CodeQL documentation
CodeQL resources

CWE coverage for Java

An overview of CWE coverage for Java in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE‑20 Java java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑20 Java java/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑20 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑20 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑20 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑20 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑20 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑20 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑20 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑22 Java java/path-injection Uncontrolled data used in path expression
CWE‑22 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑22 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑22 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑23 Java java/path-injection Uncontrolled data used in path expression
CWE‑23 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑36 Java java/path-injection Uncontrolled data used in path expression
CWE‑36 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑36 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑73 Java java/path-injection Uncontrolled data used in path expression
CWE‑73 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑74 Java java/jndi-injection JNDI lookup with user-controlled name
CWE‑74 Java java/xslt-injection XSLT transformation with user-controlled stylesheet
CWE‑74 Java java/relative-path-command Executing a command with a relative path
CWE‑74 Java java/command-line-injection Uncontrolled command line
CWE‑74 Java java/command-line-injection-local Local-user-controlled command line
CWE‑74 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑74 Java java/xss Cross-site scripting
CWE‑74 Java java/xss-local Cross-site scripting from local source
CWE‑74 Java java/sql-injection Query built from user-controlled sources
CWE‑74 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑74 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑74 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑74 Java java/groovy-injection Groovy Language injection
CWE‑74 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑74 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑74 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑74 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑74 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑74 Java java/http-response-splitting HTTP response splitting
CWE‑74 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑74 Java java/tainted-format-string Use of externally-controlled format string
CWE‑74 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑74 Java java/xml/xpath-injection XPath injection
CWE‑74 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑74 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑74 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑74 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑74 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑74 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑74 Java java/beanshell-injection BeanShell injection
CWE‑74 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑74 Java java/jshell-injection JShell injection
CWE‑74 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑74 Java java/jython-injection Injection in Jython
CWE‑74 Java java/unsafe-eval Injection in Java Script Engine
CWE‑74 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑74 Java java/spring-view-manipulation Spring View Manipulation
CWE‑74 Java java/server-side-template-injection Server Side Template Injection
CWE‑74 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑77 Java java/relative-path-command Executing a command with a relative path
CWE‑77 Java java/command-line-injection Uncontrolled command line
CWE‑77 Java java/command-line-injection-local Local-user-controlled command line
CWE‑77 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑77 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑77 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑78 Java java/relative-path-command Executing a command with a relative path
CWE‑78 Java java/command-line-injection Uncontrolled command line
CWE‑78 Java java/command-line-injection-local Local-user-controlled command line
CWE‑78 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑78 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑79 Java java/xss Cross-site scripting
CWE‑79 Java java/xss-local Cross-site scripting from local source
CWE‑79 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑88 Java java/relative-path-command Executing a command with a relative path
CWE‑88 Java java/command-line-injection Uncontrolled command line
CWE‑88 Java java/command-line-injection-local Local-user-controlled command line
CWE‑88 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑88 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑89 Java java/sql-injection Query built from user-controlled sources
CWE‑89 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑89 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑89 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑89 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑90 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑91 Java java/xml/xpath-injection XPath injection
CWE‑91 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑93 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑93 Java java/http-response-splitting HTTP response splitting
CWE‑93 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑94 Java java/groovy-injection Groovy Language injection
CWE‑94 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑94 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑94 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑94 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑94 Java java/beanshell-injection BeanShell injection
CWE‑94 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑94 Java java/jshell-injection JShell injection
CWE‑94 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑94 Java java/jython-injection Injection in Jython
CWE‑94 Java java/unsafe-eval Injection in Java Script Engine
CWE‑94 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑94 Java java/spring-view-manipulation Spring View Manipulation
CWE‑94 Java java/server-side-template-injection Server Side Template Injection
CWE‑95 Java java/jython-injection Injection in Jython
CWE‑113 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑113 Java java/http-response-splitting HTTP response splitting
CWE‑113 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑116 Java java/log-injection Log Injection
CWE‑117 Java java/log-injection Log Injection
CWE‑129 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑129 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑129 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑129 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑129 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑129 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑134 Java java/tainted-format-string Use of externally-controlled format string
CWE‑134 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑190 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑190 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑190 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑190 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑190 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑190 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑190 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑191 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑191 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑191 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑191 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑193 Java java/index-out-of-bounds Array index out of bounds
