2020 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork checkers
| Rank | CWE ID | Description | Klocwork Issue Code |
|---|---|---|---|
| 1 | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
C/C++: C#: Java: |
| 2 | 787 | Out-of-bounds Write | C/C++:
C#: |
| 3 | 20 | Improper Input Validation | C/C++:
C#: CS.SV.TAINTED.CALL.INDEX_ACCESS CS.SV.TAINTED.CALL.LOOP_BOUND.RESOURCE Java: |
| 4 | 125 | Out-of-bounds Read | C/C++:
C#: |
| 5 | 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | C/C++:
C#: |
| 6 | 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
C/C++: C#: Java: |
| 7 | 200 | Information Exposure |
C/C++: C#: Java: |
| 8 | 416 | Use After Free | C/C++:
C#: |
| 9 | 352 | Cross-Site Request Forgery (CSRF) | C#: Java: |
| 10 | 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | C/C++:
C#: Java: |
| 11 | 190 | Integer Overflow or Wraparound | C/C++:
C#: Java: |
| 12 | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | C/C++:
C#: Java: |
| 13 | 476 | NULL Pointer Dereference | C/C++:
C#: Java: |
| 14 | 287 | Improper Authentication |
C/C++ Java: |
| 15 | 434 | Unrestricted Upload of File with Dangerous Type |
Java: |
| 16 | 732 | Incorrect Permission Assignment for Critical Resource | C/C++:
C#: Java: |
| 17 | 94 | Improper Control of Generation of Code ('Code Injection') | C/C++:
C#: Java: |
| 18 | 522 | Insufficiently Protected Credentials |
Java: |
| 19 | 611 | Improper Restriction of XML External Entity Reference |
C#: Java: |
| 20 | 798 | Use of Hard-coded Credentials | C/C++:
C#: Java: SV.PASSWD.HC.EMPTY |
| 21 | 502 | Deserialization of Untrusted Data |
C#: Java: |
| 22 | 269 | Improper Privilege Management | C/C++:
C#: Java: |
| 23 | 400 | Uncontrolled Resource Consumption | C/C++:
C#: CS.SV.TAINTED.LOOP_BOUND.RESOURCE CS.SV.TAINTED.CALL.LOOP_BOUND.RESOURCE Java: |
| 24 | 306 | Missing Authentication for Critical Function |
Java: |
| 25 | 862 | Missing Authorization |
C#: Java: |
