• CodeQL query help documentation »
• CodeQL CWE coverage »

CWE coverage for Java

An overview of CWE coverage for Java in the latest release of CodeQL.

Overview

CWE	Language	Query id	Query name
CWE‑20	Java	java/count-untrusted-data-external-api	Frequency counts for external APIs that are used with untrusted data
CWE‑20	Java	java/untrusted-data-to-external-api	Untrusted data passed to external API
CWE‑20	Java	java/improper-validation-of-array-construction	Improper validation of user-provided size used for array construction
CWE‑20	Java	java/improper-validation-of-array-construction-code-specified	Improper validation of code-specified size used for array construction
CWE‑20	Java	java/improper-validation-of-array-construction-local	Improper validation of local user-provided size used for array construction
CWE‑20	Java	java/improper-validation-of-array-index	Improper validation of user-provided array index
CWE‑20	Java	java/improper-validation-of-array-index-code-specified	Improper validation of code-specified array index
CWE‑20	Java	java/improper-validation-of-array-index-local	Improper validation of local user-provided array index
CWE‑20	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑22	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑22	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑22	Java	java/zipslip	Arbitrary file write during archive extraction ("Zip Slip")
CWE‑22	Java	java/openstream-called-on-tainted-url	openStream called on URLs created from remote source
CWE‑23	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑23	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑36	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑36	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑36	Java	java/openstream-called-on-tainted-url	openStream called on URLs created from remote source
CWE‑73	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑73	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑74	Java	java/jndi-injection	JNDI lookup with user-controlled name
CWE‑74	Java	java/xslt-injection	XSLT transformation with user-controlled stylesheet
CWE‑74	Java	java/relative-path-command	Executing a command with a relative path
CWE‑74	Java	java/command-line-injection	Uncontrolled command line
CWE‑74	Java	java/command-line-injection-local	Local-user-controlled command line
CWE‑74	Java	java/concatenated-command-line	Building a command line with string concatenation
CWE‑74	Java	java/xss	Cross-site scripting
CWE‑74	Java	java/xss-local	Cross-site scripting from local source
CWE‑74	Java	java/sql-injection	Query built from user-controlled sources
CWE‑74	Java	java/sql-injection-local	Query built from local-user-controlled sources
CWE‑74	Java	java/concatenated-sql-query	Query built without neutralizing special characters
CWE‑74	Java	java/ldap-injection	LDAP query built from user-controlled sources
CWE‑74	Java	java/groovy-injection	Groovy Language injection
CWE‑74	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑74	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑74	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑74	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑74	Java	java/netty-http-request-or-response-splitting	Disabled Netty HTTP header validation
CWE‑74	Java	java/http-response-splitting	HTTP response splitting
CWE‑74	Java	java/http-response-splitting-local	HTTP response splitting from local source
CWE‑74	Java	java/tainted-format-string	Use of externally-controlled format string
CWE‑74	Java	java/tainted-format-string-local	Use of externally-controlled format string from local source
CWE‑74	Java	java/xml/xpath-injection	XPath injection
CWE‑74	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑74	Java	java/ognl-injection	OGNL Expression Language statement with user-controlled input
CWE‑74	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑74	Java	java/command-line-injection-experimental	Uncontrolled command line (experimental sinks)
CWE‑74	Java	java/mybatis-annotation-sql-injection	SQL injection in MyBatis annotation
CWE‑74	Java	java/mybatis-xml-sql-injection	SQL injection in MyBatis Mapper XML
CWE‑74	Java	java/beanshell-injection	BeanShell injection
CWE‑74	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑74	Java	java/jshell-injection	JShell injection
CWE‑74	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑74	Java	java/jython-injection	Injection in Jython
CWE‑74	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑74	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑74	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑74	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑74	Java	java/xquery-injection	XQuery query built from user-controlled sources
CWE‑77	Java	java/relative-path-command	Executing a command with a relative path
CWE‑77	Java	java/command-line-injection	Uncontrolled command line
CWE‑77	Java	java/command-line-injection-local	Local-user-controlled command line
CWE‑77	Java	java/concatenated-command-line	Building a command line with string concatenation
CWE‑77	Java	java/ognl-injection	OGNL Expression Language statement with user-controlled input
CWE‑77	Java	java/command-line-injection-experimental	Uncontrolled command line (experimental sinks)
CWE‑78	Java	java/relative-path-command	Executing a command with a relative path
CWE‑78	Java	java/command-line-injection	Uncontrolled command line
CWE‑78	Java	java/command-line-injection-local	Local-user-controlled command line
CWE‑78	Java	java/concatenated-command-line	Building a command line with string concatenation
CWE‑78	Java	java/command-line-injection-experimental	Uncontrolled command line (experimental sinks)
CWE‑79	Java	java/xss	Cross-site scripting
CWE‑79	Java	java/xss-local	Cross-site scripting from local source
CWE‑79	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑88	Java	java/relative-path-command	Executing a command with a relative path
CWE‑88	Java	java/command-line-injection	Uncontrolled command line
CWE‑88	Java	java/command-line-injection-local	Local-user-controlled command line
CWE‑88	Java	java/concatenated-command-line	Building a command line with string concatenation
CWE‑88	Java	java/command-line-injection-experimental	Uncontrolled command line (experimental sinks)
CWE‑89	Java	java/sql-injection	Query built from user-controlled sources
CWE‑89	Java	java/sql-injection-local	Query built from local-user-controlled sources
CWE‑89	Java	java/concatenated-sql-query	Query built without neutralizing special characters
CWE‑89	Java	java/mybatis-annotation-sql-injection	SQL injection in MyBatis annotation
CWE‑89	Java	java/mybatis-xml-sql-injection	SQL injection in MyBatis Mapper XML
CWE‑90	Java	java/ldap-injection	LDAP query built from user-controlled sources
CWE‑91	Java	java/xml/xpath-injection	XPath injection
CWE‑91	Java	java/xquery-injection	XQuery query built from user-controlled sources
CWE‑93	Java	java/netty-http-request-or-response-splitting	Disabled Netty HTTP header validation
CWE‑93	Java	java/http-response-splitting	HTTP response splitting
CWE‑93	Java	java/http-response-splitting-local	HTTP response splitting from local source
CWE‑94	Java	java/groovy-injection	Groovy Language injection
CWE‑94	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑94	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑94	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑94	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑94	Java	java/beanshell-injection	BeanShell injection
CWE‑94	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑94	Java	java/jshell-injection	JShell injection
CWE‑94	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑94	Java	java/jython-injection	Injection in Jython
CWE‑94	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑94	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑94	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑94	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑95	Java	java/jython-injection	Injection in Jython
CWE‑113	Java	java/netty-http-request-or-response-splitting	Disabled Netty HTTP header validation
CWE‑113	Java	java/http-response-splitting	HTTP response splitting
CWE‑113	Java	java/http-response-splitting-local	HTTP response splitting from local source
CWE‑116	Java	java/log-injection	Log Injection
CWE‑117	Java	java/log-injection	Log Injection
CWE‑129	Java	java/improper-validation-of-array-construction	Improper validation of user-provided size used for array construction
CWE‑129	Java	java/improper-validation-of-array-construction-code-specified	Improper validation of code-specified size used for array construction
CWE‑129	Java	java/improper-validation-of-array-construction-local	Improper validation of local user-provided size used for array construction
CWE‑129	Java	java/improper-validation-of-array-index	Improper validation of user-provided array index
CWE‑129	Java	java/improper-validation-of-array-index-code-specified	Improper validation of code-specified array index
CWE‑129	Java	java/improper-validation-of-array-index-local	Improper validation of local user-provided array index
CWE‑134	Java	java/tainted-format-string	Use of externally-controlled format string
CWE‑134	Java	java/tainted-format-string-local	Use of externally-controlled format string from local source
CWE‑190	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑190	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑190	Java	java/tainted-arithmetic	User-controlled data in arithmetic expression
CWE‑190	Java	java/tainted-arithmetic-local	Local-user-controlled data in arithmetic expression
CWE‑190	Java	java/uncontrolled-arithmetic	Uncontrolled data in arithmetic expression
CWE‑190	Java	java/extreme-value-arithmetic	Use of extreme values in arithmetic expression
CWE‑190	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑191	Java	java/tainted-arithmetic	User-controlled data in arithmetic expression
