| HasMember |
 Category - a CWE entry that contains a set of other entries that share a common characteristic. |
16 |
Configuration |
| HasMember |
 Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
20 |
Improper Input Validation |
| HasMember |
 Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
59 |
Improper Link Resolution Before File Access ('Link Following') |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
94 |
Improper Control of Generation of Code ('Code Injection') |
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
| HasMember |
Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. |
134 |
Use of Externally-Controlled Format String |
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
189 |
Numeric Errors |
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
200 |
Exposure of Sensitive Information to an Unauthorized Actor |
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
255 |
Credentials Management Errors |
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
264 |
Permissions, Privileges, and Access Controls |
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
287 |
Improper Authentication |
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
310 |
Cryptographic Issues |
| HasMember |
 Composite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. |
352 |
Cross-Site Request Forgery (CSRF) |
| HasMember |
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
| HasMember |
Category - a CWE entry that contains a set of other entries that share a common characteristic. |
399 |
Resource Management Errors |
Objective
