CodeQL documentation

CWE coverage for Java

An overview of CWE coverage for Java in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE‑20 Java java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑20 Java java/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑20 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑20 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑20 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑20 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑20 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑20 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑20 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑22 Java java/path-injection Uncontrolled data used in path expression
CWE‑22 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑22 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑22 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑23 Java java/path-injection Uncontrolled data used in path expression
CWE‑23 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑36 Java java/path-injection Uncontrolled data used in path expression
CWE‑36 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑36 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑73 Java java/path-injection Uncontrolled data used in path expression
CWE‑73 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑74 Java java/jndi-injection JNDI lookup with user-controlled name
CWE‑74 Java java/xslt-injection XSLT transformation with user-controlled stylesheet
CWE‑74 Java java/relative-path-command Executing a command with a relative path
CWE‑74 Java java/command-line-injection Uncontrolled command line
CWE‑74 Java java/command-line-injection-local Local-user-controlled command line
CWE‑74 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑74 Java java/xss Cross-site scripting
CWE‑74 Java java/xss-local Cross-site scripting from local source
CWE‑74 Java java/sql-injection Query built from user-controlled sources
CWE‑74 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑74 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑74 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑74 Java java/groovy-injection Groovy Language injection
CWE‑74 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑74 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑74 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑74 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑74 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑74 Java java/http-response-splitting HTTP response splitting
CWE‑74 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑74 Java java/tainted-format-string Use of externally-controlled format string
CWE‑74 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑74 Java java/xml/xpath-injection XPath injection
CWE‑74 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑74 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑74 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑74 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑74 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑74 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑74 Java java/beanshell-injection BeanShell injection
CWE‑74 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑74 Java java/jshell-injection JShell injection
CWE‑74 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑74 Java java/jython-injection Injection in Jython
CWE‑74 Java java/unsafe-eval Injection in Java Script Engine
CWE‑74 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑74 Java java/spring-view-manipulation Spring View Manipulation
CWE‑74 Java java/server-side-template-injection Server Side Template Injection
CWE‑74 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑77 Java java/relative-path-command Executing a command with a relative path
CWE‑77 Java java/command-line-injection Uncontrolled command line
CWE‑77 Java java/command-line-injection-local Local-user-controlled command line
CWE‑77 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑77 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑77 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑78 Java java/relative-path-command Executing a command with a relative path
CWE‑78 Java java/command-line-injection Uncontrolled command line
CWE‑78 Java java/command-line-injection-local Local-user-controlled command line
CWE‑78 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑78 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑79 Java java/xss Cross-site scripting
CWE‑79 Java java/xss-local Cross-site scripting from local source
CWE‑79 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑88 Java java/relative-path-command Executing a command with a relative path
CWE‑88 Java java/command-line-injection Uncontrolled command line
CWE‑88 Java java/command-line-injection-local Local-user-controlled command line
CWE‑88 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑88 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑89 Java java/sql-injection Query built from user-controlled sources
CWE‑89 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑89 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑89 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑89 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑90 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑91 Java java/xml/xpath-injection XPath injection
CWE‑91 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑93 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑93 Java java/http-response-splitting HTTP response splitting
CWE‑93 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑94 Java java/groovy-injection Groovy Language injection
CWE‑94 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑94 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑94 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑94 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑94 Java java/beanshell-injection BeanShell injection
CWE‑94 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑94 Java java/jshell-injection JShell injection
CWE‑94 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑94 Java java/jython-injection Injection in Jython
CWE‑94 Java java/unsafe-eval Injection in Java Script Engine
CWE‑94 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑94 Java java/spring-view-manipulation Spring View Manipulation
CWE‑94 Java java/server-side-template-injection Server Side Template Injection
CWE‑95 Java java/jython-injection Injection in Jython
CWE‑113 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑113 Java java/http-response-splitting HTTP response splitting
CWE‑113 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑116 Java java/log-injection Log Injection
CWE‑117 Java java/log-injection Log Injection
CWE‑129 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑129 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑129 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑129 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑129 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑129 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑134 Java java/tainted-format-string Use of externally-controlled format string
CWE‑134 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑190 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑190 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑190 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑190 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑190 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑190 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑190 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑191 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑191 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑191 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑191 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑193 Java java/index-out-of-bounds Array index out of bounds