CWE‑191	Java	java/tainted-arithmetic-local	Local-user-controlled data in arithmetic expression
CWE‑191	Java	java/uncontrolled-arithmetic	Uncontrolled data in arithmetic expression
CWE‑191	Java	java/extreme-value-arithmetic	Use of extreme values in arithmetic expression
CWE‑193	Java	java/index-out-of-bounds	Array index out of bounds
CWE‑197	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑197	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑197	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑197	Java	java/tainted-numeric-cast	User-controlled data in numeric cast
CWE‑197	Java	java/tainted-numeric-cast-local	Local-user-controlled data in numeric cast
CWE‑200	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑200	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑200	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑200	Java	java/insecure-webview-resource-response	Insecure Android WebView Resource Response
CWE‑200	Java	java/sensitive-android-file-leak	Leaking sensitive Android file
CWE‑200	Java	java/possible-timing-attack-against-signature	Possible timing attack against signature validation
CWE‑200	Java	java/timing-attack-against-headers-value	Timing attack against header value
CWE‑200	Java	java/timing-attack-against-signature	Timing attack against signature validation
CWE‑200	Java	java/server-directory-listing	Directories and files exposure
CWE‑200	Java	java/sensitive-query-with-get	Sensitive GET Query
CWE‑203	Java	java/possible-timing-attack-against-signature	Possible timing attack against signature validation
CWE‑203	Java	java/timing-attack-against-headers-value	Timing attack against header value
CWE‑203	Java	java/timing-attack-against-signature	Timing attack against signature validation
CWE‑208	Java	java/possible-timing-attack-against-signature	Possible timing attack against signature validation
CWE‑208	Java	java/timing-attack-against-headers-value	Timing attack against header value
CWE‑208	Java	java/timing-attack-against-signature	Timing attack against signature validation
CWE‑209	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑221	Java	java/overly-general-catch	Overly-general catch clause
CWE‑227	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑227	Java	java/ejb/file-io	EJB uses file input/output
CWE‑227	Java	java/ejb/graphics	EJB uses graphics
CWE‑227	Java	java/ejb/native-code	EJB uses native code
CWE‑227	Java	java/ejb/reflection	EJB uses reflection
CWE‑227	Java	java/ejb/security-configuration-access	EJB accesses security configuration
CWE‑227	Java	java/ejb/substitution-in-serialization	EJB uses substitution in serialization
CWE‑227	Java	java/ejb/socket-or-stream-handler-factory	EJB sets socket factory or URL stream handler factory
CWE‑227	Java	java/ejb/server-socket	EJB uses server socket
CWE‑227	Java	java/ejb/non-final-static-field	EJB uses non-final static field
CWE‑227	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑227	Java	java/ejb/this	EJB uses 'this' as argument or result
CWE‑227	Java	java/ejb/threads	EJB uses threads
CWE‑227	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑227	Java	java/inconsistent-equals-and-hashcode	Inconsistent equals and hashCode
CWE‑227	Java	java/unreleased-lock	Unreleased lock
CWE‑227	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑227	Java	java/missing-format-argument	Missing format argument
CWE‑227	Java	java/unused-format-argument	Unused format argument
CWE‑227	Java	java/empty-finalizer	Empty body of finalizer
CWE‑227	Java	java/static-initialization-vector	Using a static initialization vector for encryption
CWE‑248	Java	java/uncaught-number-format-exception	Missing catch of NumberFormatException
CWE‑248	Java	java/uncaught-servlet-exception	Uncaught Servlet Exception
CWE‑252	Java	java/inconsistent-call-on-result	Inconsistent operation on return value
CWE‑252	Java	java/return-value-ignored	Method result ignored
CWE‑256	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑256	Java	java/password-in-configuration	Password in configuration file
CWE‑260	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑260	Java	java/password-in-configuration	Password in configuration file
CWE‑266	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑269	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑269	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑271	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑273	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑284	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑284	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑284	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑284	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑284	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑284	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑284	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑284	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑284	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑284	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑284	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑284	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑284	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑284	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑284	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑284	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑284	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑284	Java	java/android/intent-redirection	Android Intent redirection
CWE‑284	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑284	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑284	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑284	Java	java/unvalidated-cors-origin-set	CORS is derived from untrusted input
CWE‑284	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑284	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑284	Java	java/password-in-configuration	Password in configuration file
CWE‑284	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑285	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑285	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑285	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑285	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑285	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑285	Java	java/android/intent-redirection	Android Intent redirection
CWE‑285	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑287	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑287	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑287	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑287	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑287	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑287	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑287	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑287	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑287	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑287	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑287	Java	java/password-in-configuration	Password in configuration file
CWE‑290	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑290	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑295	Java	java/insecure-trustmanager	TrustManager that accepts all certificates
CWE‑295	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑295	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑295	Java	java/jxbrowser/disabled-certificate-validation	JxBrowser with disabled certificate validation
CWE‑295	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑295	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑295	Java	java/disabled-certificate-revocation-checking	Disabled ceritificate revocation checking
CWE‑297	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑297	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑297	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑297	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑299	Java	java/disabled-certificate-revocation-checking	Disabled ceritificate revocation checking
CWE‑300	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311	Java	java/android/cleartext-storage-database	Cleartext storage of sensitive information using a local database on Android
CWE‑311	Java	java/android/cleartext-storage-filesystem	Cleartext storage of sensitive information in the Android filesystem
CWE‑311	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑311	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑311	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑311	Java	java/android/cleartext-storage-shared-prefs	Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑311	Java	java/non-https-url	Failure to use HTTPS URLs
CWE‑311	Java	java/non-ssl-connection	Failure to use SSL
CWE‑311	Java	java/non-ssl-socket-factory	Failure to use SSL socket factories
CWE‑311	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑311	Java	java/insecure-cookie	Failure to use secure cookies
CWE‑311	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑311	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑312	Java	java/android/cleartext-storage-database	Cleartext storage of sensitive information using a local database on Android
CWE‑312	Java	java/android/cleartext-storage-filesystem	Cleartext storage of sensitive information in the Android filesystem
CWE‑312	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑312	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑312	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑312	Java	java/android/cleartext-storage-shared-prefs	Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑313	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑315	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑319	Java	java/non-https-url	Failure to use HTTPS URLs
CWE‑319	Java	java/non-ssl-connection	Failure to use SSL
