CodeQL documentation

CWE coverage for Python

An overview of CWE coverage for Python in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE‑20 Python py/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑20 Python py/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑20 Python py/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE‑20 Python py/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE‑20 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑22 Python py/path-injection Uncontrolled data used in path expression
CWE‑22 Python py/tarslip Arbitrary file write during tarfile extraction
CWE‑22 Python py/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑23 Python py/path-injection Uncontrolled data used in path expression
CWE‑36 Python py/path-injection Uncontrolled data used in path expression
CWE‑73 Python py/path-injection Uncontrolled data used in path expression
CWE‑74 Python py/path-injection Uncontrolled data used in path expression
CWE‑74 Python py/command-line-injection Uncontrolled command line
CWE‑74 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False
CWE‑74 Python py/reflective-xss Reflected server-side cross-site scripting
CWE‑74 Python py/sql-injection SQL query built from user-controlled sources
CWE‑74 Python py/ldap-injection LDAP query built from user-controlled sources
CWE‑74 Python py/code-injection Code injection
CWE‑74 Python py/xpath-injection XPath query built from user-controlled sources
CWE‑74 Python py/template-injection Server Side Template Injection
CWE‑74 Python py/xslt-injection XSLT query built from user-controlled sources
CWE‑74 Python py/header-injection HTTP Header Injection
CWE‑74 Python py/nosql-injection NoSQL Injection
CWE‑77 Python py/command-line-injection Uncontrolled command line
CWE‑78 Python py/command-line-injection Uncontrolled command line
CWE‑79 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False
CWE‑79 Python py/reflective-xss Reflected server-side cross-site scripting
CWE‑79 Python py/header-injection HTTP Header Injection
CWE‑88 Python py/command-line-injection Uncontrolled command line
CWE‑89 Python py/sql-injection SQL query built from user-controlled sources
CWE‑90 Python py/ldap-injection LDAP query built from user-controlled sources
CWE‑91 Python py/xpath-injection XPath query built from user-controlled sources
CWE‑91 Python py/xslt-injection XSLT query built from user-controlled sources
CWE‑93 Python py/header-injection HTTP Header Injection
CWE‑94 Python py/code-injection Code injection
CWE‑95 Python py/code-injection Code injection
CWE‑99 Python py/path-injection Uncontrolled data used in path expression
CWE‑113 Python py/header-injection HTTP Header Injection
CWE‑116 Python py/reflective-xss Reflected server-side cross-site scripting
CWE‑116 Python py/code-injection Code injection
CWE‑116 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑116 Python py/log-injection Log Injection
CWE‑117 Python py/log-injection Log Injection
CWE‑185 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑186 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑200 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces
CWE‑200 Python py/stack-trace-exposure Information exposure through an exception
CWE‑200 Python py/flask-debug Flask app is run in debug mode
CWE‑200 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑200 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑209 Python py/stack-trace-exposure Information exposure through an exception
CWE‑215 Python py/flask-debug Flask app is run in debug mode
CWE‑221 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑227 Python py/equals-hash-mismatch Inconsistent equality and hashing
CWE‑227 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation
CWE‑227 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation
CWE‑227 Python py/super-not-enclosing-class First argument to super() is not enclosing class
CWE‑227 Python py/call/wrong-named-argument Wrong name for an argument in a call
CWE‑227 Python py/percent-format/wrong-arguments Wrong number of arguments for format
CWE‑227 Python py/call/wrong-arguments Wrong number of arguments in a call
CWE‑252 Python py/ignored-return-value Ignored return value
CWE‑259 Python py/hardcoded-credentials Hard-coded credentials
CWE‑284 Python py/overly-permissive-file Overly permissive file permissions
CWE‑284 Python py/hardcoded-credentials Hard-coded credentials
CWE‑284 Python py/pam-auth-bypass Authorization bypass due to incorrect usage of PAM
CWE‑284 Python py/improper-ldap-auth Improper LDAP Authentication
CWE‑284 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑285 Python py/overly-permissive-file Overly permissive file permissions
CWE‑285 Python py/pam-auth-bypass Authorization bypass due to incorrect usage of PAM
CWE‑287 Python py/hardcoded-credentials Hard-coded credentials
CWE‑287 Python py/improper-ldap-auth Improper LDAP Authentication
CWE‑287 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑295 Python py/paramiko-missing-host-key-validation Accepting unknown SSH host keys when using Paramiko
CWE‑295 Python py/request-without-cert-validation Request without certificate validation
CWE‑311 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑311 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑311 Python py/cookie-injection Construction of a cookie using user-supplied input.
