSRF protection weakened or disabled
CWE-345Pythonpy/jwt-missing-verificationJWT missing secret or public key verification
CWE-345Pythonpy/ip-address-spoofingIP address spoofing
CWE-347Pythonpy/jwt-missing-verificationJWT missing secret or public key verification
CWE-348Pythonpy/ip-address-spoofingIP address spoofing
CWE-352Pythonpy/csrf-protection-disabledCSRF protection weakened or disabled
CWE-359Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-359Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-377Pythonpy/insecure-temporary-fileInsecure temporary file
CWE-390Pythonpy/empty-exceptEmpty except
CWE-396Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-398Pythonpy/unreachable-exceptUnreachableexcept block
CWE-398Pythonpy/comparison-of-constantsComparison of constants
CWE-398Pythonpy/comparison-of-identical-expressionsComparison of identical values
CWE-398Pythonpy/comparison-missing-selfMaybe missing 'self' in comparison
CWE-398Pythonpy/redundant-comparisonRedundant comparison
CWE-398Pythonpy/duplicate-key-dict-literalDuplicate key in dict literal
CWE-398Pythonpy/import-deprecated-moduleImport of deprecated module
CWE-398Pythonpy/constant-conditional-expressionConstant in conditional expression or statement
CWE-398Pythonpy/redundant-assignmentRedundant assignment
CWE-398Pythonpy/ineffectual-statementStatement has no effect
CWE-398Pythonpy/unreachable-statementUnreachable code
CWE-398Pythonpy/multiple-definitionVariable defined multiple times
CWE-398Pythonpy/unused-local-variableUnused local variable
CWE-398Pythonpy/unused-global-variableUnused global variable
CWE-400Pythonpy/file-not-closedFile is not always closed
CWE-400Pythonpy/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-400Pythonpy/redosInefficient regular expression
CWE-400Pythonpy/regex-injectionRegular expression injection
CWE-400Pythonpy/xml-bombXML internal entity expansion
CWE-400Pythonpy/unicode-dosDenial of Service using Unicode Characters
CWE-404Pythonpy/file-not-closedFile is not always closed
CWE-405Pythonpy/xml-bombXML internal entity expansion
CWE-405Pythonpy/decompression-bombDecompression Bomb
CWE-405Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-409Pythonpy/xml-bombXML internal entity expansion
CWE-409Pythonpy/decompression-bombDecompression Bomb
CWE-409Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-441Pythonpy/full-ssrfFull server-side request forgery
CWE-441Pythonpy/partial-ssrfPartial server-side request forgery
CWE-477Pythonpy/import-deprecated-moduleImport of deprecated module
CWE-485Pythonpy/flask-debugFlask app is run in debug mode
CWE-489Pythonpy/flask-debugFlask app is run in debug mode
CWE-497Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-502Pythonpy/unsafe-deserializationDeserialization of user-controlled data
CWE-522Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-523Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-532Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-538Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-552Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-561Pythonpy/unreachable-exceptUnreachableexcept block
CWE-561Pythonpy/comparison-of-constantsComparison of constants
CWE-561Pythonpy/comparison-of-identical-expressionsComparison of identical values
CWE-561Pythonpy/comparison-missing-selfMaybe missing 'self' in comparison
CWE-561Pythonpy/redundant-comparisonRedundant comparison
CWE-561Pythonpy/duplicate-key-dict-literalDuplicate key in dict literal
CWE-561Pythonpy/constant-conditional-expressionConstant in conditional expression or statement
CWE-561Pythonpy/ineffectual-statementStatement has no effect
CWE-561Pythonpy/unreachable-statementUnreachable code
CWE-563Pythonpy/redundant-assignmentRedundant assignment
CWE-563Pythonpy/multiple-definitionVariable defined multiple times
CWE-563Pythonpy/unused-local-variableUnused local variable
CWE-563Pythonpy/unused-global-variableUnused global variable
CWE-570Pythonpy/comparison-of-constantsComparison of constants
CWE-570Pythonpy/comparison-of-identical-expressionsComparison of identical values
CWE-570Pythonpy/comparison-missing-selfMaybe missing 'self' in comparison
CWE-570Pythonpy/redundant-comparisonRedundant comparison
CWE-570Pythonpy/constant-conditional-expressionConstant in conditional expression or statement
CWE-571Pythonpy/comparison-of-constantsComparison of constants