CWE‑319	Java	java/non-ssl-socket-factory	Failure to use SSL socket factories
CWE‑319	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑319	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑319	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑321	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑326	Java	java/weak-cryptographic-algorithm	Use of a broken or risky cryptographic algorithm
CWE‑326	Java	java/potentially-weak-cryptographic-algorithm	Use of a potentially broken or risky cryptographic algorithm
CWE‑326	Java	java/insufficient-key-size	Weak encryption: Insufficient key size
CWE‑327	Java	java/weak-cryptographic-algorithm	Use of a broken or risky cryptographic algorithm
CWE‑327	Java	java/potentially-weak-cryptographic-algorithm	Use of a potentially broken or risky cryptographic algorithm
CWE‑327	Java	java/unsafe-tls-version	Unsafe TLS version
CWE‑327	Java	java/hash-without-salt	Use of a hash function without a salt
CWE‑328	Java	java/weak-cryptographic-algorithm	Use of a broken or risky cryptographic algorithm
CWE‑328	Java	java/potentially-weak-cryptographic-algorithm	Use of a potentially broken or risky cryptographic algorithm
CWE‑329	Java	java/static-initialization-vector	Using a static initialization vector for encryption
CWE‑330	Java	java/random-used-once	Random used only once
CWE‑330	Java	java/predictable-seed	Use of a predictable seed in a secure random number generator
CWE‑330	Java	java/jhipster-prng	Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑330	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑330	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑330	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑330	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑330	Java	java/static-initialization-vector	Using a static initialization vector for encryption
CWE‑330	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑335	Java	java/random-used-once	Random used only once
CWE‑335	Java	java/predictable-seed	Use of a predictable seed in a secure random number generator
CWE‑337	Java	java/predictable-seed	Use of a predictable seed in a secure random number generator
CWE‑338	Java	java/jhipster-prng	Detect JHipster Generator Vulnerability CVE-2019-16303
CWE‑344	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑344	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑344	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑344	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑344	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑345	Java	java/missing-jwt-signature-check	Missing JWT signature check
CWE‑345	Java	java/spring-disabled-csrf-protection	Disabled Spring CSRF protection
CWE‑345	Java	java/unvalidated-cors-origin-set	CORS is derived from untrusted input
CWE‑345	Java	java/ip-address-spoofing	IP address spoofing
CWE‑345	Java	java/jsonp-injection	JSONP Injection
CWE‑346	Java	java/unvalidated-cors-origin-set	CORS is derived from untrusted input
CWE‑347	Java	java/missing-jwt-signature-check	Missing JWT signature check
CWE‑348	Java	java/ip-address-spoofing	IP address spoofing
CWE‑352	Java	java/spring-disabled-csrf-protection	Disabled Spring CSRF protection
CWE‑352	Java	java/jsonp-injection	JSONP Injection
CWE‑362	Java	java/toctou-race-condition	Time-of-check time-of-use race condition
CWE‑362	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑367	Java	java/toctou-race-condition	Time-of-check time-of-use race condition
CWE‑382	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑382	Java	java/jvm-exit	Forcible JVM termination
CWE‑383	Java	java/ejb/threads	EJB uses threads
CWE‑391	Java	java/discarded-exception	Discarded exception
CWE‑391	Java	java/ignored-error-status-of-call	Ignored error status of call
CWE‑396	Java	java/overly-general-catch	Overly-general catch clause
CWE‑398	Java	java/deprecated-call	Deprecated method or constructor invocation
CWE‑398	Java	java/dead-class	Dead class
CWE‑398	Java	java/dead-enum-constant	Dead enum constant
CWE‑398	Java	java/dead-field	Dead field
CWE‑398	Java	java/dead-function	Dead method
CWE‑398	Java	java/lines-of-dead-code	Lines of dead code in files
CWE‑398	Java	java/unused-parameter	Useless parameter
CWE‑398	Java	java/useless-null-check	Useless null check
CWE‑398	Java	java/useless-type-test	Useless type test
CWE‑398	Java	java/useless-upcast	Useless upcast
CWE‑398	Java	java/empty-container	Container contents are never initialized
CWE‑398	Java	java/unused-container	Container contents are never accessed
CWE‑398	Java	java/constant-comparison	Useless comparison test
CWE‑398	Java	java/dereferenced-value-is-always-null	Dereferenced variable is always null
CWE‑398	Java	java/dereferenced-expr-may-be-null	Dereferenced expression may be null
CWE‑398	Java	java/dereferenced-value-may-be-null	Dereferenced variable may be null
CWE‑398	Java	java/empty-synchronized-block	Empty synchronized block
CWE‑398	Java	java/unreachable-catch-clause	Unreachable catch clause
CWE‑398	Java	java/potentially-dangerous-function	Use of a potentially dangerous function
CWE‑398	Java	java/todo-comment	TODO/FIXME comments
CWE‑398	Java	java/unused-reference-type	Unused classes and interfaces
CWE‑398	Java	java/overwritten-assignment-to-local	Assigned value is overwritten
CWE‑398	Java	java/useless-assignment-to-local	Useless assignment to local variable
CWE‑398	Java	java/unused-initialized-local	Local variable is initialized but not used
CWE‑398	Java	java/local-variable-is-never-read	Unread local variable
CWE‑398	Java	java/unused-field	Unused field
CWE‑398	Java	java/unused-label	Unused label
CWE‑398	Java	java/unused-local-variable	Unused local variable
CWE‑398	Java	java/switch-fall-through	Unterminated switch case
CWE‑398	Java	java/redundant-cast	Unnecessary cast
CWE‑398	Java	java/unused-import	Unnecessary import
CWE‑400	Java	java/input-resource-leak	Potential input resource leak
CWE‑400	Java	java/database-resource-leak	Potential database resource leak
CWE‑400	Java	java/output-resource-leak	Potential output resource leak
CWE‑400	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑400	Java	java/thread-resource-abuse	Uncontrolled thread resource consumption from local input source
CWE‑400	Java	java/thread-resource-abuse	Uncontrolled thread resource consumption
CWE‑400	Java	java/regex-injection	Regular expression injection
CWE‑404	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑404	Java	java/input-resource-leak	Potential input resource leak
CWE‑404	Java	java/database-resource-leak	Potential database resource leak
CWE‑404	Java	java/output-resource-leak	Potential output resource leak
CWE‑404	Java	java/empty-finalizer	Empty body of finalizer
CWE‑404	Java	java/disabled-certificate-revocation-checking	Disabled ceritificate revocation checking
CWE‑405	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑409	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑413	Java	java/unsynchronized-getter	Inconsistent synchronization of getter and setter
CWE‑420	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑421	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑441	Java	java/ssrf	Server-side request forgery
CWE‑457	Java	java/unassigned-field	Field is never assigned a non-null value
CWE‑459	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑459	Java	java/empty-finalizer	Empty body of finalizer
CWE‑470	Java	java/android/fragment-injection	Android fragment injection
CWE‑470	Java	java/android/fragment-injection-preference-activity	Android fragment injection in PreferenceActivity
CWE‑470	Java	java/unsafe-reflection	Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑476	Java	java/dereferenced-value-is-always-null	Dereferenced variable is always null
CWE‑476	Java	java/dereferenced-expr-may-be-null	Dereferenced expression may be null
CWE‑476	Java	java/dereferenced-value-may-be-null	Dereferenced variable may be null
CWE‑477	Java	java/deprecated-call	Deprecated method or constructor invocation
CWE‑478	Java	java/missing-default-in-switch	Missing default case in switch
CWE‑478	Java	java/missing-case-in-switch	Missing enum case in switch
CWE‑480	Java	java/assignment-in-boolean-expression	Assignment in Boolean expression
CWE‑480	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑481	Java	java/assignment-in-boolean-expression	Assignment in Boolean expression
CWE‑484	Java	java/switch-fall-through	Unterminated switch case
CWE‑485	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑485	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑485	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑485	Java	java/abstract-to-concrete-cast	Cast from abstract to concrete collection
CWE‑485	Java	java/internal-representation-exposure	Exposing internal representation
CWE‑485	Java	java/main-method-in-enterprise-bean	Main Method in Enterprise Java Bean
CWE‑485	Java	java/main-method-in-web-components	Main Method in Java EE Web Components
CWE‑485	Java	java/struts-development-mode	Apache Struts development mode enabled
CWE‑489	Java	java/main-method-in-enterprise-bean	Main Method in Enterprise Java Bean
CWE‑489	Java	java/main-method-in-web-components	Main Method in Java EE Web Components
CWE‑489	Java	java/struts-development-mode	Apache Struts development mode enabled
CWE‑494	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑497	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑499	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑502	Java	java/unsafe-deserialization	Deserialization of user-controlled data
CWE‑502	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑502	Java	java/unsafe-deserialization-rmi	Unsafe deserialization in a remotely callable method.
CWE‑502	Java	java/unsafe-deserialization-spring-exporter-in-configuration-class	Unsafe deserialization with Spring's remote service exporters.
CWE‑502	Java	java/unsafe-deserialization-spring-exporter-in-xml-configuration	Unsafe deserialization with Spring's remote service exporters.
