"CWE-113","Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')","Base","Incomplete"
"CWE-117","Improper Output Neutralization for Logs","Base","Draft"
"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","Class","Usable"
"CWE-120","Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","Base","Incomplete"
"CWE-129","Improper Validation of Array Index","Base","Draft"
"CWE-130","Improper Handling of Length Parameter Inconsistency ","Variant","Incomplete"
"CWE-131","Incorrect Calculation of Buffer Size","Base","Draft"
"CWE-134","Uncontrolled Format String","Base","Draft"
"CWE-135","Incorrect Calculation of Multi-Byte String Length","Base","Draft"
"CWE-14","Compiler Removal of Code to Clear Buffers","Base","Draft"
"CWE-170","Improper Null Termination","Base","Incomplete"
"CWE-173","Improper Handling of Alternate Encoding","Variant","Draft"
"CWE-174","Double Decoding of the Same Data","Variant","Draft"
"CWE-175","Improper Handling of Mixed Encoding","Variant","Draft"
"CWE-179","Incorrect Behavior Order: Early Validation","Base","Incomplete"
"CWE-185","Incorrect Regular Expression","Class","Draft"
"CWE-190","Integer Overflow or Wraparound","Base","Incomplete"
"CWE-193","Off-by-one Error","Base","Draft"
"CWE-201","Information Exposure Through Sent Data","Variant","Draft"
"CWE-203","Information Exposure Through Discrepancy","Class","Incomplete"
"CWE-209","Information Exposure Through an Error Message","Base","Draft"
"CWE-212","Improper Cross-boundary Removal of Sensitive Data","Base","Incomplete"
"CWE-222","Truncation of Security-relevant Information","Base","Draft"
"CWE-223","Omission of Security-relevant Information","Base","Draft"
"CWE-228","Improper Handling of Syntactically Invalid Structure","Class","Incomplete"
"CWE-22","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","Class","Draft"
"CWE-244","Improper Clearing of Heap Memory Before Release ('Heap Inspection')","Variant","Draft"
"CWE-248","Uncaught Exception","Base","Draft"
"CWE-250","Execution with Unnecessary Privileges","Class","Draft"
"CWE-252","Unchecked Return Value","Base","Draft"
"CWE-253","Incorrect Check of Function Return Value","Base","Incomplete"
"CWE-266","Incorrect Privilege Assignment","Base","Draft"
"CWE-267","Privilege Defined With Unsafe Actions","Base","Incomplete"
"CWE-268","Privilege Chaining","Base","Draft"
"CWE-270","Privilege Context Switching Error","Base","Draft"
"CWE-271","Privilege Dropping / Lowering Errors","Class","Incomplete"
"CWE-273","Improper Check for Dropped Privileges","Base","Incomplete"
"CWE-283","Unverified Ownership","Base","Draft"
"CWE-284","Improper Access Control","Class","Incomplete"
"CWE-290","Authentication Bypass by Spoofing","Base","Incomplete"
"CWE-294","Authentication Bypass by Capture-replay","Base","Incomplete"
"CWE-296","Improper Following of a Certificate's Chain of Trust","Base","Draft"
"CWE-297","Improper Validation of Certificate with Host Mismatch","Variant","Incomplete"
"CWE-298","Improper Validation of Certificate Expiration","Variant","Draft"
"CWE-299","Improper Check for Certificate Revocation","Variant","Draft"
"CWE-300","Channel Accessible by Non-Endpoint ('Man-in-the-Middle')","Class","Draft"
"CWE-301","Reflection Attack in an Authentication Protocol","Variant","Draft"
"CWE-304","Missing Critical Step in Authentication","Base","Draft"
"CWE-305","Authentication Bypass by Primary Weakness","Base","Draft"
"CWE-306","Missing Authentication for Critical Function","Variant","Draft"
"CWE-312","Cleartext Storage of Sensitive Information","Base","Draft"
"CWE-319","Cleartext Transmission of Sensitive Information","Base","Draft"
"CWE-322","Key Exchange without Entity Authentication","Base","Draft"
"CWE-323","Reusing a Nonce, Key Pair in Encryption","Base","Incomplete"
"CWE-325","Missing Required Cryptographic Step","Base","Incomplete"
"CWE-327","Use of a Broken or Risky Cryptographic Algorithm","Base","Draft"