CWE‑197 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑197 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑197 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑197 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑197 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑200 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑200 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑200 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑200 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑200 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑200 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑200 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑200 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑200 Java java/server-directory-listing Directories and files exposure
CWE‑200 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑203 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑203 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑203 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑208 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑208 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑208 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑209 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑221 Java java/overly-general-catch Overly-general catch clause
CWE‑227 Java java/ejb/container-interference EJB interferes with container operation
CWE‑227 Java java/ejb/file-io EJB uses file input/output
CWE‑227 Java java/ejb/graphics EJB uses graphics
CWE‑227 Java java/ejb/native-code EJB uses native code
CWE‑227 Java java/ejb/reflection EJB uses reflection
CWE‑227 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑227 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑227 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑227 Java java/ejb/server-socket EJB uses server socket
CWE‑227 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑227 Java java/ejb/synchronization EJB uses synchronization
CWE‑227 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑227 Java java/ejb/threads EJB uses threads
CWE‑227 Java java/missing-call-to-super-clone Missing super clone
CWE‑227 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑227 Java java/unreleased-lock Unreleased lock
CWE‑227 Java java/missing-super-finalize Finalizer inconsistency
CWE‑227 Java java/missing-format-argument Missing format argument
CWE‑227 Java java/unused-format-argument Unused format argument
CWE‑227 Java java/empty-finalizer Empty body of finalizer
CWE‑227 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑248 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑248 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑252 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑252 Java java/return-value-ignored Method result ignored
CWE‑256 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑256 Java java/password-in-configuration Password in configuration file
CWE‑260 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑260 Java java/password-in-configuration Password in configuration file
CWE‑266 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑269 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑269 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑271 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑273 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑284 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑284 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑284 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑284 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑284 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑284 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑284 Java java/insecure-basic-auth Insecure basic authentication
CWE‑284 Java java/world-writable-file-read Reading from a world writable file
CWE‑284 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑284 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑284 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑284 Java java/hardcoded-password-field Hard-coded password field
CWE‑284 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑284 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑284 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑284 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑284 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑284 Java java/android/intent-redirection Android Intent redirection
CWE‑284 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑284 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑284 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑284 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑284 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑284 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑284 Java java/password-in-configuration Password in configuration file
CWE‑284 Java java/incorrect-url-verification Incorrect URL verification
CWE‑285 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑285 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑285 Java java/world-writable-file-read Reading from a world writable file
CWE‑285 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑285 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑285 Java java/android/intent-redirection Android Intent redirection
CWE‑285 Java java/incorrect-url-verification Incorrect URL verification
CWE‑287 Java java/insecure-basic-auth Insecure basic authentication
CWE‑287 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑287 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑287 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑287 Java java/hardcoded-password-field Hard-coded password field
CWE‑287 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑287 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑287 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑287 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑287 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑287 Java java/password-in-configuration Password in configuration file
CWE‑290 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑290 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑295 Java java/insecure-trustmanager TrustManager that accepts all certificates
CWE‑295 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑295 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑295 Java java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation
CWE‑295 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑295 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑295 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑297 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑297 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑297 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑297 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑299 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑300 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑311 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑311 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑311 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑311 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑311 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑311 Java java/non-https-url Failure to use HTTPS URLs
CWE‑311 Java java/non-ssl-connection Failure to use SSL
CWE‑311 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑311 Java java/insecure-basic-auth Insecure basic authentication
CWE‑311 Java java/insecure-cookie Failure to use secure cookies
CWE‑311 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑312 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑312 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑312 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑312 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑312 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑312 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑313 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑315 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑319 Java java/non-https-url Failure to use HTTPS URLs