CWE‑522	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑522	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑522	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑522	Java	java/password-in-configuration	Password in configuration file
CWE‑532	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑538	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑538	Java	java/server-directory-listing	Directories and files exposure
CWE‑543	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑546	Java	java/todo-comment	TODO/FIXME comments
CWE‑548	Java	java/server-directory-listing	Directories and files exposure
CWE‑552	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑552	Java	java/server-directory-listing	Directories and files exposure
CWE‑555	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑555	Java	java/password-in-configuration	Password in configuration file
CWE‑561	Java	java/dead-class	Dead class
CWE‑561	Java	java/dead-enum-constant	Dead enum constant
CWE‑561	Java	java/dead-field	Dead field
CWE‑561	Java	java/dead-function	Dead method
CWE‑561	Java	java/lines-of-dead-code	Lines of dead code in files
CWE‑561	Java	java/unused-parameter	Useless parameter
CWE‑561	Java	java/useless-null-check	Useless null check
CWE‑561	Java	java/useless-type-test	Useless type test
CWE‑561	Java	java/useless-upcast	Useless upcast
CWE‑561	Java	java/empty-container	Container contents are never initialized
CWE‑561	Java	java/unused-container	Container contents are never accessed
CWE‑561	Java	java/constant-comparison	Useless comparison test
CWE‑561	Java	java/unreachable-catch-clause	Unreachable catch clause
CWE‑561	Java	java/unused-reference-type	Unused classes and interfaces
CWE‑561	Java	java/useless-assignment-to-local	Useless assignment to local variable
CWE‑561	Java	java/local-variable-is-never-read	Unread local variable
CWE‑561	Java	java/unused-field	Unused field
CWE‑561	Java	java/unused-label	Unused label
CWE‑561	Java	java/redundant-cast	Unnecessary cast
CWE‑561	Java	java/unused-import	Unnecessary import
CWE‑563	Java	java/overwritten-assignment-to-local	Assigned value is overwritten
CWE‑563	Java	java/unused-initialized-local	Local variable is initialized but not used
CWE‑563	Java	java/unused-local-variable	Unused local variable
CWE‑564	Java	java/sql-injection	Query built from user-controlled sources
CWE‑564	Java	java/sql-injection-local	Query built from local-user-controlled sources
CWE‑564	Java	java/concatenated-sql-query	Query built without neutralizing special characters
CWE‑568	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑568	Java	java/empty-finalizer	Empty body of finalizer
CWE‑570	Java	java/constant-comparison	Useless comparison test
CWE‑571	Java	java/constant-comparison	Useless comparison test
CWE‑572	Java	java/call-to-thread-run	Direct call to a run() method
CWE‑573	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑573	Java	java/ejb/file-io	EJB uses file input/output
CWE‑573	Java	java/ejb/graphics	EJB uses graphics
CWE‑573	Java	java/ejb/native-code	EJB uses native code
CWE‑573	Java	java/ejb/reflection	EJB uses reflection
CWE‑573	Java	java/ejb/security-configuration-access	EJB accesses security configuration
CWE‑573	Java	java/ejb/substitution-in-serialization	EJB uses substitution in serialization
CWE‑573	Java	java/ejb/socket-or-stream-handler-factory	EJB sets socket factory or URL stream handler factory
CWE‑573	Java	java/ejb/server-socket	EJB uses server socket
CWE‑573	Java	java/ejb/non-final-static-field	EJB uses non-final static field
CWE‑573	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑573	Java	java/ejb/this	EJB uses 'this' as argument or result
CWE‑573	Java	java/ejb/threads	EJB uses threads
CWE‑573	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑573	Java	java/inconsistent-equals-and-hashcode	Inconsistent equals and hashCode
CWE‑573	Java	java/unreleased-lock	Unreleased lock
CWE‑573	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑573	Java	java/missing-format-argument	Missing format argument
CWE‑573	Java	java/unused-format-argument	Unused format argument
CWE‑573	Java	java/empty-finalizer	Empty body of finalizer
CWE‑573	Java	java/static-initialization-vector	Using a static initialization vector for encryption
CWE‑574	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑575	Java	java/ejb/graphics	EJB uses graphics
CWE‑576	Java	java/ejb/file-io	EJB uses file input/output
CWE‑577	Java	java/ejb/socket-or-stream-handler-factory	EJB sets socket factory or URL stream handler factory
CWE‑577	Java	java/ejb/server-socket	EJB uses server socket
CWE‑578	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑580	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑581	Java	java/inconsistent-equals-and-hashcode	Inconsistent equals and hashCode
CWE‑582	Java	java/static-array	Array constant vulnerable to change
CWE‑584	Java	java/abnormal-finally-completion	Finally block may not complete normally
CWE‑585	Java	java/empty-synchronized-block	Empty synchronized block
CWE‑592	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑592	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑595	Java	java/reference-equality-with-object	Reference equality test on java.lang.Object
CWE‑595	Java	java/reference-equality-of-boxed-types	Reference equality test of boxed types
CWE‑595	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑597	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑598	Java	java/sensitive-query-with-get	Sensitive GET Query
CWE‑600	Java	java/uncaught-servlet-exception	Uncaught Servlet Exception
CWE‑601	Java	java/unvalidated-url-redirection	URL redirection from remote source
CWE‑601	Java	java/unvalidated-url-redirection-local	URL redirection from local source
CWE‑601	Java	java/spring-unvalidated-url-redirection	Spring url redirection from remote source
CWE‑609	Java	java/unsafe-double-checked-locking	Double-checked locking is not thread-safe
CWE‑609	Java	java/unsafe-double-checked-locking-init-order	Race condition in double-checked locking object initialization
CWE‑609	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑610	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑610	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑610	Java	java/android/fragment-injection	Android fragment injection
CWE‑610	Java	java/android/fragment-injection-preference-activity	Android fragment injection in PreferenceActivity
CWE‑610	Java	java/unvalidated-url-redirection	URL redirection from remote source
CWE‑610	Java	java/unvalidated-url-redirection-local	URL redirection from local source
CWE‑610	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑610	Java	java/ssrf	Server-side request forgery
CWE‑610	Java	java/unsafe-reflection	Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑610	Java	java/spring-unvalidated-url-redirection	Spring url redirection from remote source
CWE‑610	Java	java/xxe-with-experimental-sinks	Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑610	Java	java/xxe-local-experimental-sinks	Resolving XML external entity from a local source (experimental sinks)
CWE‑611	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑611	Java	java/xxe-with-experimental-sinks	Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑611	Java	java/xxe-local-experimental-sinks	Resolving XML external entity from a local source (experimental sinks)
CWE‑614	Java	java/insecure-cookie	Failure to use secure cookies
CWE‑628	Java	java/missing-format-argument	Missing format argument
CWE‑628	Java	java/unused-format-argument	Unused format argument
CWE‑642	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑642	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑643	Java	java/xml/xpath-injection	XPath injection
CWE‑652	Java	java/xquery-injection	XQuery query built from user-controlled sources
CWE‑657	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑657	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑657	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑657	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑657	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑662	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑662	Java	java/wait-on-condition-interface	Wait on condition
CWE‑662	Java	java/call-to-thread-run	Direct call to a run() method
CWE‑662	Java	java/unsafe-double-checked-locking	Double-checked locking is not thread-safe
CWE‑662	Java	java/unsafe-double-checked-locking-init-order	Race condition in double-checked locking object initialization
CWE‑662	Java	java/unsafe-sync-on-field	Futile synchronization on field
CWE‑662	Java	java/inconsistent-field-synchronization	Inconsistent synchronization for field
CWE‑662	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑662	Java	java/non-sync-override	Non-synchronized override of synchronized method
CWE‑662	Java	java/notify-instead-of-notify-all	notify instead of notifyAll
CWE‑662	Java	java/sleep-with-lock-held	Sleep with lock held
CWE‑662	Java	java/sync-on-boxed-types	Synchronization on boxed types or strings
CWE‑662	Java	java/unsynchronized-getter	Inconsistent synchronization of getter and setter
CWE‑662	Java	java/inconsistent-sync-writeobject	Inconsistent synchronization for writeObject()
CWE‑662	Java	java/unreleased-lock	Unreleased lock
CWE‑662	Java	java/wait-with-two-locks	Wait with two locks held
CWE‑662	Java	java/lock-order-inconsistency	Lock order inconsistency