CWE‑197 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑197 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑197 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑197 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑197 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑200 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑200 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑200 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑200 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑200 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑200 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑200 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑200 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑200 Java java/server-directory-listing Directories and files exposure
CWE‑200 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑203 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑203 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑203 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑208 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑208 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑208 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑209 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑221 Java java/overly-general-catch Overly-general catch clause
CWE‑227 Java java/ejb/container-interference EJB interferes with container operation
CWE‑227 Java java/ejb/file-io EJB uses file input/output
CWE‑227 Java java/ejb/graphics EJB uses graphics
CWE‑227 Java java/ejb/native-code EJB uses native code
CWE‑227 Java java/ejb/reflection EJB uses reflection
CWE‑227 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑227 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑227 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑227 Java java/ejb/server-socket EJB uses server socket
CWE‑227 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑227 Java java/ejb/synchronization EJB uses synchronization
CWE‑227 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑227 Java java/ejb/threads EJB uses threads
CWE‑227 Java java/missing-call-to-super-clone Missing super clone
CWE‑227 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑227 Java java/unreleased-lock Unreleased lock
CWE‑227 Java java/missing-super-finalize Finalizer inconsistency
CWE‑227 Java java/missing-format-argument Missing format argument
CWE‑227 Java java/unused-format-argument Unused format argument
CWE‑227 Java java/empty-finalizer Empty body of finalizer
CWE‑227 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑248 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑248 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑252 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑252 Java java/return-value-ignored Method result ignored
CWE‑256 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑256 Java java/password-in-configuration Password in configuration file
CWE‑260 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑260 Java java/password-in-configuration Password in configuration file
CWE‑266 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑269 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑269 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑271 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑273 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑284 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑284 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑284 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑284 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑284 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑284 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑284 Java java/insecure-basic-auth Insecure basic authentication
CWE‑284 Java java/world-writable-file-read Reading from a world writable file
CWE‑284 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑284 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑284 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑284 Java java/hardcoded-password-field Hard-coded password field
CWE‑284 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑284 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑284 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑284 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑284 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑284 Java java/android/intent-redirection Android Intent redirection
CWE‑284 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑284 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑284 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑284 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑284 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑284 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑284 Java java/password-in-configuration Password in configuration file
CWE‑284 Java java/incorrect-url-verification Incorrect URL verification
CWE‑285 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑285 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑285 Java java/world-writable-file-read Reading from a world writable file
CWE‑285 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑285 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑285 Java java/android/intent-redirection Android Intent redirection
CWE‑285 Java java/incorrect-url-verification Incorrect URL verification
CWE‑287 Java java/insecure-basic-auth Insecure basic authentication
CWE‑287 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑287 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑287 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑287 Java java/hardcoded-password-field Hard-coded password field
CWE‑287 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑287 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑287 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑287 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑287 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑287 Java java/password-in-configuration Password in configuration file
CWE‑290 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑290 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑295 Java java/insecure-trustmanager TrustManager that accepts all certificates
CWE‑295 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑295 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑295 Java java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation
CWE‑295 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑295 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑295 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑297 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑297 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑297 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑297 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑299 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑300 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑311 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑311 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑311 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑311 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑311 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑311 Java java/non-https-url Failure to use HTTPS URLs
CWE‑311 Java java/non-ssl-connection Failure to use SSL
CWE‑311 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑311 Java java/insecure-basic-auth Insecure basic authentication
CWE‑311 Java java/insecure-cookie Failure to use secure cookies
CWE‑311 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑312 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑312 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑312 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑312 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑312 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑312 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑313 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑315 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑319 Java java/non-https-url Failure to use HTTPS URLs
CWE‑319 Java java/non-ssl-connection Failure to use SSL
CWE‑319 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑319 Java java/insecure-basic-auth Insecure basic authentication
CWE‑319 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑319 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑321 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑326 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑326 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑326 Java java/insufficient-key-size Weak encryption: Insufficient key size