CWE-571Pythonpy/comparison-of-identical-expressionsComparison of identical values
CWE-571Pythonpy/comparison-missing-selfMaybe missing 'self' in comparison
CWE-571Pythonpy/redundant-comparisonRedundant comparison
CWE-571Pythonpy/constant-conditional-expressionConstant in conditional expression or statement
CWE-573Pythonpy/equals-hash-mismatchInconsistent equality and hashing
CWE-573Pythonpy/call/wrong-named-class-argumentWrong name for an argument in a class instantiation
CWE-573Pythonpy/call/wrong-number-class-argumentsWrong number of arguments in a class instantiation
CWE-573Pythonpy/super-not-enclosing-classFirst argument to super() is not enclosing class
CWE-573Pythonpy/call/wrong-named-argumentWrong name for an argument in a call
CWE-573Pythonpy/percent-format/wrong-argumentsWrong number of arguments for format
CWE-573Pythonpy/call/wrong-argumentsWrong number of arguments in a call
CWE-581Pythonpy/equals-hash-mismatchInconsistent equality and hashing
CWE-584Pythonpy/exit-from-finally'break' or 'return' statement in finally
CWE-601Pythonpy/url-redirectionURL redirection from remote source
CWE-610Pythonpy/path-injectionUncontrolled data used in path expression
CWE-610Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-610Pythonpy/url-redirectionURL redirection from remote source
CWE-610Pythonpy/xxeXML external entity expansion
CWE-610Pythonpy/full-ssrfFull server-side request forgery
CWE-610Pythonpy/partial-ssrfPartial server-side request forgery
CWE-611Pythonpy/xxeXML external entity expansion
CWE-614Pythonpy/insecure-cookieFailure to use secure cookies
CWE-628Pythonpy/call/wrong-named-class-argumentWrong name for an argument in a class instantiation
CWE-628Pythonpy/call/wrong-number-class-argumentsWrong number of arguments in a class instantiation
CWE-628Pythonpy/super-not-enclosing-classFirst argument to super() is not enclosing class
CWE-628Pythonpy/call/wrong-named-argumentWrong name for an argument in a call
CWE-628Pythonpy/percent-format/wrong-argumentsWrong number of arguments for format
CWE-628Pythonpy/call/wrong-argumentsWrong number of arguments in a call
CWE-642Pythonpy/path-injectionUncontrolled data used in path expression
CWE-642Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-643Pythonpy/xpath-injectionXPath query built from user-controlled sources
CWE-643Pythonpy/xslt-injectionXSLT query built from user-controlled sources
CWE-657Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-664Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-664Pythonpy/implicit-string-concatenation-in-listImplicit string concatenation in a list
CWE-664Pythonpy/use-of-input'input' function used in Python 2
CWE-664Pythonpy/file-not-closedFile is not always closed
CWE-664Pythonpy/bind-socket-all-network-interfacesBinding a socket to all network interfaces
CWE-664Pythonpy/path-injectionUncontrolled data used in path expression
CWE-664Pythonpy/tarslipArbitrary file write during tarfile extraction
CWE-664Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-664Pythonpy/code-injectionCode injection
CWE-664Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-664Pythonpy/flask-debugFlask app is run in debug mode
CWE-664Pythonpy/pam-auth-bypassPAM authorization bypass due to incorrect usage
CWE-664Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-664Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-664Pythonpy/insecure-temporary-fileInsecure temporary file
CWE-664Pythonpy/unsafe-deserializationDeserialization of user-controlled data
CWE-664Pythonpy/url-redirectionURL redirection from remote source
CWE-664Pythonpy/xxeXML external entity expansion
CWE-664Pythonpy/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-664Pythonpy/redosInefficient regular expression
CWE-664Pythonpy/regex-injectionRegular expression injection
CWE-664Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-664Pythonpy/xml-bombXML internal entity expansion
CWE-664Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-664Pythonpy/full-ssrfFull server-side request forgery
CWE-664Pythonpy/partial-ssrfPartial server-side request forgery
CWE-664Pythonpy/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-664Pythonpy/tarslip-extendedArbitrary file write during tarfile extraction
CWE-664Pythonpy/unsafe-unpackingArbitrary file write during a tarball extraction from a user controlled source
CWE-664Pythonpy/js2py-rceJavaScript code execution.
