CWE Top 25 (2021*) | CWE | Java | C# | C/C++ | CUDA | Obj-C | JavaScript/TypeScript | Kotlin | Node.js | Android | Swift | Python 3.x | PHP | Scala | VB.NET | Ruby | Go | Apex |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1. Out-of-bounds Write | 787 | |||||||||||||||||
2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 79 | |||||||||||||||||
3. Out-of-bounds Read | 125 | |||||||||||||||||
4. Improper Input Validation | 20 | |||||||||||||||||
5. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 78 | |||||||||||||||||
6. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 89 | |||||||||||||||||
7. Use After Free | 416 | |||||||||||||||||
8. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 22 | |||||||||||||||||
9. Cross-Site Request Forgery (CSRF) | 352 | |||||||||||||||||
10. Unrestricted Upload of File with Dangerous Type | 434 | |||||||||||||||||
11. Missing Authentication for Critical Function | 306 | |||||||||||||||||
12. Integer Overflow or Wraparound | 190 | |||||||||||||||||
13. Deserialization of Untrusted Data | 502 | |||||||||||||||||
14. Improper Authentication | 287 | |||||||||||||||||
15. NULL Pointer Dereference | 476 | |||||||||||||||||
16. Use of Hard-coded Credentials | 798 | |||||||||||||||||
17. Improper Restriction of Operations within the Bounds of a Memory Buffer | 119 | |||||||||||||||||
18. Missing Authorization | 862 | |||||||||||||||||
19. Incorrect Default Permissions | 276 | |||||||||||||||||
20. Exposure of Sensitive Information to an Unauthorized Actor | 200 | |||||||||||||||||
21. Insufficiently Protected Credentials | 522 | |||||||||||||||||
22. Incorrect Permission Assignment for Critical Resource | 732 | |||||||||||||||||
23. Improper Restriction of XML External Entity Reference | 611 | |||||||||||||||||
24. Server-Side Request Forgery (SSRF) | 918 | |||||||||||||||||
25. Improper Neutralization of Special Elements used in a Command ('Command Injection') | 77 |
*This table refers to Coverity support for CWE Top 25 (version 2021). The MITRE CWE Top 25 (version 2021) can be found online.