CWE‑327 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑327 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑327 Java java/unsafe-tls-version Unsafe TLS version
CWE‑327 Java java/hash-without-salt Use of a hash function without a salt
CWE‑328 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑328 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑329 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑330 Java java/random-used-once Random used only once
CWE‑330 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑330 Java java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑330 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑330 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑330 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑330 Java java/hardcoded-password-field Hard-coded password field
CWE‑330 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑330 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑335 Java java/random-used-once Random used only once
CWE‑335 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑337 Java java/predictable-seed Use of a predictable seed in a secure random number generator
CWE‑338 Java java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑344 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑344 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑344 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑344 Java java/hardcoded-password-field Hard-coded password field
CWE‑344 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑345 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑345 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑345 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑345 Java java/ip-address-spoofing IP address spoofing
CWE‑345 Java java/jsonp-injection JSONP Injection
CWE‑346 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑347 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑348 Java java/ip-address-spoofing IP address spoofing
CWE‑352 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑352 Java java/jsonp-injection JSONP Injection
CWE‑362 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑362 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑367 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑382 Java java/ejb/container-interference EJB interferes with container operation
CWE‑382 Java java/jvm-exit Forcible JVM termination
CWE‑383 Java java/ejb/threads EJB uses threads
CWE‑391 Java java/discarded-exception Discarded exception
CWE‑391 Java java/ignored-error-status-of-call Ignored error status of call
CWE‑396 Java java/overly-general-catch Overly-general catch clause
CWE‑398 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑398 Java java/dead-class Dead class
CWE‑398 Java java/dead-enum-constant Dead enum constant
CWE‑398 Java java/dead-field Dead field
CWE‑398 Java java/dead-function Dead method
CWE‑398 Java java/lines-of-dead-code Lines of dead code in files
CWE‑398 Java java/unused-parameter Useless parameter
CWE‑398 Java java/useless-null-check Useless null check
CWE‑398 Java java/useless-type-test Useless type test
CWE‑398 Java java/useless-upcast Useless upcast
CWE‑398 Java java/empty-container Container contents are never initialized
CWE‑398 Java java/unused-container Container contents are never accessed
CWE‑398 Java java/constant-comparison Useless comparison test
CWE‑398 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑398 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑398 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑398 Java java/empty-synchronized-block Empty synchronized block
CWE‑398 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑398 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑398 Java java/todo-comment TODO/FIXME comments
CWE‑398 Java java/unused-reference-type Unused classes and interfaces
CWE‑398 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑398 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑398 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑398 Java java/local-variable-is-never-read Unread local variable
CWE‑398 Java java/unused-field Unused field
CWE‑398 Java java/unused-label Unused label
CWE‑398 Java java/unused-local-variable Unused local variable
CWE‑398 Java java/switch-fall-through Unterminated switch case
CWE‑398 Java java/redundant-cast Unnecessary cast
CWE‑398 Java java/unused-import Unnecessary import
CWE‑400 Java java/input-resource-leak Potential input resource leak
CWE‑400 Java java/database-resource-leak Potential database resource leak
CWE‑400 Java java/output-resource-leak Potential output resource leak
CWE‑400 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑400 Java java/thread-resource-abuse Uncontrolled thread resource consumption from local input source
CWE‑400 Java java/thread-resource-abuse Uncontrolled thread resource consumption
CWE‑400 Java java/regex-injection Regular expression injection
CWE‑404 Java java/missing-super-finalize Finalizer inconsistency
CWE‑404 Java java/input-resource-leak Potential input resource leak
CWE‑404 Java java/database-resource-leak Potential database resource leak
CWE‑404 Java java/output-resource-leak Potential output resource leak
CWE‑404 Java java/empty-finalizer Empty body of finalizer
CWE‑404 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑405 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑409 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑413 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑420 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑421 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑441 Java java/ssrf Server-side request forgery
CWE‑457 Java java/unassigned-field Field is never assigned a non-null value
CWE‑459 Java java/missing-super-finalize Finalizer inconsistency
CWE‑459 Java java/empty-finalizer Empty body of finalizer
CWE‑470 Java java/android/fragment-injection Android fragment injection
CWE‑470 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑470 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑476 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑476 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑476 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑477 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑478 Java java/missing-default-in-switch Missing default case in switch
CWE‑478 Java java/missing-case-in-switch Missing enum case in switch
CWE‑480 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑480 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑481 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑484 Java java/switch-fall-through Unterminated switch case
CWE‑485 Java java/missing-call-to-super-clone Missing super clone
CWE‑485 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑485 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑485 Java java/abstract-to-concrete-cast Cast from abstract to concrete collection
CWE‑485 Java java/internal-representation-exposure Exposing internal representation
CWE‑485 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑485 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑485 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑489 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑489 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑489 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑494 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑497 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑499 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑502 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑502 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑502 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑502 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑502 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑522 Java java/insecure-basic-auth Insecure basic authentication
CWE‑522 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑522 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑522 Java java/password-in-configuration Password in configuration file
CWE‑532 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑538 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑538 Java java/server-directory-listing Directories and files exposure
CWE‑543 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑546 Java java/todo-comment TODO/FIXME comments
CWE‑548 Java java/server-directory-listing Directories and files exposure