CWE‑319 Java java/non-ssl-connection Failure to use SSL
CWE‑319 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑319 Java java/insecure-basic-auth Insecure basic authentication
CWE‑319 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑319 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑321 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑326 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑326 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑326 Java java/insufficient-key-size Weak encryption: Insufficient key size
CWE‑327 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑327 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑327 Java java/unsafe-tls-version Unsafe TLS version
CWE‑327 Java java/hash-without-salt Use of a hash function without a salt
CWE‑328 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑328 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑329 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑330 Java java/random-used-once Random used only once
CWE‑330 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑330 Java java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑330 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑330 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑330 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑330 Java java/hardcoded-password-field Hard-coded password field
CWE‑330 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑330 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑335 Java java/random-used-once Random used only once
CWE‑335 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑337 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑338 Java java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑344 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑344 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑344 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑344 Java java/hardcoded-password-field Hard-coded password field
CWE‑344 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑345 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑345 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑345 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑345 Java java/ip-address-spoofing IP address spoofing
CWE‑345 Java java/jsonp-injection JSONP Injection
CWE‑346 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑347 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑348 Java java/ip-address-spoofing IP address spoofing
CWE‑352 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑352 Java java/jsonp-injection JSONP Injection
CWE‑362 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑362 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑367 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑382 Java java/ejb/container-interference EJB interferes with container operation
CWE‑382 Java java/jvm-exit Forcible JVM termination
CWE‑383 Java java/ejb/threads EJB uses threads
CWE‑391 Java java/discarded-exception Discarded exception
CWE‑391 Java java/ignored-error-status-of-call Ignored error status of call
CWE‑396 Java java/overly-general-catch Overly-general catch clause
CWE‑398 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑398 Java java/dead-class Dead class
CWE‑398 Java java/dead-enum-constant Dead enum constant
CWE‑398 Java java/dead-field Dead field
CWE‑398 Java java/dead-function Dead method
CWE‑398 Java java/lines-of-dead-code Lines of dead code in files
CWE‑398 Java java/unused-parameter Useless parameter
CWE‑398 Java java/useless-null-check Useless null check
CWE‑398 Java java/useless-type-test Useless type test
CWE‑398 Java java/useless-upcast Useless upcast
CWE‑398 Java java/empty-container Container contents are never initialized
CWE‑398 Java java/unused-container Container contents are never accessed
CWE‑398 Java java/constant-comparison Useless comparison test
CWE‑398 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑398 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑398 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑398 Java java/empty-synchronized-block Empty synchronized block
CWE‑398 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑398 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑398 Java java/todo-comment TODO/FIXME comments
CWE‑398 Java java/unused-reference-type Unused classes and interfaces
CWE‑398 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑398 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑398 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑398 Java java/local-variable-is-never-read Unread local variable
CWE‑398 Java java/unused-field Unused field
CWE‑398 Java java/unused-label Unused label
CWE‑398 Java java/unused-local-variable Unused local variable
CWE‑398 Java java/switch-fall-through Unterminated switch case
CWE‑398 Java java/redundant-cast Unnecessary cast
CWE‑398 Java java/unused-import Unnecessary import
CWE‑400 Java java/input-resource-leak Potential input resource leak
CWE‑400 Java java/database-resource-leak Potential database resource leak
CWE‑400 Java java/output-resource-leak Potential output resource leak
CWE‑400 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑400 Java java/thread-resource-abuse Uncontrolled thread resource consumption from local input source
CWE‑400 Java java/thread-resource-abuse Uncontrolled thread resource consumption
CWE‑400 Java java/regex-injection Regular expression injection
CWE‑404 Java java/missing-super-finalize Finalizer inconsistency
CWE‑404 Java java/input-resource-leak Potential input resource leak
CWE‑404 Java java/database-resource-leak Potential database resource leak
CWE‑404 Java java/output-resource-leak Potential output resource leak
CWE‑404 Java java/empty-finalizer Empty body of finalizer
CWE‑404 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑405 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑409 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑413 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑420 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑421 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑441 Java java/ssrf Server-side request forgery
CWE‑457 Java java/unassigned-field Field is never assigned a non-null value
CWE‑459 Java java/missing-super-finalize Finalizer inconsistency
CWE‑459 Java java/empty-finalizer Empty body of finalizer
CWE‑470 Java java/android/fragment-injection Android fragment injection
CWE‑470 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑470 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑476 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑476 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑476 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑477 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑478 Java java/missing-default-in-switch Missing default case in switch
CWE‑478 Java java/missing-case-in-switch Missing enum case in switch
CWE‑480 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑480 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑481 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑484 Java java/switch-fall-through Unterminated switch case
CWE‑485 Java java/missing-call-to-super-clone Missing super clone
CWE‑485 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑485 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑485 Java java/abstract-to-concrete-cast Cast from abstract to concrete collection
CWE‑485 Java java/internal-representation-exposure Exposing internal representation