CWE‑664	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑664	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑664	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑664	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑664	Java	java/wait-on-condition-interface	Wait on condition
CWE‑664	Java	java/call-to-thread-run	Direct call to a run() method
CWE‑664	Java	java/unsafe-double-checked-locking	Double-checked locking is not thread-safe
CWE‑664	Java	java/unsafe-double-checked-locking-init-order	Race condition in double-checked locking object initialization
CWE‑664	Java	java/unsafe-sync-on-field	Futile synchronization on field
CWE‑664	Java	java/inconsistent-field-synchronization	Inconsistent synchronization for field
CWE‑664	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑664	Java	java/non-sync-override	Non-synchronized override of synchronized method
CWE‑664	Java	java/notify-instead-of-notify-all	notify instead of notifyAll
CWE‑664	Java	java/sleep-with-lock-held	Sleep with lock held
CWE‑664	Java	java/sync-on-boxed-types	Synchronization on boxed types or strings
CWE‑664	Java	java/unsynchronized-getter	Inconsistent synchronization of getter and setter
CWE‑664	Java	java/inconsistent-sync-writeobject	Inconsistent synchronization for writeObject()
CWE‑664	Java	java/unreleased-lock	Unreleased lock
CWE‑664	Java	java/wait-with-two-locks	Wait with two locks held
CWE‑664	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑664	Java	java/input-resource-leak	Potential input resource leak
CWE‑664	Java	java/database-resource-leak	Potential database resource leak
CWE‑664	Java	java/output-resource-leak	Potential output resource leak
CWE‑664	Java	java/impossible-array-cast	Impossible array cast
CWE‑664	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑664	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑664	Java	java/zipslip	Arbitrary file write during archive extraction ("Zip Slip")
CWE‑664	Java	java/groovy-injection	Groovy Language injection
CWE‑664	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑664	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑664	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑664	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑664	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑664	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑664	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑664	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑664	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑664	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑664	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑664	Java	java/android/cleartext-storage-database	Cleartext storage of sensitive information using a local database on Android
CWE‑664	Java	java/android/cleartext-storage-filesystem	Cleartext storage of sensitive information in the Android filesystem
CWE‑664	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑664	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑664	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑664	Java	java/android/cleartext-storage-shared-prefs	Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑664	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑664	Java	java/android/fragment-injection	Android fragment injection
CWE‑664	Java	java/android/fragment-injection-preference-activity	Android fragment injection in PreferenceActivity
CWE‑664	Java	java/unsafe-deserialization	Deserialization of user-controlled data
CWE‑664	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑664	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑664	Java	java/unvalidated-url-redirection	URL redirection from remote source
CWE‑664	Java	java/unvalidated-url-redirection-local	URL redirection from local source
CWE‑664	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑664	Java	java/tainted-numeric-cast	User-controlled data in numeric cast
CWE‑664	Java	java/tainted-numeric-cast-local	Local-user-controlled data in numeric cast
CWE‑664	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑664	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑664	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑664	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑664	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑664	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑664	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑664	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑664	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑664	Java	java/lock-order-inconsistency	Lock order inconsistency
CWE‑664	Java	java/ssrf	Server-side request forgery
CWE‑664	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑664	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑664	Java	java/android/intent-redirection	Android Intent redirection
CWE‑664	Java	java/empty-finalizer	Empty body of finalizer
CWE‑664	Java	java/unassigned-field	Field is never assigned a non-null value
CWE‑664	Java	java/overly-general-catch	Overly-general catch clause
CWE‑664	Java	java/abstract-to-concrete-cast	Cast from abstract to concrete collection
CWE‑664	Java	java/internal-representation-exposure	Exposing internal representation
CWE‑664	Java	java/static-array	Array constant vulnerable to change
CWE‑664	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑664	Java	java/openstream-called-on-tainted-url	openStream called on URLs created from remote source
CWE‑664	Java	java/beanshell-injection	BeanShell injection
CWE‑664	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑664	Java	java/jshell-injection	JShell injection
CWE‑664	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑664	Java	java/jython-injection	Injection in Jython
CWE‑664	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑664	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑664	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑664	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑664	Java	java/insecure-webview-resource-response	Insecure Android WebView Resource Response
CWE‑664	Java	java/sensitive-android-file-leak	Leaking sensitive Android file
CWE‑664	Java	java/possible-timing-attack-against-signature	Possible timing attack against signature validation
CWE‑664	Java	java/timing-attack-against-headers-value	Timing attack against header value
CWE‑664	Java	java/timing-attack-against-signature	Timing attack against signature validation
CWE‑664	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑664	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑664	Java	java/disabled-certificate-revocation-checking	Disabled ceritificate revocation checking
CWE‑664	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑664	Java	java/unvalidated-cors-origin-set	CORS is derived from untrusted input
CWE‑664	Java	java/thread-resource-abuse	Uncontrolled thread resource consumption from local input source
CWE‑664	Java	java/thread-resource-abuse	Uncontrolled thread resource consumption
CWE‑664	Java	java/unsafe-reflection	Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑664	Java	java/main-method-in-enterprise-bean	Main Method in Enterprise Java Bean
CWE‑664	Java	java/main-method-in-web-components	Main Method in Java EE Web Components
CWE‑664	Java	java/struts-development-mode	Apache Struts development mode enabled
CWE‑664	Java	java/unsafe-deserialization-rmi	Unsafe deserialization in a remotely callable method.
CWE‑664	Java	java/unsafe-deserialization-spring-exporter-in-configuration-class	Unsafe deserialization with Spring's remote service exporters.
CWE‑664	Java	java/unsafe-deserialization-spring-exporter-in-xml-configuration	Unsafe deserialization with Spring's remote service exporters.
CWE‑664	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑664	Java	java/server-directory-listing	Directories and files exposure
CWE‑664	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑664	Java	java/password-in-configuration	Password in configuration file
CWE‑664	Java	java/sensitive-query-with-get	Sensitive GET Query
CWE‑664	Java	java/spring-unvalidated-url-redirection	Spring url redirection from remote source
CWE‑664	Java	java/xxe-with-experimental-sinks	Resolving XML external entity in user-controlled data (experimental sinks)
CWE‑664	Java	java/xxe-local-experimental-sinks	Resolving XML external entity from a local source (experimental sinks)
CWE‑664	Java	java/insecure-rmi-jmx-server-initialization	InsecureRmiJmxAuthenticationEnvironment
CWE‑664	Java	java/regex-injection	Regular expression injection
CWE‑664	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑665	Java	java/unassigned-field	Field is never assigned a non-null value
CWE‑665	Java	java/insecure-rmi-jmx-server-initialization	InsecureRmiJmxAuthenticationEnvironment
CWE‑667	Java	java/unsafe-double-checked-locking	Double-checked locking is not thread-safe
CWE‑667	Java	java/unsafe-double-checked-locking-init-order	Race condition in double-checked locking object initialization
CWE‑667	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑667	Java	java/sleep-with-lock-held	Sleep with lock held
CWE‑667	Java	java/unsynchronized-getter	Inconsistent synchronization of getter and setter
CWE‑667	Java	java/unreleased-lock	Unreleased lock
CWE‑667	Java	java/wait-with-two-locks	Wait with two locks held
CWE‑667	Java	java/lock-order-inconsistency	Lock order inconsistency
CWE‑668	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑668	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑668	Java	java/zipslip	Arbitrary file write during archive extraction ("Zip Slip")