CWE‑552 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑552 Java java/server-directory-listing Directories and files exposure
CWE‑555 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑555 Java java/password-in-configuration Password in configuration file
CWE‑561 Java java/dead-class Dead class
CWE‑561 Java java/dead-enum-constant Dead enum constant
CWE‑561 Java java/dead-field Dead field
CWE‑561 Java java/dead-function Dead method
CWE‑561 Java java/lines-of-dead-code Lines of dead code in files
CWE‑561 Java java/unused-parameter Useless parameter
CWE‑561 Java java/useless-null-check Useless null check
CWE‑561 Java java/useless-type-test Useless type test
CWE‑561 Java java/useless-upcast Useless upcast
CWE‑561 Java java/empty-container Container contents are never initialized
CWE‑561 Java java/unused-container Container contents are never accessed
CWE‑561 Java java/constant-comparison Useless comparison test
CWE‑561 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑561 Java java/unused-reference-type Unused classes and interfaces
CWE‑561 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑561 Java java/local-variable-is-never-read Unread local variable
CWE‑561 Java java/unused-field Unused field
CWE‑561 Java java/unused-label Unused label
CWE‑561 Java java/redundant-cast Unnecessary cast
CWE‑561 Java java/unused-import Unnecessary import
CWE‑563 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑563 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑563 Java java/unused-local-variable Unused local variable
CWE‑564 Java java/sql-injection Query built from user-controlled sources
CWE‑564 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑564 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑568 Java java/missing-super-finalize Finalizer inconsistency
CWE‑568 Java java/empty-finalizer Empty body of finalizer
CWE‑570 Java java/constant-comparison Useless comparison test
CWE‑571 Java java/constant-comparison Useless comparison test
CWE‑572 Java java/call-to-thread-run Direct call to a run() method
CWE‑573 Java java/ejb/container-interference EJB interferes with container operation
CWE‑573 Java java/ejb/file-io EJB uses file input/output
CWE‑573 Java java/ejb/graphics EJB uses graphics
CWE‑573 Java java/ejb/native-code EJB uses native code
CWE‑573 Java java/ejb/reflection EJB uses reflection
CWE‑573 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑573 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑573 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑573 Java java/ejb/server-socket EJB uses server socket
CWE‑573 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑573 Java java/ejb/synchronization EJB uses synchronization
CWE‑573 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑573 Java java/ejb/threads EJB uses threads
CWE‑573 Java java/missing-call-to-super-clone Missing super clone
CWE‑573 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑573 Java java/unreleased-lock Unreleased lock
CWE‑573 Java java/missing-super-finalize Finalizer inconsistency
CWE‑573 Java java/missing-format-argument Missing format argument
CWE‑573 Java java/unused-format-argument Unused format argument
CWE‑573 Java java/empty-finalizer Empty body of finalizer
CWE‑573 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑574 Java java/ejb/synchronization EJB uses synchronization
CWE‑575 Java java/ejb/graphics EJB uses graphics
CWE‑576 Java java/ejb/file-io EJB uses file input/output
CWE‑577 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑577 Java java/ejb/server-socket EJB uses server socket
CWE‑578 Java java/ejb/container-interference EJB interferes with container operation
CWE‑580 Java java/missing-call-to-super-clone Missing super clone
CWE‑581 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑582 Java java/static-array Array constant vulnerable to change
CWE‑584 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑585 Java java/empty-synchronized-block Empty synchronized block
CWE‑592 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑592 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑595 Java java/reference-equality-with-object Reference equality test on java.lang.Object
CWE‑595 Java java/reference-equality-of-boxed-types Reference equality test of boxed types
CWE‑595 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑597 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑598 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑600 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑601 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑601 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑601 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑609 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑609 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑609 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑610 Java java/path-injection Uncontrolled data used in path expression
CWE‑610 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑610 Java java/android/fragment-injection Android fragment injection
CWE‑610 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑610 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑610 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑610 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑610 Java java/ssrf Server-side request forgery
CWE‑610 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑610 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑610 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑610 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑611 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑611 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑611 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑614 Java java/insecure-cookie Failure to use secure cookies
CWE‑628 Java java/missing-format-argument Missing format argument
CWE‑628 Java java/unused-format-argument Unused format argument
CWE‑642 Java java/path-injection Uncontrolled data used in path expression
CWE‑642 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑643 Java java/xml/xpath-injection XPath injection
CWE‑652 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑657 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑657 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑657 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑657 Java java/hardcoded-password-field Hard-coded password field
CWE‑657 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑662 Java java/ejb/synchronization EJB uses synchronization
CWE‑662 Java java/wait-on-condition-interface Wait on condition
CWE‑662 Java java/call-to-thread-run Direct call to a run() method
CWE‑662 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑662 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑662 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑662 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑662 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑662 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑662 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑662 Java java/sleep-with-lock-held Sleep with lock held
CWE‑662 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑662 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑662 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑662 Java java/unreleased-lock Unreleased lock
CWE‑662 Java java/wait-with-two-locks Wait with two locks held
CWE‑662 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑664 Java java/ejb/synchronization EJB uses synchronization
CWE‑664 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑664 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑664 Java java/missing-call-to-super-clone Missing super clone
CWE‑664 Java java/wait-on-condition-interface Wait on condition
CWE‑664 Java java/call-to-thread-run Direct call to a run() method
CWE‑664 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑664 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑664 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑664 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑664 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑664 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑664 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑664 Java java/sleep-with-lock-held Sleep with lock held