CWE-664Pythonpy/possible-timing-attack-against-hashTiming attack against Hash
CWE-664Pythonpy/timing-attack-against-hashTiming attack against Hash
CWE-664Pythonpy/timing-attack-against-header-valueTiming attack against header value
CWE-664Pythonpy/possible-timing-attack-sensitive-infoTiming attack against secret
CWE-664Pythonpy/timing-attack-sensitive-infoTiming attack against secret
CWE-664Pythonpy/flask-constant-secret-keyInitializing SECRET_KEY of Flask application with Constant value
CWE-664Pythonpy/improper-ldap-authImproper LDAP Authentication
CWE-664Pythonpy/decompression-bombDecompression Bomb
CWE-664Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-664Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-664Pythonpy/unicode-dosDenial of Service using Unicode Characters
CWE-664Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-665Pythonpy/implicit-string-concatenation-in-listImplicit string concatenation in a list
CWE-665Pythonpy/unicode-dosDenial of Service using Unicode Characters
CWE-668Pythonpy/bind-socket-all-network-interfacesBinding a socket to all network interfaces
CWE-668Pythonpy/path-injectionUncontrolled data used in path expression
CWE-668Pythonpy/tarslipArbitrary file write during tarfile extraction
CWE-668Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-668Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-668Pythonpy/flask-debugFlask app is run in debug mode
CWE-668Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-668Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-668Pythonpy/insecure-temporary-fileInsecure temporary file
CWE-668Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-668Pythonpy/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-668Pythonpy/tarslip-extendedArbitrary file write during tarfile extraction
CWE-668Pythonpy/unsafe-unpackingArbitrary file write during a tarball extraction from a user controlled source
CWE-668Pythonpy/possible-timing-attack-against-hashTiming attack against Hash
CWE-668Pythonpy/timing-attack-against-hashTiming attack against Hash
CWE-668Pythonpy/timing-attack-against-header-valueTiming attack against header value
CWE-668Pythonpy/possible-timing-attack-sensitive-infoTiming attack against secret
CWE-668Pythonpy/timing-attack-sensitive-infoTiming attack against secret
CWE-668Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-668Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-669Pythonpy/xxeXML external entity expansion
CWE-670Pythonpy/asserts-tupleAsserting a tuple
CWE-671Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-674Pythonpy/xml-bombXML internal entity expansion
CWE-674Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-685Pythonpy/call/wrong-number-class-argumentsWrong number of arguments in a class instantiation
CWE-685Pythonpy/percent-format/wrong-argumentsWrong number of arguments for format
CWE-685Pythonpy/call/wrong-argumentsWrong number of arguments in a call
CWE-687Pythonpy/super-not-enclosing-classFirst argument to super() is not enclosing class
CWE-691Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-691Pythonpy/use-of-input'input' function used in Python 2
CWE-691Pythonpy/code-injectionCode injection
CWE-691Pythonpy/xml-bombXML internal entity expansion
CWE-691Pythonpy/asserts-tupleAsserting a tuple
CWE-691Pythonpy/exit-from-finally'break' or 'return' statement in finally
CWE-691Pythonpy/js2py-rceJavaScript code execution.
CWE-691Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-691Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-693Pythonpy/count-untrusted-data-external-apiFrequency counts for external APIs that are used with untrusted data
CWE-693Pythonpy/untrusted-data-to-external-apiUntrusted data passed to external API
CWE-693Pythonpy/cookie-injectionConstruction of a cookie using user-supplied input
CWE-693Pythonpy/incomplete-hostname-regexpIncomplete regular expression for hostnames
CWE-693Pythonpy/incomplete-url-substring-sanitizationIncomplete URL substring sanitization
CWE-693Pythonpy/overly-large-rangeOverly permissive regular expression range
CWE-693Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-693Pythonpy/pam-auth-bypassPAM authorization bypass due to incorrect usage
CWE-693Pythonpy/paramiko-missing-host-key-validationAccepting unknown SSH host keys when using Paramiko
CWE-693Pythonpy/request-without-cert-validationRequest without certificate validation
CWE-693Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-693Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-693Pythonpy/weak-crypto-keyUse of weak cryptographic key
CWE-693Pythonpy/weak-cryptographic-algorithmUse of a broken or weak cryptographic algorithm
CWE-693Pythonpy/insecure-default-protocolDefault version of SSL/TLS may be insecure
CWE-693Pythonpy/insecure-protocolUse of insecure SSL/TLS version
CWE-693Pythonpy/weak-sensitive-data-hashingUse of a broken or weak cryptographic hashing algorithm on sensitive data
CWE-693Pythonpy/csrf-protection-disabledCSRF protection weakened or disabled
CWE-693Pythonpy/insecure-cookieFailure to use secure cookies
CWE-693Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-693Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-693Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-693Pythonpy/flask-constant-secret-keyInitializing SECRET_KEY of Flask application with Constant value
CWE-693Pythonpy/improper-ldap-authImproper LDAP Authentication
CWE-693Pythonpy/azure-storage/unsafe-client-side-encryption-in-useUnsafe usage of v1 version of Azure Storage client-side encryption.