"CWE-330","Use of Insufficiently Random Values","Class","Usable"
"CWE-331","Insufficient Entropy","Base","Draft"
"CWE-334","Small Space of Random Values","Base","Draft"
"CWE-335","PRNG Seed Error","Class","Draft"
"CWE-338","Use of Cryptographically Weak PRNG","Base","Draft"
"CWE-341","Predictable from Observable State","Base","Draft"
"CWE-347","Improper Verification of Cryptographic Signature","Base","Draft"
"CWE-348","Use of Less Trusted Source","Base","Draft"
"CWE-349","Acceptance of Extraneous Untrusted Data With Trusted Data","Base","Draft"
"CWE-352","Cross-Site Request Forgery (CSRF)","Variant","Draft"
"CWE-353","Missing Support for Integrity Check","Base","Draft"
"CWE-354","Improper Validation of Integrity Check Value","Base","Draft"
"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","Class","Draft"
"CWE-364","Signal Handler Race Condition","Base","Incomplete"
"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","Base","Incomplete"
"CWE-369","Divide By Zero","Base","Draft"
"CWE-377","Insecure Temporary File","Base","Incomplete"
"CWE-390","Detection of Error Condition Without Action","Class","Draft"
"CWE-392","Missing Report of Error Condition","Base","Draft"
"CWE-393","Return of Wrong Status Code","Base","Draft"
"CWE-400","Uncontrolled Resource Consumption ('Resource Exhaustion')","Base","Incomplete"
"CWE-406","Insufficient Control of Network Message Volume (Network Amplification)","Base","Incomplete"
"CWE-407","Algorithmic Complexity","Base","Incomplete"
"CWE-408","Incorrect Behavior Order: Early Amplification","Base","Draft"
"CWE-409","Improper Handling of Highly Compressed Data (Data Amplification)","Base","Incomplete"
"CWE-41","Improper Resolution of Path Equivalence","Base","Incomplete"
"CWE-426","Untrusted Search Path","Base","Draft"
"CWE-428","Unquoted Search Path or Element","Base","Draft"
"CWE-434","Unrestricted Upload of File with Dangerous Type","Base","Draft"
"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')","Base","Incomplete"
"CWE-451","UI Misrepresentation of Critical Information","Base","Draft"
"CWE-453","Insecure Default Variable Initialization","Base","Draft"
"CWE-454","External Initialization of Trusted Variables or Data Stores","Base","Draft"
"CWE-455","Non-exit on Failed Initialization","Base","Draft"
"CWE-456","Missing Initialization of a Variable","Base","Draft"
"CWE-467","Use of sizeof() on a Pointer Type","Variant","Draft"
"CWE-468","Incorrect Pointer Scaling","Base","Incomplete"
"CWE-469","Use of Pointer Subtraction to Determine Size","Base","Draft"
"CWE-470","Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')","Base","Draft"
"CWE-476","NULL Pointer Dereference","Base","Draft"
"CWE-478","Missing Default Case in Switch Statement","Variant","Draft"
"CWE-480","Use of Incorrect Operator","Base","Draft"
"CWE-483","Incorrect Block Delimitation","Variant","Draft"
"CWE-484","Omitted Break Statement in Switch","Base","Draft"
"CWE-486","Comparison of Classes by Name","Variant","Draft"
"CWE-494","Download of Code Without Integrity Check","Base","Draft"
"CWE-495","Private Array-Typed Field Returned From A Public Method","Variant","Draft"
"CWE-496","Public Data Assigned to Private Array-Typed Field","Variant","Incomplete"
"CWE-498","Cloneable Class Containing Sensitive Information","Variant","Draft"
"CWE-499","Serializable Class Containing Sensitive Data","Variant","Draft"
"CWE-502","Deserialization of Untrusted Data","Variant","Draft"
"CWE-522","Insufficiently Protected Credentials","Base","Incomplete"
"CWE-545","Use of Dynamic Class Loading","Variant","Incomplete"
"CWE-547","Use of Hard-coded, Security-relevant Constants","Variant","Draft"
"CWE-561","Dead Code","Variant","Draft"
"CWE-567","Unsynchronized Access to Shared Data in a Multithreaded Context","Base","Draft"
"CWE-587","Assignment of a Fixed Address to a Pointer","Base","Draft"
"CWE-595","Comparison of Object References Instead of Object Contents","Base","Incomplete"