CWE‑664 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑664 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑664 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑664 Java java/unreleased-lock Unreleased lock
CWE‑664 Java java/wait-with-two-locks Wait with two locks held
CWE‑664 Java java/missing-super-finalize Finalizer inconsistency
CWE‑664 Java java/input-resource-leak Potential input resource leak
CWE‑664 Java java/database-resource-leak Potential database resource leak
CWE‑664 Java java/output-resource-leak Potential output resource leak
CWE‑664 Java java/impossible-array-cast Impossible array cast
CWE‑664 Java java/path-injection Uncontrolled data used in path expression
CWE‑664 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑664 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑664 Java java/groovy-injection Groovy Language injection
CWE‑664 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑664 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑664 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑664 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑664 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑664 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑664 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑664 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑664 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑664 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑664 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑664 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑664 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑664 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑664 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑664 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑664 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑664 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑664 Java java/android/fragment-injection Android fragment injection
CWE‑664 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑664 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑664 Java java/insecure-basic-auth Insecure basic authentication
CWE‑664 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑664 Java java/unvalidated-url-redirection URL redirection from remote source
CWE‑664 Java java/unvalidated-url-redirection-local URL redirection from local source
CWE‑664 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑664 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑664 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑664 Java java/world-writable-file-read Reading from a world writable file
CWE‑664 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑664 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑664 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑664 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑664 Java java/hardcoded-password-field Hard-coded password field
CWE‑664 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑664 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑664 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑664 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑664 Java java/ssrf Server-side request forgery
CWE‑664 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑664 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑664 Java java/android/intent-redirection Android Intent redirection
CWE‑664 Java java/empty-finalizer Empty body of finalizer
CWE‑664 Java java/unassigned-field Field is never assigned a non-null value
CWE‑664 Java java/overly-general-catch Overly-general catch clause
CWE‑664 Java java/abstract-to-concrete-cast Cast from abstract to concrete collection
CWE‑664 Java java/internal-representation-exposure Exposing internal representation
CWE‑664 Java java/static-array Array constant vulnerable to change
CWE‑664 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑664 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑664 Java java/beanshell-injection BeanShell injection
CWE‑664 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑664 Java java/jshell-injection JShell injection
CWE‑664 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑664 Java java/jython-injection Injection in Jython
CWE‑664 Java java/unsafe-eval Injection in Java Script Engine
CWE‑664 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑664 Java java/spring-view-manipulation Spring View Manipulation
CWE‑664 Java java/server-side-template-injection Server Side Template Injection
CWE‑664 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑664 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑664 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑664 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑664 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑664 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑664 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑664 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑664 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑664 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑664 Java java/thread-resource-abuse Uncontrolled thread resource consumption from local input source
CWE‑664 Java java/thread-resource-abuse Uncontrolled thread resource consumption
CWE‑664 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑664 Java java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean
CWE‑664 Java java/main-method-in-web-components Main Method in Java EE Web Components
CWE‑664 Java java/struts-development-mode Apache Struts development mode enabled
CWE‑664 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑664 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑664 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑664 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑664 Java java/server-directory-listing Directories and files exposure
CWE‑664 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑664 Java java/password-in-configuration Password in configuration file
CWE‑664 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑664 Java java/spring-unvalidated-url-redirection Spring url redirection from remote source
CWE‑664 Java java/xxe-with-experimental-sinks Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑664 Java java/xxe-local-experimental-sinks Resolving XML external entity from a local source (experimental sinks)
CWE‑664 Java java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment
CWE‑664 Java java/regex-injection Regular expression injection
CWE‑664 Java java/incorrect-url-verification Incorrect URL verification
CWE‑665 Java java/unassigned-field Field is never assigned a non-null value
CWE‑665 Java java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment
CWE‑667 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑667 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑667 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑667 Java java/sleep-with-lock-held Sleep with lock held
CWE‑667 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑667 Java java/unreleased-lock Unreleased lock
CWE‑667 Java java/wait-with-two-locks Wait with two locks held
CWE‑667 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑668 Java java/path-injection Uncontrolled data used in path expression
CWE‑668 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑668 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑668 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑668 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑668 Java java/insecure-basic-auth Insecure basic authentication
CWE‑668 Java java/sensitive-log Insertion of sensitive information into log files
CWE‑668 Java java/world-writable-file-read Reading from a world writable file
CWE‑668 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑668 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑668 Java java/static-array Array constant vulnerable to change
CWE‑668 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑668 Java java/insecure-webview-resource-response Insecure Android WebView Resource Response
CWE‑668 Java java/sensitive-android-file-leak Leaking sensitive Android file
CWE‑668 Java java/possible-timing-attack-against-signature Possible timing attack against signature validation
CWE‑668 Java java/timing-attack-against-headers-value Timing attack against header value
CWE‑668 Java java/timing-attack-against-signature Timing attack against signature validation