CWE‑311 Python py/insecure-cookie Failure to use secure cookies
CWE‑312 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑312 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑315 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑321 Python py/hardcoded-credentials Hard-coded credentials
CWE‑326 Python py/weak-crypto-key Use of weak cryptographic key
CWE‑326 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data
CWE‑327 Python py/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE‑327 Python py/insecure-default-protocol Default version of SSL/TLS may be insecure
CWE‑327 Python py/insecure-protocol Use of insecure SSL/TLS version
CWE‑327 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data
CWE‑328 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data
CWE‑330 Python py/hardcoded-credentials Hard-coded credentials
CWE‑330 Python py/insecure-randomness Insecure randomness
CWE‑338 Python py/insecure-randomness Insecure randomness
CWE‑344 Python py/hardcoded-credentials Hard-coded credentials
CWE‑345 Python py/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑345 Python py/jwt-missing-verification JWT missing secret or public key verification
CWE‑345 Python py/ip-address-spoofing IP address spoofing
CWE‑347 Python py/jwt-missing-verification JWT missing secret or public key verification
CWE‑348 Python py/ip-address-spoofing IP address spoofing
CWE‑352 Python py/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑359 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑359 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑377 Python py/insecure-temporary-file Insecure temporary file
CWE‑390 Python py/empty-except Empty except
CWE‑396 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑398 Python py/unreachable-except Unreachable 'except' block
CWE‑398 Python py/comparison-of-constants Comparison of constants
CWE‑398 Python py/comparison-of-identical-expressions Comparison of identical values
CWE‑398 Python py/comparison-missing-self Maybe missing 'self' in comparison
CWE‑398 Python py/redundant-comparison Redundant comparison
CWE‑398 Python py/duplicate-key-dict-literal Duplicate key in dict literal
CWE‑398 Python py/import-deprecated-module Import of deprecated module
CWE‑398 Python py/constant-conditional-expression Constant in conditional expression or statement
CWE‑398 Python py/redundant-assignment Redundant assignment
CWE‑398 Python py/ineffectual-statement Statement has no effect
CWE‑398 Python py/unreachable-statement Unreachable code
CWE‑398 Python py/multiple-definition Variable defined multiple times
CWE‑398 Python py/unused-local-variable Unused local variable
CWE‑398 Python py/unused-global-variable Unused global variable
CWE‑400 Python py/file-not-closed File is not always closed
CWE‑400 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑400 Python py/redos Inefficient regular expression
CWE‑400 Python py/regex-injection Regular expression injection
CWE‑400 Python py/xml-bomb XML internal entity expansion
CWE‑404 Python py/file-not-closed File is not always closed
CWE‑405 Python py/xml-bomb XML internal entity expansion
CWE‑405 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑409 Python py/xml-bomb XML internal entity expansion
CWE‑409 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑441 Python py/full-ssrf Full server-side request forgery
CWE‑441 Python py/partial-ssrf Partial server-side request forgery
CWE‑477 Python py/import-deprecated-module Import of deprecated module
CWE‑485 Python py/flask-debug Flask app is run in debug mode
CWE‑489 Python py/flask-debug Flask app is run in debug mode
CWE‑497 Python py/stack-trace-exposure Information exposure through an exception
CWE‑502 Python py/unsafe-deserialization Deserializing untrusted input
CWE‑522 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑523 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑532 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑538 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑552 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑561 Python py/unreachable-except Unreachable 'except' block
CWE‑561 Python py/comparison-of-constants Comparison of constants
CWE‑561 Python py/comparison-of-identical-expressions Comparison of identical values
CWE‑561 Python py/comparison-missing-self Maybe missing 'self' in comparison
