CWE coverage for Python¶
An overview of CWE coverage for Python in the latest release of CodeQL.
Overview¶
CWE | Language | Query id | Query name |
---|---|---|---|
CWE‑20 | Python | py/count-untrusted-data-external-api | Frequency counts for external APIs that are used with untrusted data |
CWE‑20 | Python | py/untrusted-data-to-external-api | Untrusted data passed to external API |
CWE‑20 | Python | py/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
CWE‑20 | Python | py/incomplete-url-substring-sanitization | Incomplete URL substring sanitization |
CWE‑20 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑22 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑22 | Python | py/tarslip | Arbitrary file write during tarfile extraction |
CWE‑22 | Python | py/zipslip | Arbitrary file write during archive extraction ("Zip Slip") |
CWE‑23 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑36 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑73 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑74 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑74 | Python | py/command-line-injection | Uncontrolled command line |
CWE‑74 | Python | py/jinja2/autoescape-false | Jinja2 templating with autoescape=False |
CWE‑74 | Python | py/reflective-xss | Reflected server-side cross-site scripting |
CWE‑74 | Python | py/sql-injection | SQL query built from user-controlled sources |
CWE‑74 | Python | py/ldap-injection | LDAP query built from user-controlled sources |
CWE‑74 | Python | py/code-injection | Code injection |
CWE‑74 | Python | py/xpath-injection | XPath query built from user-controlled sources |
CWE‑74 | Python | py/template-injection | Server Side Template Injection |
CWE‑74 | Python | py/xslt-injection | XSLT query built from user-controlled sources |
CWE‑74 | Python | py/header-injection | HTTP Header Injection |
CWE‑74 | Python | py/nosql-injection | NoSQL Injection |
CWE‑77 | Python | py/command-line-injection | Uncontrolled command line |
CWE‑78 | Python | py/command-line-injection | Uncontrolled command line |
CWE‑79 | Python | py/jinja2/autoescape-false | Jinja2 templating with autoescape=False |
CWE‑79 | Python | py/reflective-xss | Reflected server-side cross-site scripting |
CWE‑79 | Python | py/header-injection | HTTP Header Injection |
CWE‑88 | Python | py/command-line-injection | Uncontrolled command line |
CWE‑89 | Python | py/sql-injection | SQL query built from user-controlled sources |
CWE‑90 | Python | py/ldap-injection | LDAP query built from user-controlled sources |
CWE‑91 | Python | py/xpath-injection | XPath query built from user-controlled sources |
CWE‑91 | Python | py/xslt-injection | XSLT query built from user-controlled sources |
CWE‑93 | Python | py/header-injection | HTTP Header Injection |
CWE‑94 | Python | py/code-injection | Code injection |
CWE‑95 | Python | py/code-injection | Code injection |
CWE‑99 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑113 | Python | py/header-injection | HTTP Header Injection |
CWE‑116 | Python | py/reflective-xss | Reflected server-side cross-site scripting |
CWE‑116 | Python | py/code-injection | Code injection |
CWE‑116 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑116 | Python | py/log-injection | Log Injection |
CWE‑117 | Python | py/log-injection | Log Injection |
CWE‑185 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑186 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑200 | Python | py/bind-socket-all-network-interfaces | Binding a socket to all network interfaces |
CWE‑200 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑200 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑200 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑200 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑209 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑215 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑221 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑227 | Python | py/equals-hash-mismatch | Inconsistent equality and hashing |
CWE‑227 | Python | py/call/wrong-named-class-argument | Wrong name for an argument in a class instantiation |
CWE‑227 | Python | py/call/wrong-number-class-arguments | Wrong number of arguments in a class instantiation |
CWE‑227 | Python | py/super-not-enclosing-class | First argument to super() is not enclosing class |
CWE‑227 | Python | py/call/wrong-named-argument | Wrong name for an argument in a call |
CWE‑227 | Python | py/percent-format/wrong-arguments | Wrong number of arguments for format |
CWE‑227 | Python | py/call/wrong-arguments | Wrong number of arguments in a call |
CWE‑252 | Python | py/ignored-return-value | Ignored return value |
CWE‑259 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑284 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑284 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑284 | Python | py/pam-auth-bypass | Authorization bypass due to incorrect usage of PAM |
CWE‑284 | Python | py/improper-ldap-auth | Improper LDAP Authentication |
CWE‑284 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑285 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑285 | Python | py/pam-auth-bypass | Authorization bypass due to incorrect usage of PAM |