CWE‑668 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑668 Java java/server-directory-listing Directories and files exposure
CWE‑668 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑668 Java java/password-in-configuration Password in configuration file
CWE‑668 Java java/sensitive-query-with-get Sensitive GET Query
CWE‑669 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑669 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑670 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑670 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑670 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑670 Java java/switch-fall-through Unterminated switch case
CWE‑671 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑671 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑671 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑671 Java java/hardcoded-password-field Hard-coded password field
CWE‑671 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑674 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑675 Java java/unreleased-lock Unreleased lock
CWE‑676 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑681 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑681 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑681 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑681 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑681 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑682 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑682 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑682 Java java/index-out-of-bounds Array index out of bounds
CWE‑682 Java java/tainted-arithmetic User-controlled data in arithmetic expression
CWE‑682 Java java/tainted-arithmetic-local Local-user-controlled data in arithmetic expression
CWE‑682 Java java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression
CWE‑682 Java java/extreme-value-arithmetic Use of extreme values in arithmetic expression
CWE‑682 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑685 Java java/missing-format-argument Missing format argument
CWE‑685 Java java/unused-format-argument Unused format argument
CWE‑691 Java java/ejb/container-interference EJB interferes with container operation
CWE‑691 Java java/ejb/synchronization EJB uses synchronization
CWE‑691 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑691 Java java/assignment-in-boolean-expression Assignment in Boolean expression
CWE‑691 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑691 Java java/wait-on-condition-interface Wait on condition
CWE‑691 Java java/call-to-thread-run Direct call to a run() method
CWE‑691 Java java/unsafe-double-checked-locking Double-checked locking is not thread-safe
CWE‑691 Java java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization
CWE‑691 Java java/unsafe-sync-on-field Futile synchronization on field
CWE‑691 Java java/inconsistent-field-synchronization Inconsistent synchronization for field
CWE‑691 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑691 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑691 Java java/notify-instead-of-notify-all notify instead of notifyAll
CWE‑691 Java java/sleep-with-lock-held Sleep with lock held
CWE‑691 Java java/sync-on-boxed-types Synchronization on boxed types or strings
CWE‑691 Java java/unsynchronized-getter Inconsistent synchronization of getter and setter
CWE‑691 Java java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject()
CWE‑691 Java java/unreleased-lock Unreleased lock
CWE‑691 Java java/wait-with-two-locks Wait with two locks held
CWE‑691 Java java/non-short-circuit-evaluation Dangerous non-short-circuit logic
CWE‑691 Java java/constant-loop-condition Constant loop condition
CWE‑691 Java java/groovy-injection Groovy Language injection
CWE‑691 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑691 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑691 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑691 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑691 Java java/toctou-race-condition Time-of-check time-of-use race condition
CWE‑691 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑691 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑691 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑691 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑691 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑691 Java java/switch-fall-through Unterminated switch case
CWE‑691 Java java/overly-general-catch Overly-general catch clause
CWE‑691 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑691 Java java/jvm-exit Forcible JVM termination
CWE‑691 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑691 Java java/beanshell-injection BeanShell injection
CWE‑691 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑691 Java java/jshell-injection JShell injection
CWE‑691 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑691 Java java/jython-injection Injection in Jython
CWE‑691 Java java/unsafe-eval Injection in Java Script Engine
CWE‑691 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑691 Java java/spring-view-manipulation Spring View Manipulation
CWE‑691 Java java/server-side-template-injection Server Side Template Injection
CWE‑691 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑693 Java java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑693 Java java/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑693 Java java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction
CWE‑693 Java java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction
CWE‑693 Java java/improper-validation-of-array-construction-local Improper validation of local user-provided size used for array construction
CWE‑693 Java java/improper-validation-of-array-index Improper validation of user-provided array index
CWE‑693 Java java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index
CWE‑693 Java java/improper-validation-of-array-index-local Improper validation of local user-provided array index
CWE‑693 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑693 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑693 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑693 Java java/insecure-trustmanager TrustManager that accepts all certificates
CWE‑693 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑693 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑693 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑693 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑693 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑693 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑693 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑693 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑693 Java java/non-https-url Failure to use HTTPS URLs
CWE‑693 Java java/non-ssl-connection Failure to use SSL
CWE‑693 Java java/non-ssl-socket-factory Failure to use SSL socket factories
CWE‑693 Java java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm
CWE‑693 Java java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm
CWE‑693 Java java/missing-jwt-signature-check Missing JWT signature check
CWE‑693 Java java/spring-disabled-csrf-protection Disabled Spring CSRF protection
CWE‑693 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑693 Java java/insecure-basic-auth Insecure basic authentication
CWE‑693 Java java/insecure-cookie Failure to use secure cookies
CWE‑693 Java java/world-writable-file-read Reading from a world writable file
CWE‑693 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑693 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑693 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑693 Java java/hardcoded-password-field Hard-coded password field
CWE‑693 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑693 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑693 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑693 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑693 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑693 Java java/android/intent-redirection Android Intent redirection
CWE‑693 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑693 Java java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation
CWE‑693 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑693 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑693 Java java/disabled-certificate-revocation-checking Disabled ceritificate revocation checking