CWE‑561 Python py/redundant-comparison Redundant comparison
CWE‑561 Python py/duplicate-key-dict-literal Duplicate key in dict literal
CWE‑561 Python py/constant-conditional-expression Constant in conditional expression or statement
CWE‑561 Python py/ineffectual-statement Statement has no effect
CWE‑561 Python py/unreachable-statement Unreachable code
CWE‑563 Python py/redundant-assignment Redundant assignment
CWE‑563 Python py/multiple-definition Variable defined multiple times
CWE‑563 Python py/unused-local-variable Unused local variable
CWE‑563 Python py/unused-global-variable Unused global variable
CWE‑570 Python py/comparison-of-constants Comparison of constants
CWE‑570 Python py/comparison-of-identical-expressions Comparison of identical values
CWE‑570 Python py/comparison-missing-self Maybe missing 'self' in comparison
CWE‑570 Python py/redundant-comparison Redundant comparison
CWE‑570 Python py/constant-conditional-expression Constant in conditional expression or statement
CWE‑571 Python py/comparison-of-constants Comparison of constants
CWE‑571 Python py/comparison-of-identical-expressions Comparison of identical values
CWE‑571 Python py/comparison-missing-self Maybe missing 'self' in comparison
CWE‑571 Python py/redundant-comparison Redundant comparison
CWE‑571 Python py/constant-conditional-expression Constant in conditional expression or statement
CWE‑573 Python py/equals-hash-mismatch Inconsistent equality and hashing
CWE‑573 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation
CWE‑573 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation
CWE‑573 Python py/super-not-enclosing-class First argument to super() is not enclosing class
CWE‑573 Python py/call/wrong-named-argument Wrong name for an argument in a call
CWE‑573 Python py/percent-format/wrong-arguments Wrong number of arguments for format
CWE‑573 Python py/call/wrong-arguments Wrong number of arguments in a call
CWE‑581 Python py/equals-hash-mismatch Inconsistent equality and hashing
CWE‑584 Python py/exit-from-finally 'break' or 'return' statement in finally
CWE‑601 Python py/url-redirection URL redirection from remote source
CWE‑610 Python py/path-injection Uncontrolled data used in path expression
CWE‑610 Python py/url-redirection URL redirection from remote source
CWE‑610 Python py/xxe XML external entity expansion
CWE‑610 Python py/full-ssrf Full server-side request forgery
CWE‑610 Python py/partial-ssrf Partial server-side request forgery
CWE‑611 Python py/xxe XML external entity expansion
CWE‑614 Python py/cookie-injection Construction of a cookie using user-supplied input.
CWE‑614 Python py/insecure-cookie Failure to use secure cookies
CWE‑628 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation
CWE‑628 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation
CWE‑628 Python py/super-not-enclosing-class First argument to super() is not enclosing class
CWE‑628 Python py/call/wrong-named-argument Wrong name for an argument in a call
CWE‑628 Python py/percent-format/wrong-arguments Wrong number of arguments for format
CWE‑628 Python py/call/wrong-arguments Wrong number of arguments in a call
CWE‑642 Python py/path-injection Uncontrolled data used in path expression
CWE‑643 Python py/xpath-injection XPath query built from user-controlled sources
CWE‑643 Python py/xslt-injection XSLT query built from user-controlled sources
CWE‑657 Python py/hardcoded-credentials Hard-coded credentials
CWE‑664 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑664 Python py/implicit-string-concatenation-in-list Implicit string concatenation in a list
CWE‑664 Python py/file-not-closed File is not always closed
CWE‑664 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces
CWE‑664 Python py/path-injection Uncontrolled data used in path expression
CWE‑664 Python py/tarslip Arbitrary file write during tarfile extraction
CWE‑664 Python py/code-injection Code injection
CWE‑664 Python py/stack-trace-exposure Information exposure through an exception
CWE‑664 Python py/flask-debug Flask app is run in debug mode
CWE‑664 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑664 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑664 Python py/insecure-temporary-file Insecure temporary file
CWE‑664 Python py/unsafe-deserialization Deserializing untrusted input
CWE‑664 Python py/url-redirection URL redirection from remote source