CWE‑485 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑485 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑485 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑489 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑489 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑489 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑494 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑497 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑499 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑502 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑502 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑502 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑502 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑502 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑522 Java java/insecure-basic-auth Insecure basic authentication
CWE‑522 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑522 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑522 Java java/password-in-configuration Password in configuration file
CWE‑532 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑538 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑538 Java java/server-directory-listing Directories and files exposure
CWE‑543 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑546 Java java/todo-comment TODO/FIXME comments
CWE‑548 Java java/server-directory-listing Directories and files exposure
CWE‑552 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑552 Java java/server-directory-listing Directories and files exposure
CWE‑555 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑555 Java java/password-in-configuration Password in configuration file
CWE‑561 Java java/dead-class Dead class
CWE‑561 Java java/dead-enum-constant Dead enum constant
CWE‑561 Java java/dead-field Dead field
CWE‑561 Java java/dead-function Dead method
CWE‑561 Java java/lines-of-dead-code Lines of dead code in files
CWE‑561 Java java/unused-parameter Useless parameter
CWE‑561 Java java/useless-null-check Useless null check
CWE‑561 Java java/useless-type-test Useless type test
CWE‑561 Java java/useless-upcast Useless upcast
CWE‑561 Java java/empty-container Container contents are never initialized
CWE‑561 Java java/unused-container Container contents are never accessed
CWE‑561 Java java/constant-comparison Useless comparison test
CWE‑561 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑561 Java java/unused-reference-type Unused classes and interfaces
CWE‑561 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑561 Java java/local-variable-is-never-read Unread local variable
CWE‑561 Java java/unused-field Unused field
CWE‑561 Java java/unused-label Unused label
CWE‑561 Java java/redundant-cast Unnecessary cast
CWE‑561 Java java/unused-import Unnecessary import
CWE‑563 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑563 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑563 Java java/unused-local-variable Unused local variable
CWE‑564 Java java/sql-injection Query built from user-controlled sources
CWE‑564 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑564 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑568 Java java/missing-super-finalize Finalizer inconsistency
CWE‑568 Java java/empty-finalizer Empty body of finalizer
CWE‑570 Java java/constant-comparison Useless comparison test
CWE‑571 Java java/constant-comparison Useless comparison test
CWE‑572 Java java/call-to-thread-run Direct call to a run() method
CWE‑573 Java java/ejb/container-interference EJB interferes with container operation
CWE‑573 Java java/ejb/file-io EJB uses file input/output
CWE‑573 Java java/ejb/graphics EJB uses graphics
CWE‑573 Java java/ejb/native-code EJB uses native code
CWE‑573 Java java/ejb/reflection EJB uses reflection
CWE‑573 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑573 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑573 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑573 Java java/ejb/server-socket EJB uses server socket
CWE‑573 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑573 Java java/ejb/synchronization EJB uses synchronization
CWE‑573 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑573 Java java/ejb/threads EJB uses threads
CWE‑573 Java java/missing-call-to-super-clone Missing super clone
CWE‑573 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑573 Java java/unreleased-lock Unreleased lock
CWE‑573 Java java/missing-super-finalize Finalizer inconsistency
CWE‑573 Java java/missing-format-argument Missing format argument
CWE‑573 Java java/unused-format-argument Unused format argument
CWE‑573 Java java/empty-finalizer Empty body of finalizer
CWE‑573 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑574 Java java/ejb/synchronization EJB uses synchronization
CWE‑575 Java java/ejb/graphics EJB uses graphics
CWE‑576 Java java/ejb/file-io EJB uses file input/output
CWE‑577 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑577 Java java/ejb/server-socket EJB uses server socket
CWE‑578 Java java/ejb/container-interference EJB interferes with container operation
CWE‑580 Java java/missing-call-to-super-clone Missing super clone
CWE‑581 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑582 Java java/static-array Array constant vulnerable to change
CWE‑584 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑585 Java java/empty-synchronized-block Empty synchronized block
CWE‑592 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑592 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑595 Java java/reference-equality-with-object Reference equality test on java.lang.Object
CWE‑595 Java java/reference-equality-of-boxed-types Reference equality test of boxed types
CWE‑595 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑597 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑598 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑600 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑601 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑601 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑601 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑609 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑609 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑609 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑610 Java java/path-injection Uncontrolled data used in path expression
CWE‑610 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑610 Java java/android/fragment-injection Android fragment injection
CWE‑610 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑610 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑610 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑610 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑610 Java java/ssrf Server-side request forgery
CWE‑610 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑610 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑610 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑610 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑611 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑611 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑611 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑614 Java java/insecure-cookie Failure to use secure cookies
CWE‑628 Java java/missing-format-argument Missing format argument
CWE‑628 Java java/unused-format-argument Unused format argument
CWE‑642 Java java/path-injection Uncontrolled data used in path expression
CWE‑642 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑643 Java java/xml/xpath-injection XPath injection
CWE‑652 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑657 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑657 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑657 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑657 Java java/hardcoded-password-field Hard-coded password field
CWE‑657 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑662 Java java/ejb/synchronization EJB uses synchronization
CWE‑662 Java java/wait-on-condition-interface Wait on condition
CWE‑662 Java java/call-to-thread-run Direct call to a run() method