"CWE-59","Improper Link Resolution Before File Access ('Link Following')","Base","Draft"
"CWE-601","URL Redirection to Untrusted Site ('Open Redirect')","Variant","Draft"
"CWE-602","Client-Side Enforcement of Server-Side Security","Base","Draft"
"CWE-605","Multiple Binds to the Same Port","Base","Draft"
"CWE-617","Reachable Assertion","Variant","Draft"
"CWE-621","Variable Extraction Error","Base","Incomplete"
"CWE-626","Null Byte Interaction Error (Poison Null Byte)","Variant","Draft"
"CWE-627","Dynamic Variable Evaluation","Base","Incomplete"
"CWE-628","Function Call with Incorrectly Specified Arguments","Base","Draft"
"CWE-642","External Control of Critical State Data","Class","Draft"
"CWE-648","Incorrect Use of Privileged APIs","Base","Incomplete"
"CWE-662","Improper Synchronization","Base","Draft"
"CWE-667","Improper Locking","Base","Draft"
"CWE-672","Operation on a Resource after Expiration or Release","Base","Draft"
"CWE-674","Uncontrolled Recursion","Base","Draft"
"CWE-676","Use of Potentially Dangerous Function","Base","Draft"
"CWE-681","Incorrect Conversion between Numeric Types","Base","Draft"
"CWE-682","Incorrect Calculation","Class","Draft"
"CWE-697","Insufficient Comparison","Class","Incomplete"
"CWE-698","Execution After Redirect (EAR)","Base","Incomplete"
"CWE-704","Incorrect Type Conversion or Cast","Class","Incomplete"
"CWE-708","Incorrect Ownership Assignment","Base","Incomplete"
"CWE-732","Incorrect Permission Assignment for Critical Resource","Class","Draft"
"CWE-73","External Control of File Name or Path","Class","Draft"
"CWE-756","Missing Custom Error Page","Class","Incomplete"
"CWE-763","Release of Invalid Pointer or Reference","Base","Incomplete"
"CWE-770","Allocation of Resources Without Limits or Throttling","Base","Incomplete"
"CWE-772","Missing Release of Resource after Effective Lifetime","Base","Incomplete"
"CWE-77","Improper Neutralization of Special Elements used in a Command ('Command Injection')","Class","Draft"
"CWE-783","Operator Precedence Logic Error","Variant","Draft"
"CWE-786","Access of Memory Location Before Start of Buffer","Base","Incomplete"
"CWE-788","Access of Memory Location After End of Buffer","Base","Incomplete"
"CWE-78","Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","Base","Draft"
"CWE-798","Use of Hard-coded Credentials","Base","Incomplete"
"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","Base","Usable"
"CWE-805","Buffer Access with Incorrect Length Value","Base","Incomplete"
"CWE-807","Reliance on Untrusted Inputs in a Security Decision","Base","Incomplete"
"CWE-822","Untrusted Pointer Dereference","Base","Incomplete"
"CWE-825","Expired Pointer Dereference","Base","Incomplete"
"CWE-829","Inclusion of Functionality from Untrusted Control Sphere","Class","Incomplete"
"CWE-835","Loop with Unreachable Exit Condition ('Infinite Loop')","Base","Incomplete"
"CWE-838","Inappropriate Encoding for Output Context","Base","Incomplete"
"CWE-839","Numeric Range Comparison Without Minimum Check","Base","Incomplete"
"CWE-841","Improper Enforcement of Behavioral Workflow","Base","Incomplete"
"CWE-843","Access of Resource Using Incompatible Type ('Type Confusion')","Base","Incomplete"
"CWE-862","Missing Authorization","Class","Incomplete"
"CWE-863","Incorrect Authorization","Class","Incomplete"
"CWE-88","Argument Injection or Modification","Base","Draft"
"CWE-89","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","Base","Draft"
"CWE-90","Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')","Base","Draft"
"CWE-94","Improper Control of Generation of Code ('Code Injection')","Class","Draft"
"CWE-95","Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')","Base","Incomplete"
"CWE-96","Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')","Base","Draft"
"CWE-98","Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')","Base","Draft"
"CWE-99","Improper Control of Resource Identifiers ('Resource Injection')","Base","Draft"