CWE-693Pythonpy/jwt-missing-verificationJWT missing secret or public key verification
CWE-693Pythonpy/ip-address-spoofingIP address spoofing
CWE-693Pythonpy/insecure-ldap-authPython Insecure LDAP Authentication
CWE-693Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-693Pythonpy/unknown-asymmetric-key-gen-sizeUnknown key generation key size
CWE-693Pythonpy/weak-asymmetric-key-gen-sizeWeak key generation key size (< 2048 bits)
CWE-693Pythonpy/weak-block-modeWeak block mode
CWE-693Pythonpy/weak-elliptic-curveWeak elliptic curve
CWE-693Pythonpy/weak-hashesWeak hashes
CWE-693Pythonpy/weak-symmetric-encryptionWeak symmetric encryption algorithm
CWE-696Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-697Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-697Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-703Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-703Pythonpy/empty-exceptEmpty except
CWE-703Pythonpy/ignored-return-valueIgnored return value
CWE-703Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-705Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-705Pythonpy/exit-from-finally'break' or 'return' statement in finally
CWE-706Pythonpy/path-injectionUncontrolled data used in path expression
CWE-706Pythonpy/tarslipArbitrary file write during tarfile extraction
CWE-706Pythonpy/xxeXML external entity expansion
CWE-706Pythonpy/zipslipArbitrary file access during archive extraction ("Zip Slip")
CWE-706Pythonpy/tarslip-extendedArbitrary file write during tarfile extraction
CWE-706Pythonpy/unsafe-unpackingArbitrary file write during a tarball extraction from a user controlled source
CWE-707Pythonpy/use-of-input'input' function used in Python 2
CWE-707Pythonpy/path-injectionUncontrolled data used in path expression
CWE-707Pythonpy/template-injectionServer Side Template Injection
CWE-707Pythonpy/command-line-injectionUncontrolled command line
CWE-707Pythonpy/shell-command-constructed-from-inputUnsafe shell command constructed from library input
CWE-707Pythonpy/jinja2/autoescape-falseJinja2 templating with autoescape=False
CWE-707Pythonpy/reflective-xssReflected server-side cross-site scripting
CWE-707Pythonpy/sql-injectionSQL query built from user-controlled sources
CWE-707Pythonpy/ldap-injectionLDAP query built from user-controlled sources
CWE-707Pythonpy/code-injectionCode injection
CWE-707Pythonpy/http-response-splittingHTTP Response Splitting
CWE-707Pythonpy/bad-tag-filterBad HTML filtering regexp
CWE-707Pythonpy/log-injectionLog Injection
CWE-707Pythonpy/xpath-injectionXPath query built from user-controlled sources
CWE-707Pythonpy/nosql-injectionNoSQL Injection
CWE-707Pythonpy/paramiko-command-injectionCommand execution on a secondary remote server
CWE-707Pythonpy/reflective-xss-emailReflected server-side cross-site scripting
CWE-707Pythonpy/xslt-injectionXSLT query built from user-controlled sources
CWE-707Pythonpy/js2py-rceJavaScript code execution.