CWE‑662 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑662 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑662 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑662 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑662 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑662 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑662 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑662 Java java/sleep-with-lock-held Sleep with lock held
CWE‑662 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑662 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑662 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑662 Java java/unreleased-lock Unreleased lock
CWE‑662 Java java/wait-with-two-locks Wait with two locks held
CWE‑662 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑664 Java java/ejb/synchronization EJB uses synchronization
CWE‑664 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑664 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑664 Java java/missing-call-to-super-clone Missing super clone
CWE‑664 Java java/wait-on-condition-interface Wait on condition
CWE‑664 Java java/call-to-thread-run Direct call to a run() method
CWE‑664 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑664 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑664 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑664 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑664 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑664 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑664 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑664 Java java/sleep-with-lock-held Sleep with lock held
CWE‑664 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑664 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑664 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑664 Java java/unreleased-lock Unreleased lock
CWE‑664 Java java/wait-with-two-locks Wait with two locks held
CWE‑664 Java java/missing-super-finalize Finalizer inconsistency
CWE‑664 Java java/input-resource-leak Potential input resource leak
CWE‑664 Java java/database-resource-leak Potential database resource leak
CWE‑664 Java java/output-resource-leak Potential output resource leak
CWE‑664 Java java/impossible-array-cast Impossible array cast
CWE‑664 Java java/path-injection Uncontrolled data used in path expression
CWE‑664 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑664 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑664 Java java/groovy-injection Groovy Language injection
CWE‑664 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑664 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑664 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑664 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑664 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑664 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑664 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑664 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑664 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑664 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑664 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑664 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑664 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑664 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑664 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑664 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑664 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑664 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑664 Java java/android/fragment-injection Android fragment injection
CWE‑664 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑664 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑664 Java java/insecure-basic-auth Insecure basic authentication
CWE‑664 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑664 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑664 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑664 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑664 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑664 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑664 Java java/world-writable-file-read Reading from a world writable file
CWE‑664 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑664 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑664 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑664 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑664 Java java/hardcoded-password-field Hard-coded password field
CWE‑664 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑664 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑664 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑664 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑664 Java java/ssrf Server-side request forgery
CWE‑664 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑664 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑664 Java java/android/intent-redirection Android Intent redirection
CWE‑664 Java java/empty-finalizer Empty body of finalizer
CWE‑664 Java java/unassigned-field Field is never assigned a non-null value
CWE‑664 Java java/overly-general-catch Overly-general catch clause
CWE‑664 Java java/abstract-to-concrete-cast Cast from abstract to concrete collection
CWE‑664 Java java/internal-representation-exposure Exposing internal representation
CWE‑664 Java java/static-array Array constant vulnerable to change
CWE‑664 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑664 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑664 Java java/beanshell-injection BeanShell injection
CWE‑664 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑664 Java java/jshell-injection JShell injection
CWE‑664 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑664 Java java/jython-injection Injection in Jython
CWE‑664 Java java/unsafe-eval Injection in Java Script Engine
CWE‑664 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑664 Java java/spring-view-manipulation Spring View Manipulation
CWE‑664 Java java/server-side-template-injection Server Side Template Injection
CWE‑664 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑664 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑664 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑664 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑664 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑664 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑664 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑664 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑664 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑664 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑664 Java java/thread-resource-abuse Uncontrolled thread resource consumption from local input source
CWE‑664 Java java/thread-resource-abuse Uncontrolled thread resource consumption
CWE‑664 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑664 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑664 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑664 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑664 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑664 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑664 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑664 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑664 Java java/server-directory-listing Directories and files exposure
CWE‑664 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑664 Java java/password-in-configuration Password in configuration file
CWE‑664 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑664 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑664 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑664 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑664 Java java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment
CWE‑664 Java java/regex-injection Regular expression injection
CWE‑664 Java java/incorrect-url-verification Incorrect URL verification
CWE‑665 Java java/unassigned-field Field is never assigned a non-null value
CWE‑665 Java java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment
CWE‑667 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑667 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑667 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑667 Java java/sleep-with-lock-held Sleep with lock held
CWE‑667 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑667 Java java/unreleased-lock Unreleased lock
CWE‑667 Java java/wait-with-two-locks Wait with two locks held
CWE‑667 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑668 Java java/path-injection Uncontrolled data used in path expression
CWE‑668 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑668 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑668 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑668 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑668 Java java/insecure-basic-auth Insecure basic authentication
CWE‑668 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑668 Java java/world-writable-file-read Reading from a world writable file
CWE‑668 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑668 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑668 Java java/static-array Array constant vulnerable to change
CWE‑668 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑668 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑668 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑668 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑668 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑668 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑668 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑668 Java java/server-directory-listing Directories and files exposure
CWE‑668 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑668 Java java/password-in-configuration Password in configuration file
CWE‑668 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑669 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑669 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑670 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑670 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑670 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑670 Java java/switch-fall-through Unterminated switch case
CWE‑671 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑671 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑671 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑671 Java java/hardcoded-password-field Hard-coded password field
CWE‑671 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑674 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑675 Java java/unreleased-lock Unreleased lock
CWE‑676 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑681 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑681 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑681 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑681 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑681 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑682 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑682 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑682 Java java/index-out-of-bounds Array index out of bounds
CWE‑682 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑682 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑682 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑682 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑682 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑685 Java java/missing-format-argument Missing format argument
CWE‑685 Java java/unused-format-argument Unused format argument
CWE‑691 Java java/ejb/container-interference EJB interferes with container operation
CWE‑691 Java java/ejb/synchronization EJB uses synchronization
CWE‑691 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑691 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑691 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑691 Java java/wait-on-condition-interface Wait on condition
CWE‑691 Java java/call-to-thread-run Direct call to a run() method
CWE‑691 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑691 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑691 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑691 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑691 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑691 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑691 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑691 Java java/sleep-with-lock-held Sleep with lock held
CWE‑691 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑691 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑691 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑691 Java java/unreleased-lock Unreleased lock
CWE‑691 Java java/wait-with-two-locks Wait with two locks held
CWE‑691 Java java/non-short-circuit-evaluation Dangerous non-short-circuit logic
CWE‑691 Java java/constant-loop-condition Constant loop condition
CWE‑691 Java java/groovy-injection Groovy Language injection
CWE‑691 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑691 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑691 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑691 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑691 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑691 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑691 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑691 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑691 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑691 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑691 Java java/switch-fall-through Unterminated switch case
CWE‑691 Java java/overly-general-catch Overly-general catch clause
CWE‑691 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑691 Java java/jvm-exit Forcible JVM termination
CWE‑691 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑691 Java java/beanshell-injection BeanShell injection
CWE‑691 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑691 Java java/jshell-injection JShell injection
CWE‑691 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑691 Java java/jython-injection Injection in Jython
CWE‑691 Java java/unsafe-eval Injection in Java Script Engine
CWE‑691 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑691 Java java/spring-view-manipulation Spring View Manipulation
CWE‑691 Java java/server-side-template-injection Server Side Template Injection
CWE‑691 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑693 Java java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑693 Java java/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑693 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑693 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑693 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑693 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑693 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑693 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑693 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑693 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑693 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑693 Java java/insecure-trustmanager TrustManager that accepts all certificates
CWE‑693 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑693 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑693 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑693 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑693 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑693 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑693 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑693 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑693 Java java/non-https-url Failure to use HTTPS URLs
CWE‑693 Java java/non-ssl-connection Failure to use SSL
CWE‑693 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑693 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑693 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑693 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑693 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑693 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑693 Java java/insecure-basic-auth Insecure basic authentication
