Skip to main content

CWEs that violate the Auto-Update CWE Top 25 standard

This table lists all the CWEs that may cause an application to not pass a policy that includes the Auto-Update CWE Top 25 policy rule.

CWE IDCWE nameStatic supportDynamic supportVeracode severity
20Improper Input ValidationX 0 - Informational
22Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)XX3 - Medium
23Relative Path Traversal   
73External Control of File Name or PathX 3 - Medium
77Improper Neutralization of Special Elements used in a Command ('Command Injection')X5 - Very High
78Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)XX5 - Very High
79Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)XX3 - Medium
80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)XX3 - Medium
81Improper Neutralization of Script in an Error Message Web Page 3 - Medium
83Improper Neutralization of Script in Attributes in a Web Page X3 - Medium
86Improper Neutralization of Invalid Characters in Identifiers in Web PagesX 3 - Medium
89Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)XX4 - High
90Improper Neutralization of Special Elements used in an LDAP Query (LDAP Injection)X 3 - Medium
91XML Injection (aka Blind XPath Injection)XX3 - Medium
94Improper Control of Generation of Code (Code Injection)X 3 - Medium
95Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection)XX5 - Very High
98Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion)XX4 - High
103Struts: Incomplete validate() Method DefinitionX 3 - Medium
104Struts: Form Bean Does Not Extend Validation ClassX 3 - Medium
112Missing XML ValidationX 3 - Medium
119Improper Restriction of Operations within the Bounds of a Memory Buffer   
120Buffer Copy without Checking Size of Input (Classic Buffer Overflow) 5 - Very High
121Stack-based Buffer OverflowX 5 - Very High
125Out-of-bounds ReadX 3 - Medium
131Incorrect Calculation of Buffer Size   
135Incorrect Calculation of Multi-Byte String LengthX 5 - Very High
185Incorrect Regular ExpressionX 2 - Low
190Integer Overflow or WraparoundX 5 - Very High
259Use of Hard-coded PasswordXX3 - Medium
276Incorrect Default Permissions 3 - Medium
287Improper AuthenticationXX4 - High
306Missing Authentication for Critical Function 3 - Medium
321Use of Hard-coded Cryptographic KeyXX3 - Medium
352Cross-Site Request Forgery (CSRF)XX3 - Medium
362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')   
366Race Condition within a ThreadX3 - Medium
367Time-of-check Time-of-use (TOCTOU) Race ConditionX3 - Medium
400Uncontrolled Resource Consumption2 - Low
416Use After FreeX 2 - Low
434Unrestricted Upload of File with Dangerous Type X4 - High
470Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection)X 3 - Medium
476NULL Pointer Dereference   
502Deserialization of Untrusted DataX 3 - Medium
564SQL Injection: HibernateX 4 - High
601URL Redirection to Untrusted Site (Open Redirect)XX3 - Medium
611Improper Restriction of XML External Entity ReferenceXX3 - Medium
618Exposed Unsafe ActiveX MethodX 5 - Very High
693Protection Mechanism FailureXX3 - Medium
787Out-of-bounds WriteX 3 - Medium
798Use of Hard-coded CredentialsX 3 - Medium
830Inclusion of Web Functionality from an Untrusted Source X2 - Low
862Missing Authorization   
915Improperly Controlled Modification of Dynamically-Determined Object AttributesX 3 - Medium
918Server-Side Request Forgery (SSRF)XX3 - Medium
1174ASP.NET Misconfiguration: Improper Model ValidationX 2 - Low