◐ Shell
clean mode source ↗

CWE coverage for Java and Kotlin — CodeQL query help documentation

CWE-20 Java/Kotlin java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-20 Java/Kotlin java/overly-large-range Overly permissive regular expression range CWE-20 Java/Kotlin java/untrusted-data-to-external-api Untrusted data passed to external API CWE-20 Java/Kotlin java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction CWE-20 Java/Kotlin java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction CWE-20 Java/Kotlin java/improper-validation-of-array-index Improper validation of user-provided array index CWE-20 Java/Kotlin java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index CWE-20 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-22 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-22 Java/Kotlin java/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-22 Java/Kotlin java/partial-path-traversal Partial path traversal vulnerability CWE-22 Java/Kotlin java/partial-path-traversal-from-remote Partial path traversal vulnerability from remote CWE-22 Java/Kotlin java/openstream-called-on-tainted-url openStream called on URLs created from remote source CWE-23 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-23 Java/Kotlin java/partial-path-traversal Partial path traversal vulnerability CWE-23 Java/Kotlin java/partial-path-traversal-from-remote Partial path traversal vulnerability from remote CWE-36 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-36 Java/Kotlin java/openstream-called-on-tainted-url openStream called on URLs created from remote source CWE-73 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-73 Java/Kotlin java/file-path-injection File Path Injection CWE-74 Java/Kotlin java/jndi-injection JNDI lookup with user-controlled name CWE-74 Java/Kotlin java/xslt-injection XSLT transformation with user-controlled stylesheet CWE-74 Java/Kotlin java/relative-path-command Executing a command with a relative path CWE-74 Java/Kotlin java/command-line-injection Uncontrolled command line CWE-74 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-74 Java/Kotlin java/concatenated-command-line Building a command line with string concatenation CWE-74 Java/Kotlin java/android/webview-addjavascriptinterface Access Java object methods through JavaScript exposure CWE-74 Java/Kotlin java/android/websettings-javascript-enabled Android WebView JavaScript settings CWE-74 Java/Kotlin java/xss Cross-site scripting CWE-74 Java/Kotlin java/concatenated-sql-query Query built by concatenation with a possibly-untrusted string CWE-74 Java/Kotlin java/sql-injection Query built from user-controlled sources CWE-74 Java/Kotlin java/ldap-injection LDAP query built from user-controlled sources CWE-74 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-74 Java/Kotlin java/groovy-injection Groovy Language injection CWE-74 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-74 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-74 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-74 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-74 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-74 Java/Kotlin java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation CWE-74 Java/Kotlin java/http-response-splitting HTTP response splitting CWE-74 Java/Kotlin java/tainted-format-string Use of externally-controlled format string CWE-74 Java/Kotlin java/xml/xpath-injection XPath injection CWE-74 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-74 Java/Kotlin java/ognl-injection OGNL Expression Language statement with user-controlled input CWE-74 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-74 Java/Kotlin java/command-line-injection-extra Command Injection into Runtime.exec() with dangerous command CWE-74 Java/Kotlin java/command-line-injection-extra-local Command Injection into Runtime.exec() with dangerous command CWE-74 Java/Kotlin java/command-line-injection-experimental Uncontrolled command line (experimental sinks) CWE-74 Java/Kotlin java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation CWE-74 Java/Kotlin java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML CWE-74 Java/Kotlin java/beanshell-injection BeanShell injection CWE-74 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-74 Java/Kotlin java/jshell-injection JShell injection CWE-74 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-74 Java/Kotlin java/jython-injection Injection in Jython CWE-74 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-74 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-74 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-74 Java/Kotlin java/xquery-injection XQuery query built from user-controlled sources CWE-77 Java/Kotlin java/relative-path-command Executing a command with a relative path CWE-77 Java/Kotlin java/command-line-injection Uncontrolled command line CWE-77 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-77 Java/Kotlin java/concatenated-command-line Building a command line with string concatenation CWE-77 Java/Kotlin java/ognl-injection OGNL Expression Language statement with user-controlled input CWE-77 Java/Kotlin java/command-line-injection-extra Command Injection into Runtime.exec() with dangerous command CWE-77 Java/Kotlin java/command-line-injection-extra-local Command Injection into Runtime.exec() with dangerous command CWE-77 Java/Kotlin java/command-line-injection-experimental Uncontrolled command line (experimental sinks) CWE-78 Java/Kotlin java/relative-path-command Executing a command with a relative path CWE-78 Java/Kotlin java/command-line-injection Uncontrolled command line CWE-78 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-78 Java/Kotlin java/concatenated-command-line Building a