CWE‑693 Java java/insecure-cookie Failure to use secure cookies
CWE‑693 Java java/world-writable-file-read Reading from a world writable file
CWE‑693 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑693 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑693 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑693 Java java/hardcoded-password-field Hard-coded password field
CWE‑693 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑693 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑693 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑693 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑693 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑693 Java java/android/intent-redirection Android Intent redirection
CWE‑693 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑693 Java java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation
CWE‑693 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑693 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑693 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑693 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑693 Java java/insufficient-key-size Weak encryption: Insufficient key size
CWE‑693 Java java/unsafe-tls-version Unsafe TLS version
CWE‑693 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑693 Java java/ip-address-spoofing IP address spoofing
CWE‑693 Java java/jsonp-injection JSONP Injection
CWE‑693 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑693 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑693 Java java/password-in-configuration Password in configuration file
CWE‑693 Java java/hash-without-salt Use of a hash function without a salt
CWE‑693 Java java/incorrect-url-verification Incorrect URL verification
CWE‑695 Java java/ejb/file-io EJB uses file input/output
CWE‑695 Java java/ejb/graphics EJB uses graphics
CWE‑695 Java java/ejb/synchronization EJB uses synchronization
CWE‑695 Java java/ejb/threads EJB uses threads
CWE‑697 Java java/missing-default-in-switch Missing default case in switch
CWE‑697 Java java/reference-equality-with-object Reference equality test on java.lang.Object
CWE‑697 Java java/reference-equality-of-boxed-types Reference equality test of boxed types
CWE‑697 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑697 Java java/missing-case-in-switch Missing enum case in switch
CWE‑703 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑703 Java java/return-value-ignored Method result ignored
CWE‑703 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑703 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑703 Java java/discarded-exception Discarded exception
CWE‑703 Java java/overly-general-catch Overly-general catch clause
CWE‑703 Java java/ignored-error-status-of-call Ignored error status of call
CWE‑703 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑703 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑703 Java java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException
CWE‑704 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑704 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑704 Java java/impossible-array-cast Impossible array cast
CWE‑704 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑704 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑704 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑705 Java java/ejb/container-interference EJB interferes with container operation
CWE‑705 Java java/overly-general-catch Overly-general catch clause
CWE‑705 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑705 Java java/jvm-exit Forcible JVM termination
CWE‑705 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑705 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑706 Java java/path-injection Uncontrolled data used in path expression
CWE‑706 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑706 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑706 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑706 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑707 Java java/jndi-injection JNDI lookup with user-controlled name
CWE‑707 Java java/xslt-injection XSLT transformation with user-controlled stylesheet
CWE‑707 Java java/relative-path-command Executing a command with a relative path
CWE‑707 Java java/command-line-injection Uncontrolled command line
CWE‑707 Java java/command-line-injection-local Local-user-controlled command line
CWE‑707 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑707 Java java/xss Cross-site scripting
CWE‑707 Java java/xss-local Cross-site scripting from local source
CWE‑707 Java java/sql-injection Query built from user-controlled sources
CWE‑707 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑707 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑707 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑707 Java java/groovy-injection Groovy Language injection
CWE‑707 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑707 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑707 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑707 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑707 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑707 Java java/http-response-splitting HTTP response splitting
CWE‑707 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑707 Java java/log-injection Log Injection
CWE‑707 Java java/tainted-format-string Use of externally-controlled format string
CWE‑707 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑707 Java java/xml/xpath-injection XPath injection
CWE‑707 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑707 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑707 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑707 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑707 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑707 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑707 Java java/beanshell-injection BeanShell injection
CWE‑707 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑707 Java java/jshell-injection JShell injection
CWE‑707 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑707 Java java/jython-injection Injection in Jython
CWE‑707 Java java/unsafe-eval Injection in Java Script Engine
CWE‑707 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑707 Java java/spring-view-manipulation Spring View Manipulation
CWE‑707 Java java/server-side-template-injection Server Side Template Injection
CWE‑707 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑710 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑710 Java java/dead-class Dead class
CWE‑710 Java java/dead-enum-constant Dead enum constant
CWE‑710 Java java/dead-field Dead field
CWE‑710 Java java/dead-function Dead method
CWE‑710 Java java/lines-of-dead-code Lines of dead code in files
CWE‑710 Java java/unused-parameter Useless parameter
CWE‑710 Java java/ejb/container-interference EJB interferes with container operation
CWE‑710 Java java/ejb/file-io EJB uses file input/output
CWE‑710 Java java/ejb/graphics EJB uses graphics
CWE‑710 Java java/ejb/native-code EJB uses native code
CWE‑710 Java java/ejb/reflection EJB uses reflection
CWE‑710 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑710 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑710 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑710 Java java/ejb/server-socket EJB uses server socket
CWE‑710 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑710 Java java/ejb/synchronization EJB uses synchronization
CWE‑710 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑710 Java java/ejb/threads EJB uses threads
CWE‑710 Java java/useless-null-check Useless null check
CWE‑710 Java java/useless-type-test Useless type test
CWE‑710 Java java/useless-upcast Useless upcast
CWE‑710 Java java/missing-call-to-super-clone Missing super clone