CWE‑668	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑668	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑668	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑668	Java	java/sensitive-log	Insertion of sensitive information into log files
CWE‑668	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑668	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑668	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑668	Java	java/static-array	Array constant vulnerable to change
CWE‑668	Java	java/openstream-called-on-tainted-url	openStream called on URLs created from remote source
CWE‑668	Java	java/insecure-webview-resource-response	Insecure Android WebView Resource Response
CWE‑668	Java	java/sensitive-android-file-leak	Leaking sensitive Android file
CWE‑668	Java	java/possible-timing-attack-against-signature	Possible timing attack against signature validation
CWE‑668	Java	java/timing-attack-against-headers-value	Timing attack against header value
CWE‑668	Java	java/timing-attack-against-signature	Timing attack against signature validation
CWE‑668	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑668	Java	java/server-directory-listing	Directories and files exposure
CWE‑668	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑668	Java	java/password-in-configuration	Password in configuration file
CWE‑668	Java	java/sensitive-query-with-get	Sensitive GET Query
CWE‑669	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑669	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑670	Java	java/whitespace-contradicts-precedence	Whitespace contradicts operator precedence
CWE‑670	Java	java/assignment-in-boolean-expression	Assignment in Boolean expression
CWE‑670	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑670	Java	java/switch-fall-through	Unterminated switch case
CWE‑671	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑671	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑671	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑671	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑671	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑674	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑675	Java	java/unreleased-lock	Unreleased lock
CWE‑676	Java	java/potentially-dangerous-function	Use of a potentially dangerous function
CWE‑681	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑681	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑681	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑681	Java	java/tainted-numeric-cast	User-controlled data in numeric cast
CWE‑681	Java	java/tainted-numeric-cast-local	Local-user-controlled data in numeric cast
CWE‑682	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑682	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑682	Java	java/index-out-of-bounds	Array index out of bounds
CWE‑682	Java	java/tainted-arithmetic	User-controlled data in arithmetic expression
CWE‑682	Java	java/tainted-arithmetic-local	Local-user-controlled data in arithmetic expression
CWE‑682	Java	java/uncontrolled-arithmetic	Uncontrolled data in arithmetic expression
CWE‑682	Java	java/extreme-value-arithmetic	Use of extreme values in arithmetic expression
CWE‑682	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑685	Java	java/missing-format-argument	Missing format argument
CWE‑685	Java	java/unused-format-argument	Unused format argument
CWE‑691	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑691	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑691	Java	java/whitespace-contradicts-precedence	Whitespace contradicts operator precedence
CWE‑691	Java	java/assignment-in-boolean-expression	Assignment in Boolean expression
CWE‑691	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑691	Java	java/wait-on-condition-interface	Wait on condition
CWE‑691	Java	java/call-to-thread-run	Direct call to a run() method
CWE‑691	Java	java/unsafe-double-checked-locking	Double-checked locking is not thread-safe
CWE‑691	Java	java/unsafe-double-checked-locking-init-order	Race condition in double-checked locking object initialization
CWE‑691	Java	java/unsafe-sync-on-field	Futile synchronization on field
CWE‑691	Java	java/inconsistent-field-synchronization	Inconsistent synchronization for field
CWE‑691	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑691	Java	java/non-sync-override	Non-synchronized override of synchronized method
CWE‑691	Java	java/notify-instead-of-notify-all	notify instead of notifyAll
CWE‑691	Java	java/sleep-with-lock-held	Sleep with lock held
CWE‑691	Java	java/sync-on-boxed-types	Synchronization on boxed types or strings
CWE‑691	Java	java/unsynchronized-getter	Inconsistent synchronization of getter and setter
CWE‑691	Java	java/inconsistent-sync-writeobject	Inconsistent synchronization for writeObject()
CWE‑691	Java	java/unreleased-lock	Unreleased lock
CWE‑691	Java	java/wait-with-two-locks	Wait with two locks held
CWE‑691	Java	java/non-short-circuit-evaluation	Dangerous non-short-circuit logic
CWE‑691	Java	java/constant-loop-condition	Constant loop condition
CWE‑691	Java	java/groovy-injection	Groovy Language injection
CWE‑691	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑691	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑691	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑691	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑691	Java	java/toctou-race-condition	Time-of-check time-of-use race condition
CWE‑691	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑691	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑691	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑691	Java	java/lock-order-inconsistency	Lock order inconsistency
CWE‑691	Java	java/unreachable-exit-in-loop	Loop with unreachable exit condition
CWE‑691	Java	java/switch-fall-through	Unterminated switch case
CWE‑691	Java	java/overly-general-catch	Overly-general catch clause
CWE‑691	Java	java/uncaught-number-format-exception	Missing catch of NumberFormatException
CWE‑691	Java	java/jvm-exit	Forcible JVM termination
CWE‑691	Java	java/abnormal-finally-completion	Finally block may not complete normally
CWE‑691	Java	java/beanshell-injection	BeanShell injection
CWE‑691	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑691	Java	java/jshell-injection	JShell injection
CWE‑691	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑691	Java	java/jython-injection	Injection in Jython
CWE‑691	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑691	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑691	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑691	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑691	Java	java/uncaught-servlet-exception	Uncaught Servlet Exception
CWE‑693	Java	java/count-untrusted-data-external-api	Frequency counts for external APIs that are used with untrusted data
CWE‑693	Java	java/untrusted-data-to-external-api	Untrusted data passed to external API
CWE‑693	Java	java/improper-validation-of-array-construction	Improper validation of user-provided size used for array construction
CWE‑693	Java	java/improper-validation-of-array-construction-code-specified	Improper validation of code-specified size used for array construction
CWE‑693	Java	java/improper-validation-of-array-construction-local	Improper validation of local user-provided size used for array construction
CWE‑693	Java	java/improper-validation-of-array-index	Improper validation of user-provided array index
CWE‑693	Java	java/improper-validation-of-array-index-code-specified	Improper validation of code-specified array index
CWE‑693	Java	java/improper-validation-of-array-index-local	Improper validation of local user-provided array index
CWE‑693	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑693	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑693	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑693	Java	java/insecure-trustmanager	TrustManager that accepts all certificates
CWE‑693	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑693	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑693	Java	java/android/cleartext-storage-database	Cleartext storage of sensitive information using a local database on Android
CWE‑693	Java	java/android/cleartext-storage-filesystem	Cleartext storage of sensitive information in the Android filesystem
CWE‑693	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑693	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑693	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑693	Java	java/android/cleartext-storage-shared-prefs	Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑693	Java	java/non-https-url	Failure to use HTTPS URLs
CWE‑693	Java	java/non-ssl-connection	Failure to use SSL
CWE‑693	Java	java/non-ssl-socket-factory	Failure to use SSL socket factories
CWE‑693	Java	java/weak-cryptographic-algorithm	Use of a broken or risky cryptographic algorithm
CWE‑693	Java	java/potentially-weak-cryptographic-algorithm	Use of a potentially broken or risky cryptographic algorithm
CWE‑693	Java	java/missing-jwt-signature-check	Missing JWT signature check
CWE‑693	Java	java/spring-disabled-csrf-protection	Disabled Spring CSRF protection
CWE‑693	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑693	Java	java/insecure-basic-auth	Insecure basic authentication
CWE‑693	Java	java/insecure-cookie	Failure to use secure cookies