CWE‑287 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑287 | Python | py/improper-ldap-auth | Improper LDAP Authentication |
CWE‑287 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑295 | Python | py/paramiko-missing-host-key-validation | Accepting unknown SSH host keys when using Paramiko |
CWE‑295 | Python | py/request-without-cert-validation | Request without certificate validation |
CWE‑311 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑311 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑311 | Python | py/cookie-injection | Construction of a cookie using user-supplied input. |
CWE‑311 | Python | py/insecure-cookie | Failure to use secure cookies |
CWE‑312 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑312 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑315 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑321 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑326 | Python | py/weak-crypto-key | Use of weak cryptographic key |
CWE‑326 | Python | py/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
CWE‑327 | Python | py/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
CWE‑327 | Python | py/insecure-default-protocol | Default version of SSL/TLS may be insecure |
CWE‑327 | Python | py/insecure-protocol | Use of insecure SSL/TLS version |
CWE‑327 | Python | py/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
CWE‑328 | Python | py/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
CWE‑330 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑330 | Python | py/insecure-randomness | Insecure randomness |
CWE‑338 | Python | py/insecure-randomness | Insecure randomness |
CWE‑344 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑345 | Python | py/csrf-protection-disabled | CSRF protection weakened or disabled |
CWE‑345 | Python | py/jwt-missing-verification | JWT missing secret or public key verification |
CWE‑345 | Python | py/ip-address-spoofing | IP address spoofing |
CWE‑347 | Python | py/jwt-missing-verification | JWT missing secret or public key verification |
CWE‑348 | Python | py/ip-address-spoofing | IP address spoofing |
CWE‑352 | Python | py/csrf-protection-disabled | CSRF protection weakened or disabled |
CWE‑359 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑359 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑377 | Python | py/insecure-temporary-file | Insecure temporary file |
CWE‑390 | Python | py/empty-except | Empty except |
CWE‑396 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑398 | Python | py/unreachable-except | Unreachable 'except' block |
CWE‑398 | Python | py/comparison-of-constants | Comparison of constants |
CWE‑398 | Python | py/comparison-of-identical-expressions | Comparison of identical values |
CWE‑398 | Python | py/comparison-missing-self | Maybe missing 'self' in comparison |
CWE‑398 | Python | py/redundant-comparison | Redundant comparison |
CWE‑398 | Python | py/duplicate-key-dict-literal | Duplicate key in dict literal |
CWE‑398 | Python | py/import-deprecated-module | Import of deprecated module |
CWE‑398 | Python | py/constant-conditional-expression | Constant in conditional expression or statement |
CWE‑398 | Python | py/redundant-assignment | Redundant assignment |
CWE‑398 | Python | py/ineffectual-statement | Statement has no effect |
CWE‑398 | Python | py/unreachable-statement | Unreachable code |
CWE‑398 | Python | py/multiple-definition | Variable defined multiple times |
CWE‑398 | Python | py/unused-local-variable | Unused local variable |
CWE‑398 | Python | py/unused-global-variable | Unused global variable |
CWE‑400 | Python | py/file-not-closed | File is not always closed |
CWE‑400 | Python | py/polynomial-redos | Polynomial regular expression used on uncontrolled data |
CWE‑400 | Python | py/redos | Inefficient regular expression |
CWE‑400 | Python | py/regex-injection | Regular expression injection |
CWE‑400 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑404 | Python | py/file-not-closed | File is not always closed |
CWE‑405 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑405 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑409 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑409 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑441 | Python | py/full-ssrf | Full server-side request forgery |
CWE‑441 | Python | py/partial-ssrf | Partial server-side request forgery |
CWE‑477 | Python | py/import-deprecated-module | Import of deprecated module |
CWE‑485 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑489 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑497 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑502 | Python | py/unsafe-deserialization | Deserializing untrusted input |
CWE‑522 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑523 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑532 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑538 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑552 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑561 | Python | py/unreachable-except | Unreachable 'except' block |
CWE‑561 | Python | py/comparison-of-constants | Comparison of constants |