CWE‑710 Java java/empty-container Container contents are never initialized
CWE‑710 Java java/unused-container Container contents are never accessed
CWE‑710 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑710 Java java/constant-comparison Useless comparison test
CWE‑710 Java java/unreleased-lock Unreleased lock
CWE‑710 Java java/missing-super-finalize Finalizer inconsistency
CWE‑710 Java java/missing-format-argument Missing format argument
CWE‑710 Java java/unused-format-argument Unused format argument
CWE‑710 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑710 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑710 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑710 Java java/empty-synchronized-block Empty synchronized block
CWE‑710 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑710 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑710 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑710 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑710 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑710 Java java/hardcoded-password-field Hard-coded password field
CWE‑710 Java java/todo-comment TODO/FIXME comments
CWE‑710 Java java/unused-reference-type Unused classes and interfaces
CWE‑710 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑710 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑710 Java java/empty-finalizer Empty body of finalizer
CWE‑710 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑710 Java java/local-variable-is-never-read Unread local variable
CWE‑710 Java java/unused-field Unused field
CWE‑710 Java java/unused-label Unused label
CWE‑710 Java java/unused-local-variable Unused local variable
CWE‑710 Java java/switch-fall-through Unterminated switch case
CWE‑710 Java java/redundant-cast Unnecessary cast
CWE‑710 Java java/unused-import Unnecessary import
CWE‑710 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑710 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑732 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑732 Java java/world-writable-file-read Reading from a world writable file
CWE‑749 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑754 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑754 Java java/return-value-ignored Method result ignored
CWE‑754 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑755 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑755 Java java/overly-general-catch Overly-general catch clause
CWE‑755 Java java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException
CWE‑759 Java java/hash-without-salt Use of a hash function without a salt
CWE‑764 Java java/unreleased-lock Unreleased lock
CWE‑772 Java java/input-resource-leak Potential input resource leak
CWE‑772 Java java/database-resource-leak Potential database resource leak
CWE‑772 Java java/output-resource-leak Potential output resource leak
CWE‑776 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑783 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑798 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑798 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑798 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑798 Java java/hardcoded-password-field Hard-coded password field
CWE‑798 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑807 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑807 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑820 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑820 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑821 Java java/ejb/synchronization EJB uses synchronization
CWE‑821 Java java/call-to-thread-run Direct call to a run() method
CWE‑827 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑829 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑829 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑833 Java java/sleep-with-lock-held Sleep with lock held
CWE‑833 Java java/unreleased-lock Unreleased lock
CWE‑833 Java java/wait-with-two-locks Wait with two locks held
CWE‑833 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑834 Java java/constant-loop-condition Constant loop condition
CWE‑834 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑834 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑835 Java java/constant-loop-condition Constant loop condition
CWE‑835 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑862 Java java/incorrect-url-verification Incorrect URL verification
CWE‑913 Java java/groovy-injection Groovy Language injection
CWE‑913 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑913 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑913 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑913 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑913 Java java/android/fragment-injection Android fragment injection
CWE‑913 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑913 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑913 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑913 Java java/beanshell-injection BeanShell injection
CWE‑913 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑913 Java java/jshell-injection JShell injection
CWE‑913 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑913 Java java/jython-injection Injection in Jython
CWE‑913 Java java/unsafe-eval Injection in Java Script Engine
CWE‑913 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑913 Java java/spring-view-manipulation Spring View Manipulation
CWE‑913 Java java/server-side-template-injection Server Side Template Injection
CWE‑913 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑913 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑913 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑913 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑916 Java java/hash-without-salt Use of a hash function without a salt
CWE‑917 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑918 Java java/ssrf Server-side request forgery
CWE‑922 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑922 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑922 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑922 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑922 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑922 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑923 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑923 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑923 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑923 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑923 Java java/android/intent-redirection Android Intent redirection
CWE‑923 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑923 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑926 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑926 Java java/android/intent-redirection Android Intent redirection
CWE‑927 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑927 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑939 Java java/incorrect-url-verification Incorrect URL verification
CWE‑940 Java java/android/intent-redirection Android Intent redirection
CWE‑943 Java java/sql-injection Query built from user-controlled sources
CWE‑943 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑943 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑943 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑943 Java java/xml/xpath-injection XPath injection
CWE‑943 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑943 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑943 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑1004 Java java/tomcat-disabled-httponly Tomcat config disables 'HttpOnly' flag (XSS risk)
CWE‑1004 Java java/sensitive-cookie-not-httponly Sensitive cookies without the HttpOnly response header set
CWE‑1104 Java java/maven/dependency-upon-bintray Depending upon JCenter/Bintray as an artifact repository
CWE‑1204 Java java/static-initialization-vector Using a static initialization vector for encryption
  • © GitHub, Inc.
  • Terms
  • Privacy