CWE‑693	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑693	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑693	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑693	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑693	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑693	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑693	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑693	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑693	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑693	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑693	Java	java/android/intent-redirection	Android Intent redirection
CWE‑693	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑693	Java	java/jxbrowser/disabled-certificate-validation	JxBrowser with disabled certificate validation
CWE‑693	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑693	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑693	Java	java/disabled-certificate-revocation-checking	Disabled ceritificate revocation checking
CWE‑693	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑693	Java	java/insufficient-key-size	Weak encryption: Insufficient key size
CWE‑693	Java	java/unsafe-tls-version	Unsafe TLS version
CWE‑693	Java	java/unvalidated-cors-origin-set	CORS is derived from untrusted input
CWE‑693	Java	java/ip-address-spoofing	IP address spoofing
CWE‑693	Java	java/jsonp-injection	JSONP Injection
CWE‑693	Java	java/insecure-ldap-auth	Insecure LDAP authentication
CWE‑693	Java	java/credentials-in-properties	Cleartext Credentials in Properties File
CWE‑693	Java	java/password-in-configuration	Password in configuration file
CWE‑693	Java	java/hash-without-salt	Use of a hash function without a salt
CWE‑693	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑695	Java	java/ejb/file-io	EJB uses file input/output
CWE‑695	Java	java/ejb/graphics	EJB uses graphics
CWE‑695	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑695	Java	java/ejb/threads	EJB uses threads
CWE‑697	Java	java/missing-default-in-switch	Missing default case in switch
CWE‑697	Java	java/reference-equality-with-object	Reference equality test on java.lang.Object
CWE‑697	Java	java/reference-equality-of-boxed-types	Reference equality test of boxed types
CWE‑697	Java	java/reference-equality-on-strings	Reference equality test on strings
CWE‑697	Java	java/missing-case-in-switch	Missing enum case in switch
CWE‑703	Java	java/inconsistent-call-on-result	Inconsistent operation on return value
CWE‑703	Java	java/return-value-ignored	Method result ignored
CWE‑703	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑703	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑703	Java	java/discarded-exception	Discarded exception
CWE‑703	Java	java/overly-general-catch	Overly-general catch clause
CWE‑703	Java	java/ignored-error-status-of-call	Ignored error status of call
CWE‑703	Java	java/uncaught-number-format-exception	Missing catch of NumberFormatException
CWE‑703	Java	java/uncaught-servlet-exception	Uncaught Servlet Exception
CWE‑703	Java	java/android/nfe-local-android-dos	Local Android DoS Caused By NumberFormatException
CWE‑704	Java	java/implicit-cast-in-compound-assignment	Implicit narrowing conversion in compound assignment
CWE‑704	Java	java/integer-multiplication-cast-to-long	Result of multiplication cast to wider type
CWE‑704	Java	java/impossible-array-cast	Impossible array cast
CWE‑704	Java	java/comparison-with-wider-type	Comparison of narrow type with wide type in loop condition
CWE‑704	Java	java/tainted-numeric-cast	User-controlled data in numeric cast
CWE‑704	Java	java/tainted-numeric-cast-local	Local-user-controlled data in numeric cast
CWE‑705	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑705	Java	java/overly-general-catch	Overly-general catch clause
CWE‑705	Java	java/uncaught-number-format-exception	Missing catch of NumberFormatException
CWE‑705	Java	java/jvm-exit	Forcible JVM termination
CWE‑705	Java	java/abnormal-finally-completion	Finally block may not complete normally
CWE‑705	Java	java/uncaught-servlet-exception	Uncaught Servlet Exception
CWE‑706	Java	java/path-injection	Uncontrolled data used in path expression
CWE‑706	Java	java/path-injection-local	Local-user-controlled data in path expression
CWE‑706	Java	java/zipslip	Arbitrary file write during archive extraction ("Zip Slip")
CWE‑706	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑706	Java	java/openstream-called-on-tainted-url	openStream called on URLs created from remote source
CWE‑707	Java	java/jndi-injection	JNDI lookup with user-controlled name
CWE‑707	Java	java/xslt-injection	XSLT transformation with user-controlled stylesheet
CWE‑707	Java	java/relative-path-command	Executing a command with a relative path
CWE‑707	Java	java/command-line-injection	Uncontrolled command line
CWE‑707	Java	java/command-line-injection-local	Local-user-controlled command line
CWE‑707	Java	java/concatenated-command-line	Building a command line with string concatenation
CWE‑707	Java	java/xss	Cross-site scripting
CWE‑707	Java	java/xss-local	Cross-site scripting from local source
CWE‑707	Java	java/sql-injection	Query built from user-controlled sources
CWE‑707	Java	java/sql-injection-local	Query built from local-user-controlled sources
CWE‑707	Java	java/concatenated-sql-query	Query built without neutralizing special characters
CWE‑707	Java	java/ldap-injection	LDAP query built from user-controlled sources
CWE‑707	Java	java/groovy-injection	Groovy Language injection
CWE‑707	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑707	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑707	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑707	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑707	Java	java/netty-http-request-or-response-splitting	Disabled Netty HTTP header validation
CWE‑707	Java	java/http-response-splitting	HTTP response splitting
CWE‑707	Java	java/http-response-splitting-local	HTTP response splitting from local source
CWE‑707	Java	java/log-injection	Log Injection
CWE‑707	Java	java/tainted-format-string	Use of externally-controlled format string
CWE‑707	Java	java/tainted-format-string-local	Use of externally-controlled format string from local source
CWE‑707	Java	java/xml/xpath-injection	XPath injection
CWE‑707	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑707	Java	java/ognl-injection	OGNL Expression Language statement with user-controlled input
CWE‑707	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑707	Java	java/command-line-injection-experimental	Uncontrolled command line (experimental sinks)
CWE‑707	Java	java/mybatis-annotation-sql-injection	SQL injection in MyBatis annotation
CWE‑707	Java	java/mybatis-xml-sql-injection	SQL injection in MyBatis Mapper XML
CWE‑707	Java	java/beanshell-injection	BeanShell injection
CWE‑707	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑707	Java	java/jshell-injection	JShell injection
CWE‑707	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑707	Java	java/jython-injection	Injection in Jython
CWE‑707	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑707	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑707	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑707	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑707	Java	java/xquery-injection	XQuery query built from user-controlled sources
CWE‑710	Java	java/deprecated-call	Deprecated method or constructor invocation
CWE‑710	Java	java/dead-class	Dead class
CWE‑710	Java	java/dead-enum-constant	Dead enum constant
CWE‑710	Java	java/dead-field	Dead field
CWE‑710	Java	java/dead-function	Dead method
CWE‑710	Java	java/lines-of-dead-code	Lines of dead code in files
CWE‑710	Java	java/unused-parameter	Useless parameter
CWE‑710	Java	java/ejb/container-interference	EJB interferes with container operation
CWE‑710	Java	java/ejb/file-io	EJB uses file input/output
CWE‑710	Java	java/ejb/graphics	EJB uses graphics
CWE‑710	Java	java/ejb/native-code	EJB uses native code
CWE‑710	Java	java/ejb/reflection	EJB uses reflection
CWE‑710	Java	java/ejb/security-configuration-access	EJB accesses security configuration
CWE‑710	Java	java/ejb/substitution-in-serialization	EJB uses substitution in serialization
CWE‑710	Java	java/ejb/socket-or-stream-handler-factory	EJB sets socket factory or URL stream handler factory
CWE‑710	Java	java/ejb/server-socket	EJB uses server socket
CWE‑710	Java	java/ejb/non-final-static-field	EJB uses non-final static field
CWE‑710	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑710	Java	java/ejb/this	EJB uses 'this' as argument or result
CWE‑710	Java	java/ejb/threads	EJB uses threads
CWE‑710	Java	java/useless-null-check	Useless null check
CWE‑710	Java	java/useless-type-test	Useless type test
CWE‑710	Java	java/useless-upcast	Useless upcast
CWE‑710	Java	java/missing-call-to-super-clone	Missing super clone
CWE‑710	Java	java/empty-container	Container contents are never initialized
CWE‑710	Java	java/unused-container	Container contents are never accessed
CWE‑710	Java	java/inconsistent-equals-and-hashcode	Inconsistent equals and hashCode
CWE‑710	Java	java/constant-comparison	Useless comparison test
CWE‑710	Java	java/unreleased-lock	Unreleased lock
CWE‑710	Java	java/missing-super-finalize	Finalizer inconsistency
CWE‑710	Java	java/missing-format-argument	Missing format argument
CWE‑710	Java	java/unused-format-argument	Unused format argument
CWE‑710	Java	java/dereferenced-value-is-always-null	Dereferenced variable is always null
CWE‑710	Java	java/dereferenced-expr-may-be-null	Dereferenced expression may be null