CWE‑693 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑693 Java java/insufficient-key-size Weak encryption: Insufficient key size
CWE‑693 Java java/unsafe-tls-version Unsafe TLS version
CWE‑693 Java java/unvalidated-cors-origin-set CORS is derived from untrusted input
CWE‑693 Java java/ip-address-spoofing IP address spoofing
CWE‑693 Java java/jsonp-injection JSONP Injection
CWE‑693 Java java/insecure-ldap-auth Insecure LDAP authentication
CWE‑693 Java java/credentials-in-properties Cleartext Credentials in Properties File
CWE‑693 Java java/password-in-configuration Password in configuration file
CWE‑693 Java java/hash-without-salt Use of a hash function without a salt
CWE‑693 Java java/incorrect-url-verification Incorrect URL verification
CWE‑695 Java java/ejb/file-io EJB uses file input/output
CWE‑695 Java java/ejb/graphics EJB uses graphics
CWE‑695 Java java/ejb/synchronization EJB uses synchronization
CWE‑695 Java java/ejb/threads EJB uses threads
CWE‑697 Java java/missing-default-in-switch Missing default case in switch
CWE‑697 Java java/reference-equality-with-object Reference equality test on java.lang.Object
CWE‑697 Java java/reference-equality-of-boxed-types Reference equality test of boxed types
CWE‑697 Java java/reference-equality-on-strings Reference equality test on strings
CWE‑697 Java java/missing-case-in-switch Missing enum case in switch
CWE‑703 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑703 Java java/return-value-ignored Method result ignored
CWE‑703 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑703 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑703 Java java/discarded-exception Discarded exception
CWE‑703 Java java/overly-general-catch Overly-general catch clause
CWE‑703 Java java/ignored-error-status-of-call Ignored error status of call
CWE‑703 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑703 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑703 Java java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException
CWE‑704 Java java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment
CWE‑704 Java java/integer-multiplication-cast-to-long Result of multiplication cast to wider type
CWE‑704 Java java/impossible-array-cast Impossible array cast
CWE‑704 Java java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition
CWE‑704 Java java/tainted-numeric-cast User-controlled data in numeric cast
CWE‑704 Java java/tainted-numeric-cast-local Local-user-controlled data in numeric cast
CWE‑705 Java java/ejb/container-interference EJB interferes with container operation
CWE‑705 Java java/overly-general-catch Overly-general catch clause
CWE‑705 Java java/uncaught-number-format-exception Missing catch of NumberFormatException
CWE‑705 Java java/jvm-exit Forcible JVM termination
CWE‑705 Java java/abnormal-finally-completion Finally block may not complete normally
CWE‑705 Java java/uncaught-servlet-exception Uncaught Servlet Exception
CWE‑706 Java java/path-injection Uncontrolled data used in path expression
CWE‑706 Java java/path-injection-local Local-user-controlled data in path expression
CWE‑706 Java java/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑706 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑706 Java java/openstream-called-on-tainted-url openStream called on URLs created from remote source
CWE‑707 Java java/jndi-injection JNDI lookup with user-controlled name
CWE‑707 Java java/xslt-injection XSLT transformation with user-controlled stylesheet
CWE‑707 Java java/relative-path-command Executing a command with a relative path
CWE‑707 Java java/command-line-injection Uncontrolled command line
CWE‑707 Java java/command-line-injection-local Local-user-controlled command line
CWE‑707 Java java/concatenated-command-line Building a command line with string concatenation
CWE‑707 Java java/xss Cross-site scripting
CWE‑707 Java java/xss-local Cross-site scripting from local source
CWE‑707 Java java/sql-injection Query built from user-controlled sources
CWE‑707 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑707 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑707 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑707 Java java/groovy-injection Groovy Language injection
CWE‑707 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑707 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑707 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑707 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑707 Java java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation
CWE‑707 Java java/http-response-splitting HTTP response splitting
CWE‑707 Java java/http-response-splitting-local HTTP response splitting from local source
CWE‑707 Java java/log-injection Log Injection
CWE‑707 Java java/tainted-format-string Use of externally-controlled format string
CWE‑707 Java java/tainted-format-string-local Use of externally-controlled format string from local source
CWE‑707 Java java/xml/xpath-injection XPath injection
CWE‑707 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑707 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑707 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑707 Java java/command-line-injection-experimental Uncontrolled command line (experimental sinks)
CWE‑707 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑707 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑707 Java java/beanshell-injection BeanShell injection
CWE‑707 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑707 Java java/jshell-injection JShell injection
CWE‑707 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑707 Java java/jython-injection Injection in Jython
CWE‑707 Java java/unsafe-eval Injection in Java Script Engine
CWE‑707 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑707 Java java/spring-view-manipulation Spring View Manipulation
CWE‑707 Java java/server-side-template-injection Server Side Template Injection
CWE‑707 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑710 Java java/deprecated-call Deprecated method or constructor invocation
CWE‑710 Java java/dead-class Dead class
CWE‑710 Java java/dead-enum-constant Dead enum constant
CWE‑710 Java java/dead-field Dead field
CWE‑710 Java java/dead-function Dead method
CWE‑710 Java java/lines-of-dead-code Lines of dead code in files
CWE‑710 Java java/unused-parameter Useless parameter
CWE‑710 Java java/ejb/container-interference EJB interferes with container operation
CWE‑710 Java java/ejb/file-io EJB uses file input/output
CWE‑710 Java java/ejb/graphics EJB uses graphics
CWE‑710 Java java/ejb/native-code EJB uses native code
CWE‑710 Java java/ejb/reflection EJB uses reflection
CWE‑710 Java java/ejb/security-configuration-access EJB accesses security configuration
CWE‑710 Java java/ejb/substitution-in-serialization EJB uses substitution in serialization
CWE‑710 Java java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory
CWE‑710 Java java/ejb/server-socket EJB uses server socket
CWE‑710 Java java/ejb/non-final-static-field EJB uses non-final static field
CWE‑710 Java java/ejb/synchronization EJB uses synchronization
CWE‑710 Java java/ejb/this EJB uses 'this' as argument or result
CWE‑710 Java java/ejb/threads EJB uses threads
CWE‑710 Java java/useless-null-check Useless null check
CWE‑710 Java java/useless-type-test Useless type test
CWE‑710 Java java/useless-upcast Useless upcast
CWE‑710 Java java/missing-call-to-super-clone Missing super clone
CWE‑710 Java java/empty-container Container contents are never initialized
CWE‑710 Java java/unused-container Container contents are never accessed
CWE‑710 Java java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode
CWE‑710 Java java/constant-comparison Useless comparison test
CWE‑710 Java java/unreleased-lock Unreleased lock
CWE‑710 Java java/missing-super-finalize Finalizer inconsistency
CWE‑710 Java java/missing-format-argument Missing format argument
CWE‑710 Java java/unused-format-argument Unused format argument
CWE‑710 Java java/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑710 Java java/dereferenced-expr-may-be-null Dereferenced expression may be null
CWE‑710 Java java/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑710 Java java/empty-synchronized-block Empty synchronized block
CWE‑710 Java java/unreachable-catch-clause Unreachable catch clause
CWE‑710 Java java/potentially-dangerous-function Use of a potentially dangerous function