CWE-707Pythonpy/unicode-bypass-validationBypass Logical Validation Using Unicode Characters
CWE-710Pythonpy/equals-hash-mismatchInconsistent equality and hashing
CWE-710Pythonpy/call/wrong-named-class-argumentWrong name for an argument in a class instantiation
CWE-710Pythonpy/call/wrong-number-class-argumentsWrong number of arguments in a class instantiation
CWE-710Pythonpy/unreachable-exceptUnreachableexcept block
CWE-710Pythonpy/super-not-enclosing-classFirst argument to super() is not enclosing class
CWE-710Pythonpy/comparison-of-constantsComparison of constants
CWE-710Pythonpy/comparison-of-identical-expressionsComparison of identical values
CWE-710Pythonpy/comparison-missing-selfMaybe missing 'self' in comparison
CWE-710Pythonpy/redundant-comparisonRedundant comparison
CWE-710Pythonpy/duplicate-key-dict-literalDuplicate key in dict literal
CWE-710Pythonpy/call/wrong-named-argumentWrong name for an argument in a call
CWE-710Pythonpy/percent-format/wrong-argumentsWrong number of arguments for format
CWE-710Pythonpy/call/wrong-argumentsWrong number of arguments in a call
CWE-710Pythonpy/import-deprecated-moduleImport of deprecated module
CWE-710Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-710Pythonpy/constant-conditional-expressionConstant in conditional expression or statement
CWE-710Pythonpy/redundant-assignmentRedundant assignment
CWE-710Pythonpy/ineffectual-statementStatement has no effect
CWE-710Pythonpy/unreachable-statementUnreachable code
CWE-710Pythonpy/multiple-definitionVariable defined multiple times
CWE-710Pythonpy/unused-local-variableUnused local variable
CWE-710Pythonpy/unused-global-variableUnused global variable
CWE-732Pythonpy/overly-permissive-fileOverly permissive file permissions
CWE-754Pythonpy/ignored-return-valueIgnored return value
CWE-755Pythonpy/catch-base-exceptionExcept block handles 'BaseException'
CWE-755Pythonpy/empty-exceptEmpty except
CWE-755Pythonpy/stack-trace-exposureInformation exposure through an exception
CWE-770Pythonpy/unicode-dosDenial of Service using Unicode Characters
CWE-772Pythonpy/file-not-closedFile is not always closed
CWE-776Pythonpy/xml-bombXML internal entity expansion
CWE-776Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-798Pythonpy/hardcoded-credentialsHard-coded credentials
CWE-827Pythonpy/xxeXML external entity expansion
CWE-829Pythonpy/xxeXML external entity expansion
CWE-834Pythonpy/xml-bombXML internal entity expansion
CWE-834Pythonpy/simple-xml-rpc-server-dosSimpleXMLRPCServer denial of service
CWE-913Pythonpy/use-of-input'input' function used in Python 2
CWE-913Pythonpy/code-injectionCode injection
CWE-913Pythonpy/unsafe-deserializationDeserialization of user-controlled data
CWE-913Pythonpy/js2py-rceJavaScript code execution.
CWE-916Pythonpy/weak-sensitive-data-hashingUse of a broken or weak cryptographic hashing algorithm on sensitive data
CWE-918Pythonpy/full-ssrfFull server-side request forgery
CWE-918Pythonpy/partial-ssrfPartial server-side request forgery
CWE-922Pythonpy/clear-text-logging-sensitive-dataClear-text logging of sensitive information
CWE-922Pythonpy/clear-text-storage-sensitive-dataClear-text storage of sensitive information
CWE-942Pythonpy/cors-misconfiguration-with-credentialsCors misconfiguration with credentials
CWE-943Pythonpy/sql-injectionSQL query built from user-controlled sources
CWE-943Pythonpy/ldap-injectionLDAP query built from user-controlled sources
CWE-943Pythonpy/xpath-injectionXPath query built from user-controlled sources
CWE-943Pythonpy/nosql-injectionNoSQL Injection
CWE-943Pythonpy/xslt-injectionXSLT query built from user-controlled sources
CWE-1004Pythonpy/insecure-cookieFailure to use secure cookies
CWE-1236Pythonpy/csv-injectionCsv Injection
CWE-1275Pythonpy/insecure-cookieFailure to use secure cookies
CWE-1333Pythonpy/polynomial-redosPolynomial regular expression used on uncontrolled data
CWE-1333Pythonpy/redosInefficient regular expression
[8]ページ先頭
©2009-2025 Movatter.jp