command line with string concatenation CWE-78 Java/Kotlin java/command-line-injection-extra Command Injection into Runtime.exec() with dangerous command CWE-78 Java/Kotlin java/command-line-injection-extra-local Command Injection into Runtime.exec() with dangerous command CWE-78 Java/Kotlin java/command-line-injection-experimental Uncontrolled command line (experimental sinks) CWE-79 Java/Kotlin java/android/webview-addjavascriptinterface Access Java object methods through JavaScript exposure CWE-79 Java/Kotlin java/android/websettings-javascript-enabled Android WebView JavaScript settings CWE-79 Java/Kotlin java/xss Cross-site scripting CWE-79 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-88 Java/Kotlin java/relative-path-command Executing a command with a relative path CWE-88 Java/Kotlin java/command-line-injection Uncontrolled command line CWE-88 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-88 Java/Kotlin java/concatenated-command-line Building a command line with string concatenation CWE-88 Java/Kotlin java/command-line-injection-experimental Uncontrolled command line (experimental sinks) CWE-89 Java/Kotlin java/concatenated-sql-query Query built by concatenation with a possibly-untrusted string CWE-89 Java/Kotlin java/sql-injection Query built from user-controlled sources CWE-89 Java/Kotlin java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation CWE-89 Java/Kotlin java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML CWE-90 Java/Kotlin java/ldap-injection LDAP query built from user-controlled sources CWE-91 Java/Kotlin java/xml/xpath-injection XPath injection CWE-91 Java/Kotlin java/xquery-injection XQuery query built from user-controlled sources CWE-93 Java/Kotlin java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation CWE-93 Java/Kotlin java/http-response-splitting HTTP response splitting CWE-94 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-94 Java/Kotlin java/groovy-injection Groovy Language injection CWE-94 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-94 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-94 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-94 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-94 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-94 Java/Kotlin java/beanshell-injection BeanShell injection CWE-94 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-94 Java/Kotlin java/jshell-injection JShell injection CWE-94 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-94 Java/Kotlin java/jython-injection Injection in Jython CWE-94 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-94 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-94 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-95 Java/Kotlin java/jython-injection Injection in Jython CWE-113 Java/Kotlin java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation CWE-113 Java/Kotlin java/http-response-splitting HTTP response splitting CWE-116 Java/Kotlin java/log-injection Log Injection CWE-117 Java/Kotlin java/log-injection Log Injection CWE-129 Java/Kotlin java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction CWE-129 Java/Kotlin java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction CWE-129 Java/Kotlin java/improper-validation-of-array-index Improper validation of user-provided array index CWE-129 Java/Kotlin java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index CWE-134 Java/Kotlin java/tainted-format-string Use of externally-controlled format string CWE-185 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-190 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-190 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-190 Java/Kotlin java/tainted-arithmetic User-controlled data in arithmetic expression CWE-190 Java/Kotlin java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression CWE-190 Java/Kotlin java/extreme-value-arithmetic Use of extreme values in arithmetic expression CWE-190 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-191 Java/Kotlin java/tainted-arithmetic User-controlled data in arithmetic expression CWE-191 Java/Kotlin java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression CWE-191 Java/Kotlin java/extreme-value-arithmetic Use of extreme values in arithmetic expression CWE-193 Java/Kotlin java/index-out-of-bounds Array index out of bounds CWE-197 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-197 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-197 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-197 Java/Kotlin java/tainted-numeric-cast User-controlled data in numeric cast CWE-200 Java/Kotlin java/android/sensitive-notification Exposure of sensitive information to notifications CWE-200 Java/Kotlin java/android/sensitive-text Exposure of sensitive information to UI text views CWE-200 Java/Kotlin java/android/websettings-allow-content-access Android WebView settings allows access to content links CWE-200 Java/Kotlin java/android/websettings-file-access Android WebSettings file access CWE-200 Java/Kotlin java/spring-boot-exposed-actuators Exposed Spring Boot actuators CWE-200 Java/Kotlin java/spring-boot-exposed-actuators-config Exposed Spring Boot actuators in configuration file CWE-200 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-200 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-200 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-200 Java/Kotlin java/android/sensitive-keyboard-cache Android sensitive keyboard cache CWE-200 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-200 Java/Kotlin java/insecure-webview-resource-response Insecure Android WebView Resource Response CWE-200 Java/Kotlin java/sensitive-android-file-leak Leaking sensitive Android file CWE-200 Java/Kotlin