CWE‑664 Python py/xxe XML external entity expansion
CWE‑664 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑664 Python py/redos Inefficient regular expression
CWE‑664 Python py/regex-injection Regular expression injection
CWE‑664 Python py/overly-permissive-file Overly permissive file permissions
CWE‑664 Python py/xml-bomb XML internal entity expansion
CWE‑664 Python py/hardcoded-credentials Hard-coded credentials
CWE‑664 Python py/full-ssrf Full server-side request forgery
CWE‑664 Python py/partial-ssrf Partial server-side request forgery
CWE‑664 Python py/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑664 Python py/pam-auth-bypass Authorization bypass due to incorrect usage of PAM
CWE‑664 Python py/improper-ldap-auth Improper LDAP Authentication
CWE‑664 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑664 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑665 Python py/implicit-string-concatenation-in-list Implicit string concatenation in a list
CWE‑668 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces
CWE‑668 Python py/path-injection Uncontrolled data used in path expression
CWE‑668 Python py/tarslip Arbitrary file write during tarfile extraction
CWE‑668 Python py/stack-trace-exposure Information exposure through an exception
CWE‑668 Python py/flask-debug Flask app is run in debug mode
CWE‑668 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑668 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑668 Python py/insecure-temporary-file Insecure temporary file
CWE‑668 Python py/overly-permissive-file Overly permissive file permissions
CWE‑668 Python py/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑668 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑669 Python py/xxe XML external entity expansion
CWE‑670 Python py/asserts-tuple Asserting a tuple
CWE‑671 Python py/hardcoded-credentials Hard-coded credentials
CWE‑674 Python py/xml-bomb XML internal entity expansion
CWE‑674 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑685 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation
CWE‑685 Python py/percent-format/wrong-arguments Wrong number of arguments for format
CWE‑685 Python py/call/wrong-arguments Wrong number of arguments in a call
CWE‑687 Python py/super-not-enclosing-class First argument to super() is not enclosing class
CWE‑691 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑691 Python py/code-injection Code injection
CWE‑691 Python py/xml-bomb XML internal entity expansion
CWE‑691 Python py/asserts-tuple Asserting a tuple
CWE‑691 Python py/exit-from-finally 'break' or 'return' statement in finally
CWE‑691 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑693 Python py/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑693 Python py/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑693 Python py/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE‑693 Python py/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE‑693 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑693 Python py/paramiko-missing-host-key-validation Accepting unknown SSH host keys when using Paramiko
CWE‑693 Python py/request-without-cert-validation Request without certificate validation
CWE‑693 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑693 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑693 Python py/weak-crypto-key Use of weak cryptographic key
CWE‑693 Python py/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE‑693 Python py/insecure-default-protocol Default version of SSL/TLS may be insecure
CWE‑693 Python py/insecure-protocol Use of insecure SSL/TLS version
CWE‑693 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data
CWE‑693 Python py/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑693 Python py/overly-permissive-file Overly permissive file permissions
CWE‑693 Python py/hardcoded-credentials Hard-coded credentials
CWE‑693 Python py/pam-auth-bypass Authorization bypass due to incorrect usage of PAM
CWE‑693 Python py/improper-ldap-auth Improper LDAP Authentication
CWE‑693 Python py/jwt-missing-verification JWT missing secret or public key verification
CWE‑693 Python py/ip-address-spoofing IP address spoofing
CWE‑693 Python py/insecure-ldap-auth Python Insecure LDAP Authentication
CWE‑693 Python py/cookie-injection Construction of a cookie using user-supplied input.