CWE‑710	Java	java/dereferenced-value-may-be-null	Dereferenced variable may be null
CWE‑710	Java	java/empty-synchronized-block	Empty synchronized block
CWE‑710	Java	java/unreachable-catch-clause	Unreachable catch clause
CWE‑710	Java	java/potentially-dangerous-function	Use of a potentially dangerous function
CWE‑710	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑710	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑710	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑710	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑710	Java	java/todo-comment	TODO/FIXME comments
CWE‑710	Java	java/unused-reference-type	Unused classes and interfaces
CWE‑710	Java	java/overwritten-assignment-to-local	Assigned value is overwritten
CWE‑710	Java	java/useless-assignment-to-local	Useless assignment to local variable
CWE‑710	Java	java/empty-finalizer	Empty body of finalizer
CWE‑710	Java	java/unused-initialized-local	Local variable is initialized but not used
CWE‑710	Java	java/local-variable-is-never-read	Unread local variable
CWE‑710	Java	java/unused-field	Unused field
CWE‑710	Java	java/unused-label	Unused label
CWE‑710	Java	java/unused-local-variable	Unused local variable
CWE‑710	Java	java/switch-fall-through	Unterminated switch case
CWE‑710	Java	java/redundant-cast	Unnecessary cast
CWE‑710	Java	java/unused-import	Unnecessary import
CWE‑710	Java	java/static-initialization-vector	Using a static initialization vector for encryption
CWE‑710	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑732	Java	java/local-temp-file-or-directory-information-disclosure	Local information disclosure in a temporary directory
CWE‑732	Java	java/world-writable-file-read	Reading from a world writable file
CWE‑749	Java	java/android/unsafe-android-webview-fetch	Unsafe resource fetching in Android WebView
CWE‑754	Java	java/inconsistent-call-on-result	Inconsistent operation on return value
CWE‑754	Java	java/return-value-ignored	Method result ignored
CWE‑754	Java	java/unsafe-cert-trust	Unsafe certificate trust
CWE‑755	Java	java/stack-trace-exposure	Information exposure through a stack trace
CWE‑755	Java	java/overly-general-catch	Overly-general catch clause
CWE‑755	Java	java/android/nfe-local-android-dos	Local Android DoS Caused By NumberFormatException
CWE‑759	Java	java/hash-without-salt	Use of a hash function without a salt
CWE‑764	Java	java/unreleased-lock	Unreleased lock
CWE‑772	Java	java/input-resource-leak	Potential input resource leak
CWE‑772	Java	java/database-resource-leak	Potential database resource leak
CWE‑772	Java	java/output-resource-leak	Potential output resource leak
CWE‑776	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑783	Java	java/whitespace-contradicts-precedence	Whitespace contradicts operator precedence
CWE‑798	Java	java/hardcoded-credential-api-call	Hard-coded credential in API call
CWE‑798	Java	java/hardcoded-credential-comparison	Hard-coded credential comparison
CWE‑798	Java	java/hardcoded-credential-sensitive-call	Hard-coded credential in sensitive call
CWE‑798	Java	java/hardcoded-password-field	Hard-coded password field
CWE‑798	Java	java/hardcoded-jwt-key	Use of a hardcoded key for signing JWT
CWE‑807	Java	java/user-controlled-bypass	User-controlled bypass of sensitive method
CWE‑807	Java	java/tainted-permissions-check	User-controlled data used in permissions check
CWE‑820	Java	java/lazy-initialization	Incorrect lazy initialization of a static field
CWE‑820	Java	java/non-sync-override	Non-synchronized override of synchronized method
CWE‑821	Java	java/ejb/synchronization	EJB uses synchronization
CWE‑821	Java	java/call-to-thread-run	Direct call to a run() method
CWE‑827	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑829	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑829	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑833	Java	java/sleep-with-lock-held	Sleep with lock held
CWE‑833	Java	java/unreleased-lock	Unreleased lock
CWE‑833	Java	java/wait-with-two-locks	Wait with two locks held
CWE‑833	Java	java/lock-order-inconsistency	Lock order inconsistency
CWE‑834	Java	java/constant-loop-condition	Constant loop condition
CWE‑834	Java	java/xxe	Resolving XML external entity in user-controlled data
CWE‑834	Java	java/unreachable-exit-in-loop	Loop with unreachable exit condition
CWE‑835	Java	java/constant-loop-condition	Constant loop condition
CWE‑835	Java	java/unreachable-exit-in-loop	Loop with unreachable exit condition
CWE‑862	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑913	Java	java/groovy-injection	Groovy Language injection
CWE‑913	Java	java/insecure-bean-validation	Insecure Bean Validation
CWE‑913	Java	java/jexl-expression-injection	Expression language injection (JEXL)
CWE‑913	Java	java/mvel-expression-injection	Expression language injection (MVEL)
CWE‑913	Java	java/spel-expression-injection	Expression language injection (Spring)
CWE‑913	Java	java/android/fragment-injection	Android fragment injection
CWE‑913	Java	java/android/fragment-injection-preference-activity	Android fragment injection in PreferenceActivity
CWE‑913	Java	java/unsafe-deserialization	Deserialization of user-controlled data
CWE‑913	Java	java/log4j-injection	Potential Log4J LDAP JNDI injection (CVE-2021-44228)
CWE‑913	Java	java/beanshell-injection	BeanShell injection
CWE‑913	Java	java/android-insecure-dex-loading	Insecure loading of an Android Dex File
CWE‑913	Java	java/jshell-injection	JShell injection
CWE‑913	Java	java/javaee-expression-injection	Jakarta Expression Language injection
CWE‑913	Java	java/jython-injection	Injection in Jython
CWE‑913	Java	java/unsafe-eval	Injection in Java Script Engine
CWE‑913	Java	java/spring-view-manipulation-implicit	Spring Implicit View Manipulation
CWE‑913	Java	java/spring-view-manipulation	Spring View Manipulation
CWE‑913	Java	java/server-side-template-injection	Server Side Template Injection
CWE‑913	Java	java/unsafe-reflection	Use of externally-controlled input to select classes or code ('unsafe reflection')
CWE‑913	Java	java/unsafe-deserialization-rmi	Unsafe deserialization in a remotely callable method.
CWE‑913	Java	java/unsafe-deserialization-spring-exporter-in-configuration-class	Unsafe deserialization with Spring's remote service exporters.
CWE‑913	Java	java/unsafe-deserialization-spring-exporter-in-xml-configuration	Unsafe deserialization with Spring's remote service exporters.
CWE‑916	Java	java/hash-without-salt	Use of a hash function without a salt
CWE‑917	Java	java/ognl-injection	OGNL Expression Language statement with user-controlled input
CWE‑918	Java	java/ssrf	Server-side request forgery
CWE‑922	Java	java/android/cleartext-storage-database	Cleartext storage of sensitive information using a local database on Android
CWE‑922	Java	java/android/cleartext-storage-filesystem	Cleartext storage of sensitive information in the Android filesystem
CWE‑922	Java	java/cleartext-storage-in-class	Cleartext storage of sensitive information using storable class
CWE‑922	Java	java/cleartext-storage-in-cookie	Cleartext storage of sensitive information in cookie
CWE‑922	Java	java/cleartext-storage-in-properties	Cleartext storage of sensitive information using 'Properties' class
CWE‑922	Java	java/android/cleartext-storage-shared-prefs	Cleartext storage of sensitive information using SharedPreferences on Android
CWE‑923	Java	java/insecure-smtp-ssl	Insecure JavaMail SSL Configuration
CWE‑923	Java	java/unsafe-hostname-verification	Unsafe hostname verification
CWE‑923	Java	java/socket-auth-race-condition	Race condition in socket authentication
CWE‑923	Java	java/maven/non-https-url	Failure to use HTTPS or SFTP URL in Maven artifact upload/download
CWE‑923	Java	java/android/intent-redirection	Android Intent redirection
CWE‑923	Java	java/ignored-hostname-verification	Ignored result of hostname verification
CWE‑923	Java	java/insecure-ldaps-endpoint	Insecure LDAPS Endpoint Configuration
CWE‑926	Java	java/android/intent-uri-permission-manipulation	Intent URI permission manipulation
CWE‑926	Java	java/android/intent-redirection	Android Intent redirection
CWE‑927	Java	java/android/implicit-pendingintents	Use of implicit PendingIntents
CWE‑927	Java	java/android/sensitive-communication	Leaking sensitive information through an implicit Intent
CWE‑939	Java	java/incorrect-url-verification	Incorrect URL verification
CWE‑940	Java	java/android/intent-redirection	Android Intent redirection
CWE‑943	Java	java/sql-injection	Query built from user-controlled sources
CWE‑943	Java	java/sql-injection-local	Query built from local-user-controlled sources
CWE‑943	Java	java/concatenated-sql-query	Query built without neutralizing special characters
CWE‑943	Java	java/ldap-injection	LDAP query built from user-controlled sources
CWE‑943	Java	java/xml/xpath-injection	XPath injection
CWE‑943	Java	java/mybatis-annotation-sql-injection	SQL injection in MyBatis annotation
CWE‑943	Java	java/mybatis-xml-sql-injection	SQL injection in MyBatis Mapper XML
CWE‑943	Java	java/xquery-injection	XQuery query built from user-controlled sources
CWE‑1004	Java	java/tomcat-disabled-httponly	Tomcat config disables 'HttpOnly' flag (XSS risk)
CWE‑1004	Java	java/sensitive-cookie-not-httponly	Sensitive cookies without the HttpOnly response header set
CWE‑1104	Java	java/maven/dependency-upon-bintray	Depending upon JCenter/Bintray as an artifact repository
CWE‑1204	Java	java/static-initialization-vector	Using a static initialization vector for encryption

• © GitHub, Inc.
• Terms
• Privacy