java/possible-timing-attack-against-signature Possible timing attack against signature validation CWE-200 Java/Kotlin java/timing-attack-against-headers-value Timing attack against header value CWE-200 Java/Kotlin java/timing-attack-against-signature Timing attack against signature validation CWE-200 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-200 Java/Kotlin java/sensitive-query-with-get Sensitive GET Query CWE-203 Java/Kotlin java/possible-timing-attack-against-signature Possible timing attack against signature validation CWE-203 Java/Kotlin java/timing-attack-against-headers-value Timing attack against header value CWE-203 Java/Kotlin java/timing-attack-against-signature Timing attack against signature validation CWE-208 Java/Kotlin java/possible-timing-attack-against-signature Possible timing attack against signature validation CWE-208 Java/Kotlin java/timing-attack-against-headers-value Timing attack against header value CWE-208 Java/Kotlin java/timing-attack-against-signature Timing attack against signature validation CWE-209 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-209 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-221 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-227 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-227 Java/Kotlin java/ejb/file-io EJB uses file input/output CWE-227 Java/Kotlin java/ejb/graphics EJB uses graphics CWE-227 Java/Kotlin java/ejb/native-code EJB uses native code CWE-227 Java/Kotlin java/ejb/reflection EJB uses reflection CWE-227 Java/Kotlin java/ejb/security-configuration-access EJB accesses security configuration CWE-227 Java/Kotlin java/ejb/substitution-in-serialization EJB uses substitution in serialization CWE-227 Java/Kotlin java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory CWE-227 Java/Kotlin java/ejb/server-socket EJB uses server socket CWE-227 Java/Kotlin java/ejb/non-final-static-field EJB uses non-final static field CWE-227 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-227 Java/Kotlin java/ejb/this EJB uses 'this' as argument or result CWE-227 Java/Kotlin java/ejb/threads EJB uses threads CWE-227 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-227 Java/Kotlin java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode CWE-227 Java/Kotlin java/unreleased-lock Unreleased lock CWE-227 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-227 Java/Kotlin java/missing-format-argument Missing format argument CWE-227 Java/Kotlin java/unused-format-argument Unused format argument CWE-227 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-227 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-227 Java/Kotlin java/do-not-call-finalize Do not call finalize() CWE-248 Java/Kotlin java/uncaught-number-format-exception Missing catch of NumberFormatException CWE-248 Java/Kotlin java/uncaught-servlet-exception Uncaught Servlet Exception CWE-252 Java/Kotlin java/inconsistent-call-on-result Inconsistent operation on return value CWE-252 Java/Kotlin java/return-value-ignored Method result ignored CWE-256 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-256 Java/Kotlin java/password-in-configuration Password in configuration file CWE-260 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-260 Java/Kotlin java/password-in-configuration Password in configuration file CWE-266 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-269 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-269 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-271 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-273 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-284 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-284 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-284 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-284 Java/Kotlin java/android/insecure-local-key-gen Insecurely generated keys for local authentication CWE-284 Java/Kotlin java/android/insecure-local-authentication Insecure local authentication CWE-284 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-284 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-284 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-284 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-284 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-284 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-284 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-284 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-284 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-284 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-284 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-284 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-284 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-284 Java/Kotlin java/improper-intent-verification Improper verification of intent by broadcast receiver CWE-284 Java/Kotlin java/android/incomplete-provider-permissions Missing read or write permission in a content provider CWE-284 Java/Kotlin java/android/implicitly-exported-component Implicitly exported Android component CWE-284 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-284 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-284 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-284 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-284 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-284 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-284 Java/Kotlin java/unvalidated-cors-origin-set CORS is derived from untrusted input CWE-284 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-284 Java/Kotlin java/password-in-configuration Password in configuration file CWE-284 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-284 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-285 