CWE‑561 | Python | py/comparison-of-identical-expressions | Comparison of identical values |
CWE‑561 | Python | py/comparison-missing-self | Maybe missing 'self' in comparison |
CWE‑561 | Python | py/redundant-comparison | Redundant comparison |
CWE‑561 | Python | py/duplicate-key-dict-literal | Duplicate key in dict literal |
CWE‑561 | Python | py/constant-conditional-expression | Constant in conditional expression or statement |
CWE‑561 | Python | py/ineffectual-statement | Statement has no effect |
CWE‑561 | Python | py/unreachable-statement | Unreachable code |
CWE‑563 | Python | py/redundant-assignment | Redundant assignment |
CWE‑563 | Python | py/multiple-definition | Variable defined multiple times |
CWE‑563 | Python | py/unused-local-variable | Unused local variable |
CWE‑563 | Python | py/unused-global-variable | Unused global variable |
CWE‑570 | Python | py/comparison-of-constants | Comparison of constants |
CWE‑570 | Python | py/comparison-of-identical-expressions | Comparison of identical values |
CWE‑570 | Python | py/comparison-missing-self | Maybe missing 'self' in comparison |
CWE‑570 | Python | py/redundant-comparison | Redundant comparison |
CWE‑570 | Python | py/constant-conditional-expression | Constant in conditional expression or statement |
CWE‑571 | Python | py/comparison-of-constants | Comparison of constants |
CWE‑571 | Python | py/comparison-of-identical-expressions | Comparison of identical values |
CWE‑571 | Python | py/comparison-missing-self | Maybe missing 'self' in comparison |
CWE‑571 | Python | py/redundant-comparison | Redundant comparison |
CWE‑571 | Python | py/constant-conditional-expression | Constant in conditional expression or statement |
CWE‑573 | Python | py/equals-hash-mismatch | Inconsistent equality and hashing |
CWE‑573 | Python | py/call/wrong-named-class-argument | Wrong name for an argument in a class instantiation |
CWE‑573 | Python | py/call/wrong-number-class-arguments | Wrong number of arguments in a class instantiation |
CWE‑573 | Python | py/super-not-enclosing-class | First argument to super() is not enclosing class |
CWE‑573 | Python | py/call/wrong-named-argument | Wrong name for an argument in a call |
CWE‑573 | Python | py/percent-format/wrong-arguments | Wrong number of arguments for format |
CWE‑573 | Python | py/call/wrong-arguments | Wrong number of arguments in a call |
CWE‑581 | Python | py/equals-hash-mismatch | Inconsistent equality and hashing |
CWE‑584 | Python | py/exit-from-finally | 'break' or 'return' statement in finally |
CWE‑601 | Python | py/url-redirection | URL redirection from remote source |
CWE‑610 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑610 | Python | py/url-redirection | URL redirection from remote source |
CWE‑610 | Python | py/xxe | XML external entity expansion |
CWE‑610 | Python | py/full-ssrf | Full server-side request forgery |
CWE‑610 | Python | py/partial-ssrf | Partial server-side request forgery |
CWE‑611 | Python | py/xxe | XML external entity expansion |
CWE‑614 | Python | py/cookie-injection | Construction of a cookie using user-supplied input. |
CWE‑614 | Python | py/insecure-cookie | Failure to use secure cookies |
CWE‑628 | Python | py/call/wrong-named-class-argument | Wrong name for an argument in a class instantiation |
CWE‑628 | Python | py/call/wrong-number-class-arguments | Wrong number of arguments in a class instantiation |
CWE‑628 | Python | py/super-not-enclosing-class | First argument to super() is not enclosing class |
CWE‑628 | Python | py/call/wrong-named-argument | Wrong name for an argument in a call |
CWE‑628 | Python | py/percent-format/wrong-arguments | Wrong number of arguments for format |
CWE‑628 | Python | py/call/wrong-arguments | Wrong number of arguments in a call |
CWE‑642 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑643 | Python | py/xpath-injection | XPath query built from user-controlled sources |
CWE‑643 | Python | py/xslt-injection | XSLT query built from user-controlled sources |
CWE‑657 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑664 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑664 | Python | py/implicit-string-concatenation-in-list | Implicit string concatenation in a list |
CWE‑664 | Python | py/file-not-closed | File is not always closed |
CWE‑664 | Python | py/bind-socket-all-network-interfaces | Binding a socket to all network interfaces |
CWE‑664 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑664 | Python | py/tarslip | Arbitrary file write during tarfile extraction |
CWE‑664 | Python | py/code-injection | Code injection |
CWE‑664 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑664 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑664 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑664 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑664 | Python | py/insecure-temporary-file | Insecure temporary file |
CWE‑664 | Python | py/unsafe-deserialization | Deserializing untrusted input |
CWE‑664 | Python | py/url-redirection | URL redirection from remote source |
CWE‑664 | Python | py/xxe | XML external entity expansion |