CWE‑710 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑710 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑710 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑710 Java java/hardcoded-password-field Hard-coded password field
CWE‑710 Java java/todo-comment TODO/FIXME comments
CWE‑710 Java java/unused-reference-type Unused classes and interfaces
CWE‑710 Java java/overwritten-assignment-to-local Assigned value is overwritten
CWE‑710 Java java/useless-assignment-to-local Useless assignment to local variable
CWE‑710 Java java/empty-finalizer Empty body of finalizer
CWE‑710 Java java/unused-initialized-local Local variable is initialized but not used
CWE‑710 Java java/local-variable-is-never-read Unread local variable
CWE‑710 Java java/unused-field Unused field
CWE‑710 Java java/unused-label Unused label
CWE‑710 Java java/unused-local-variable Unused local variable
CWE‑710 Java java/switch-fall-through Unterminated switch case
CWE‑710 Java java/redundant-cast Unnecessary cast
CWE‑710 Java java/unused-import Unnecessary import
CWE‑710 Java java/static-initialization-vector Using a static initialization vector for encryption
CWE‑710 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑732 Java java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory
CWE‑732 Java java/world-writable-file-read Reading from a world writable file
CWE‑749 Java java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView
CWE‑754 Java java/inconsistent-call-on-result Inconsistent operation on return value
CWE‑754 Java java/return-value-ignored Method result ignored
CWE‑754 Java java/unsafe-cert-trust Unsafe certificate trust
CWE‑755 Java java/stack-trace-exposure Information exposure through a stack trace
CWE‑755 Java java/overly-general-catch Overly-general catch clause
CWE‑755 Java java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException
CWE‑759 Java java/hash-without-salt Use of a hash function without a salt
CWE‑764 Java java/unreleased-lock Unreleased lock
CWE‑772 Java java/input-resource-leak Potential input resource leak
CWE‑772 Java java/database-resource-leak Potential database resource leak
CWE‑772 Java java/output-resource-leak Potential output resource leak
CWE‑776 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑783 Java java/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE‑798 Java java/hardcoded-credential-api-call Hard-coded credential in API call
CWE‑798 Java java/hardcoded-credential-comparison Hard-coded credential comparison
CWE‑798 Java java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call
CWE‑798 Java java/hardcoded-password-field Hard-coded password field
CWE‑798 Java java/hardcoded-jwt-key Use of a hardcoded key for signing JWT
CWE‑807 Java java/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑807 Java java/tainted-permissions-check User-controlled data used in permissions check
CWE‑820 Java java/lazy-initialization Incorrect lazy initialization of a static field
CWE‑820 Java java/non-sync-override Non-synchronized override of synchronized method
CWE‑821 Java java/ejb/synchronization EJB uses synchronization
CWE‑821 Java java/call-to-thread-run Direct call to a run() method
CWE‑827 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑829 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑829 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑833 Java java/sleep-with-lock-held Sleep with lock held
CWE‑833 Java java/unreleased-lock Unreleased lock
CWE‑833 Java java/wait-with-two-locks Wait with two locks held
CWE‑833 Java java/lock-order-inconsistency Lock order inconsistency
CWE‑834 Java java/constant-loop-condition Constant loop condition
CWE‑834 Java java/xxe Resolving XML external entity in user-controlled data
CWE‑834 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑835 Java java/constant-loop-condition Constant loop condition
CWE‑835 Java java/unreachable-exit-in-loop Loop with unreachable exit condition
CWE‑862 Java java/incorrect-url-verification Incorrect URL verification
CWE‑913 Java java/groovy-injection Groovy Language injection
CWE‑913 Java java/insecure-bean-validation Insecure Bean Validation
CWE‑913 Java java/jexl-expression-injection Expression language injection (JEXL)
CWE‑913 Java java/mvel-expression-injection Expression language injection (MVEL)
CWE‑913 Java java/spel-expression-injection Expression language injection (Spring)
CWE‑913 Java java/android/fragment-injection Android fragment injection
CWE‑913 Java java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity
CWE‑913 Java java/unsafe-deserialization Deserialization of user-controlled data
CWE‑913 Java java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑913 Java java/beanshell-injection BeanShell injection
CWE‑913 Java java/android-insecure-dex-loading Insecure loading of an Android Dex File
CWE‑913 Java java/jshell-injection JShell injection
CWE‑913 Java java/javaee-expression-injection Jakarta Expression Language injection
CWE‑913 Java java/jython-injection Injection in Jython
CWE‑913 Java java/unsafe-eval Injection in Java Script Engine
CWE‑913 Java java/spring-view-manipulation-implicit Spring Implicit View Manipulation
CWE‑913 Java java/spring-view-manipulation Spring View Manipulation
CWE‑913 Java java/server-side-template-injection Server Side Template Injection
CWE‑913 Java java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑913 Java java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method.
CWE‑913 Java java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters.
CWE‑913 Java java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters.
CWE‑916 Java java/hash-without-salt Use of a hash function without a salt
CWE‑917 Java java/ognl-injection OGNL Expression Language statement with user-controlled input
CWE‑918 Java java/ssrf Server-side request forgery
CWE‑922 Java java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android
CWE‑922 Java java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem
CWE‑922 Java java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class
CWE‑922 Java java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie
CWE‑922 Java java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class
CWE‑922 Java java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑923 Java java/insecure-smtp-ssl Insecure JavaMail SSL Configuration
CWE‑923 Java java/unsafe-hostname-verification Unsafe hostname verification
CWE‑923 Java java/socket-auth-race-condition Race condition in socket authentication
CWE‑923 Java java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑923 Java java/android/intent-redirection Android Intent redirection
CWE‑923 Java java/ignored-hostname-verification Ignored result of hostname verification
CWE‑923 Java java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration
CWE‑926 Java java/android/intent-uri-permission-manipulation Intent URI permission manipulation
CWE‑926 Java java/android/intent-redirection Android Intent redirection
CWE‑927 Java java/android/implicit-pendingintents Use of implicit PendingIntents
CWE‑927 Java java/android/sensitive-communication Leaking sensitive information through an implicit Intent
CWE‑939 Java java/incorrect-url-verification Incorrect URL verification
CWE‑940 Java java/android/intent-redirection Android Intent redirection
CWE‑943 Java java/sql-injection Query built from user-controlled sources
CWE‑943 Java java/sql-injection-local Query built from local-user-controlled sources
CWE‑943 Java java/concatenated-sql-query Query built without neutralizing special characters
CWE‑943 Java java/ldap-injection LDAP query built from user-controlled sources
CWE‑943 Java java/xml/xpath-injection XPath injection
CWE‑943 Java java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation
CWE‑943 Java java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML
CWE‑943 Java java/xquery-injection XQuery query built from user-controlled sources
CWE‑1004 Java java/tomcat-disabled-httponly Tomcat config disables 'HttpOnly' flag (XSS risk)
CWE‑1004 Java java/sensitive-cookie-not-httponly Sensitive cookies without the HttpOnly response header set
CWE‑1104 Java java/maven/dependency-upon-bintray Depending upon JCenter/Bintray as an artifact repository
CWE‑1204 Java java/static-initialization-vector Using a static initialization vector for encryption
  • © GitHub, Inc.
  • Terms
  • Privacy