CWE‑693 Python py/insecure-cookie Failure to use secure cookies
CWE‑697 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑703 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑703 Python py/empty-except Empty except
CWE‑703 Python py/ignored-return-value Ignored return value
CWE‑703 Python py/stack-trace-exposure Information exposure through an exception
CWE‑705 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑705 Python py/exit-from-finally 'break' or 'return' statement in finally
CWE‑706 Python py/path-injection Uncontrolled data used in path expression
CWE‑706 Python py/tarslip Arbitrary file write during tarfile extraction
CWE‑706 Python py/xxe XML external entity expansion
CWE‑706 Python py/zipslip Arbitrary file write during archive extraction ("Zip Slip")
CWE‑707 Python py/path-injection Uncontrolled data used in path expression
CWE‑707 Python py/command-line-injection Uncontrolled command line
CWE‑707 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False
CWE‑707 Python py/reflective-xss Reflected server-side cross-site scripting
CWE‑707 Python py/sql-injection SQL query built from user-controlled sources
CWE‑707 Python py/ldap-injection LDAP query built from user-controlled sources
CWE‑707 Python py/code-injection Code injection
CWE‑707 Python py/bad-tag-filter Bad HTML filtering regexp
CWE‑707 Python py/log-injection Log Injection
CWE‑707 Python py/xpath-injection XPath query built from user-controlled sources
CWE‑707 Python py/template-injection Server Side Template Injection
CWE‑707 Python py/xslt-injection XSLT query built from user-controlled sources
CWE‑707 Python py/header-injection HTTP Header Injection
CWE‑707 Python py/nosql-injection NoSQL Injection
CWE‑710 Python py/equals-hash-mismatch Inconsistent equality and hashing
CWE‑710 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation
CWE‑710 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation
CWE‑710 Python py/unreachable-except Unreachable 'except' block
CWE‑710 Python py/super-not-enclosing-class First argument to super() is not enclosing class
CWE‑710 Python py/comparison-of-constants Comparison of constants
CWE‑710 Python py/comparison-of-identical-expressions Comparison of identical values
CWE‑710 Python py/comparison-missing-self Maybe missing 'self' in comparison
CWE‑710 Python py/redundant-comparison Redundant comparison
CWE‑710 Python py/duplicate-key-dict-literal Duplicate key in dict literal
CWE‑710 Python py/call/wrong-named-argument Wrong name for an argument in a call
CWE‑710 Python py/percent-format/wrong-arguments Wrong number of arguments for format
CWE‑710 Python py/call/wrong-arguments Wrong number of arguments in a call
CWE‑710 Python py/import-deprecated-module Import of deprecated module
CWE‑710 Python py/hardcoded-credentials Hard-coded credentials
CWE‑710 Python py/constant-conditional-expression Constant in conditional expression or statement
CWE‑710 Python py/redundant-assignment Redundant assignment
CWE‑710 Python py/ineffectual-statement Statement has no effect
CWE‑710 Python py/unreachable-statement Unreachable code
CWE‑710 Python py/multiple-definition Variable defined multiple times
CWE‑710 Python py/unused-local-variable Unused local variable
CWE‑710 Python py/unused-global-variable Unused global variable
CWE‑732 Python py/overly-permissive-file Overly permissive file permissions
CWE‑754 Python py/ignored-return-value Ignored return value
CWE‑755 Python py/catch-base-exception Except block handles 'BaseException'
CWE‑755 Python py/empty-except Empty except
CWE‑755 Python py/stack-trace-exposure Information exposure through an exception
CWE‑772 Python py/file-not-closed File is not always closed
CWE‑776 Python py/xml-bomb XML internal entity expansion
CWE‑776 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑798 Python py/hardcoded-credentials Hard-coded credentials
CWE‑827 Python py/xxe XML external entity expansion
CWE‑829 Python py/xxe XML external entity expansion
CWE‑834 Python py/xml-bomb XML internal entity expansion
CWE‑834 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer DoS vulnerability
CWE‑913 Python py/code-injection Code injection
CWE‑913 Python py/unsafe-deserialization Deserializing untrusted input
CWE‑916 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data
CWE‑918 Python py/full-ssrf Full server-side request forgery
CWE‑918 Python py/partial-ssrf Partial server-side request forgery
CWE‑922 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑922 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑943 Python py/sql-injection SQL query built from user-controlled sources
CWE‑943 Python py/ldap-injection LDAP query built from user-controlled sources
CWE‑943 Python py/xpath-injection XPath query built from user-controlled sources
CWE‑943 Python py/xslt-injection XSLT query built from user-controlled sources
CWE‑943 Python py/nosql-injection NoSQL Injection
CWE‑1333 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑1333 Python py/redos Inefficient regular expression
  • © GitHub, Inc.
  • Terms
  • Privacy