CWE‑664 | Python | py/polynomial-redos | Polynomial regular expression used on uncontrolled data |
CWE‑664 | Python | py/redos | Inefficient regular expression |
CWE‑664 | Python | py/regex-injection | Regular expression injection |
CWE‑664 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑664 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑664 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑664 | Python | py/full-ssrf | Full server-side request forgery |
CWE‑664 | Python | py/partial-ssrf | Partial server-side request forgery |
CWE‑664 | Python | py/zipslip | Arbitrary file write during archive extraction ("Zip Slip") |
CWE‑664 | Python | py/pam-auth-bypass | Authorization bypass due to incorrect usage of PAM |
CWE‑664 | Python | py/improper-ldap-auth | Improper LDAP Authentication |
CWE‑664 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑664 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑665 | Python | py/implicit-string-concatenation-in-list | Implicit string concatenation in a list |
CWE‑668 | Python | py/bind-socket-all-network-interfaces | Binding a socket to all network interfaces |
CWE‑668 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑668 | Python | py/tarslip | Arbitrary file write during tarfile extraction |
CWE‑668 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑668 | Python | py/flask-debug | Flask app is run in debug mode |
CWE‑668 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑668 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑668 | Python | py/insecure-temporary-file | Insecure temporary file |
CWE‑668 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑668 | Python | py/zipslip | Arbitrary file write during archive extraction ("Zip Slip") |
CWE‑668 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑669 | Python | py/xxe | XML external entity expansion |
CWE‑670 | Python | py/asserts-tuple | Asserting a tuple |
CWE‑671 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑674 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑674 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑685 | Python | py/call/wrong-number-class-arguments | Wrong number of arguments in a class instantiation |
CWE‑685 | Python | py/percent-format/wrong-arguments | Wrong number of arguments for format |
CWE‑685 | Python | py/call/wrong-arguments | Wrong number of arguments in a call |
CWE‑687 | Python | py/super-not-enclosing-class | First argument to super() is not enclosing class |
CWE‑691 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑691 | Python | py/code-injection | Code injection |
CWE‑691 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑691 | Python | py/asserts-tuple | Asserting a tuple |
CWE‑691 | Python | py/exit-from-finally | 'break' or 'return' statement in finally |
CWE‑691 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑693 | Python | py/count-untrusted-data-external-api | Frequency counts for external APIs that are used with untrusted data |
CWE‑693 | Python | py/untrusted-data-to-external-api | Untrusted data passed to external API |
CWE‑693 | Python | py/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
CWE‑693 | Python | py/incomplete-url-substring-sanitization | Incomplete URL substring sanitization |
CWE‑693 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑693 | Python | py/paramiko-missing-host-key-validation | Accepting unknown SSH host keys when using Paramiko |
CWE‑693 | Python | py/request-without-cert-validation | Request without certificate validation |
CWE‑693 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑693 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑693 | Python | py/weak-crypto-key | Use of weak cryptographic key |
CWE‑693 | Python | py/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
CWE‑693 | Python | py/insecure-default-protocol | Default version of SSL/TLS may be insecure |
CWE‑693 | Python | py/insecure-protocol | Use of insecure SSL/TLS version |
CWE‑693 | Python | py/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
CWE‑693 | Python | py/csrf-protection-disabled | CSRF protection weakened or disabled |
CWE‑693 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑693 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑693 | Python | py/pam-auth-bypass | Authorization bypass due to incorrect usage of PAM |
CWE‑693 | Python | py/improper-ldap-auth | Improper LDAP Authentication |
CWE‑693 | Python | py/jwt-missing-verification | JWT missing secret or public key verification |
CWE‑693 | Python | py/ip-address-spoofing | IP address spoofing |
CWE‑693 | Python | py/insecure-ldap-auth | Python Insecure LDAP Authentication |
CWE‑693 | Python | py/cookie-injection | Construction of a cookie using user-supplied input. |
CWE‑693 | Python | py/insecure-cookie | Failure to use secure cookies |
CWE‑697 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑703 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑703 | Python | py/empty-except | Empty except |
CWE‑703 | Python | py/ignored-return-value | Ignored return value |
CWE‑703 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑705 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑705 | Python | py/exit-from-finally | 'break' or 'return' statement in finally |
CWE‑706 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑706 | Python | py/tarslip | Arbitrary file write during tarfile extraction |
CWE‑706 | Python | py/xxe | XML external entity expansion |
CWE‑706 | Python | py/zipslip | Arbitrary file write during archive extraction ("Zip Slip") |
CWE‑707 | Python | py/path-injection | Uncontrolled data used in path expression |
CWE‑707 | Python | py/command-line-injection | Uncontrolled command line |
CWE‑707 | Python | py/jinja2/autoescape-false | Jinja2 templating with autoescape=False |
CWE‑707 | Python | py/reflective-xss | Reflected server-side cross-site scripting |
CWE‑707 | Python | py/sql-injection | SQL query built from user-controlled sources |
CWE‑707 | Python | py/ldap-injection | LDAP query built from user-controlled sources |
CWE‑707 | Python | py/code-injection | Code injection |
CWE‑707 | Python | py/bad-tag-filter | Bad HTML filtering regexp |
CWE‑707 | Python | py/log-injection | Log Injection |
CWE‑707 | Python | py/xpath-injection | XPath query built from user-controlled sources |
CWE‑707 | Python | py/template-injection | Server Side Template Injection |
CWE‑707 | Python | py/xslt-injection | XSLT query built from user-controlled sources |
CWE‑707 | Python | py/header-injection | HTTP Header Injection |
CWE‑707 | Python | py/nosql-injection | NoSQL Injection |
CWE‑710 | Python | py/equals-hash-mismatch | Inconsistent equality and hashing |
CWE‑710 | Python | py/call/wrong-named-class-argument | Wrong name for an argument in a class instantiation |
CWE‑710 | Python | py/call/wrong-number-class-arguments | Wrong number of arguments in a class instantiation |
CWE‑710 | Python | py/unreachable-except | Unreachable 'except' block |
CWE‑710 | Python | py/super-not-enclosing-class | First argument to super() is not enclosing class |
CWE‑710 | Python | py/comparison-of-constants | Comparison of constants |
CWE‑710 | Python | py/comparison-of-identical-expressions | Comparison of identical values |
CWE‑710 | Python | py/comparison-missing-self | Maybe missing 'self' in comparison |
CWE‑710 | Python | py/redundant-comparison | Redundant comparison |
CWE‑710 | Python | py/duplicate-key-dict-literal | Duplicate key in dict literal |
CWE‑710 | Python | py/call/wrong-named-argument | Wrong name for an argument in a call |
CWE‑710 | Python | py/percent-format/wrong-arguments | Wrong number of arguments for format |
CWE‑710 | Python | py/call/wrong-arguments | Wrong number of arguments in a call |
CWE‑710 | Python | py/import-deprecated-module | Import of deprecated module |
CWE‑710 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑710 | Python | py/constant-conditional-expression | Constant in conditional expression or statement |
CWE‑710 | Python | py/redundant-assignment | Redundant assignment |
CWE‑710 | Python | py/ineffectual-statement | Statement has no effect |
CWE‑710 | Python | py/unreachable-statement | Unreachable code |
CWE‑710 | Python | py/multiple-definition | Variable defined multiple times |
CWE‑710 | Python | py/unused-local-variable | Unused local variable |
CWE‑710 | Python | py/unused-global-variable | Unused global variable |
CWE‑732 | Python | py/overly-permissive-file | Overly permissive file permissions |
CWE‑754 | Python | py/ignored-return-value | Ignored return value |
CWE‑755 | Python | py/catch-base-exception | Except block handles 'BaseException' |
CWE‑755 | Python | py/empty-except | Empty except |
CWE‑755 | Python | py/stack-trace-exposure | Information exposure through an exception |
CWE‑772 | Python | py/file-not-closed | File is not always closed |
CWE‑776 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑776 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑798 | Python | py/hardcoded-credentials | Hard-coded credentials |
CWE‑827 | Python | py/xxe | XML external entity expansion |
CWE‑829 | Python | py/xxe | XML external entity expansion |
CWE‑834 | Python | py/xml-bomb | XML internal entity expansion |
CWE‑834 | Python | py/simple-xml-rpc-server-dos | SimpleXMLRPCServer DoS vulnerability |
CWE‑913 | Python | py/code-injection | Code injection |
CWE‑913 | Python | py/unsafe-deserialization | Deserializing untrusted input |
CWE‑916 | Python | py/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
CWE‑918 | Python | py/full-ssrf | Full server-side request forgery |
CWE‑918 | Python | py/partial-ssrf | Partial server-side request forgery |
CWE‑922 | Python | py/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
CWE‑922 | Python | py/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
CWE‑943 | Python | py/sql-injection | SQL query built from user-controlled sources |
CWE‑943 | Python | py/ldap-injection | LDAP query built from user-controlled sources |
CWE‑943 | Python | py/xpath-injection | XPath query built from user-controlled sources |
CWE‑943 | Python | py/xslt-injection | XSLT query built from user-controlled sources |
CWE‑943 | Python | py/nosql-injection | NoSQL Injection |
CWE‑1333 | Python | py/polynomial-redos | Polynomial regular expression used on uncontrolled data |
CWE‑1333 | Python | py/redos | Inefficient regular expression |