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-285 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-285 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-285 Java/Kotlin java/android/incomplete-provider-permissions Missing read or write permission in a content provider CWE-285 Java/Kotlin java/android/implicitly-exported-component Implicitly exported Android component CWE-285 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-285 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-285 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-285 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-285 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-285 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-287 Java/Kotlin java/android/insecure-local-key-gen Insecurely generated keys for local authentication CWE-287 Java/Kotlin java/android/insecure-local-authentication Insecure local authentication CWE-287 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-287 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-287 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-287 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-287 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-287 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-287 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-287 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-287 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-287 Java/Kotlin java/password-in-configuration Password in configuration file CWE-290 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-290 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-295 Java/Kotlin java/android/missing-certificate-pinning Android missing certificate pinning CWE-295 Java/Kotlin java/improper-webview-certificate-validation Android WebView that accepts all certificates CWE-295 Java/Kotlin java/insecure-trustmanager TrustManager that accepts all certificates CWE-295 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-295 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-295 Java/Kotlin java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation CWE-295 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-295 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-295 Java/Kotlin java/disabled-certificate-revocation-checking Disabled certificate revocation checking CWE-297 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-297 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-297 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-297 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-299 Java/Kotlin java/disabled-certificate-revocation-checking Disabled certificate revocation checking CWE-300 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-311 Java/Kotlin java/android/backup-enabled Application backup allowed CWE-311 Java/Kotlin java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android CWE-311 Java/Kotlin java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem CWE-311 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-311 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-311 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-311 Java/Kotlin java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android CWE-311 Java/Kotlin java/non-https-url Failure to use HTTPS URLs CWE-311 Java/Kotlin java/non-ssl-connection Failure to use SSL CWE-311 Java/Kotlin java/non-ssl-socket-factory Failure to use SSL socket factories CWE-311 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-311 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-311 Java/Kotlin java/insecure-cookie Failure to use secure cookies CWE-311 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-312 Java/Kotlin java/android/backup-enabled Application backup allowed CWE-312 Java/Kotlin java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android CWE-312 Java/Kotlin java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem CWE-312 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-312 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-312 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-312 Java/Kotlin java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android CWE-313 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-315 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-319 Java/Kotlin java/non-https-url Failure to use HTTPS URLs CWE-319 Java/Kotlin java/non-ssl-connection Failure to use SSL CWE-319 Java/Kotlin java/non-ssl-socket-factory Failure to use SSL socket factories CWE-319 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-319 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-319 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-326 Java/Kotlin java/insufficient-key-size Use of a cryptographic algorithm with insufficient key size CWE-326 Java/Kotlin java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm CWE-326 Java/Kotlin java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm CWE-326 Java/Kotlin java/weak-cryptographic-algorithm-new-model Use of a broken or risky cryptographic algorithm CWE-327 Java/Kotlin java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm CWE-327 Java/Kotlin java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm CWE-327 Java/Kotlin java/rsa-without-oaep Use of RSA algorithm without OAEP CWE-327 Java/Kotlin java/azure-storage/unsafe-client-side-encryption-in-use Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187) CWE-327 Java/Kotlin java/unsafe-tls-version Unsafe TLS version CWE-327 Java/Kotlin java/hash-without-salt Use of a hash function without a salt CWE-327 Java/Kotlin java/weak-cryptographic-algorithm-new-model Use of a broken or risky cryptographic algorithm CWE-327 Java/Kotlin java/quantum/examples/weak-hash Weak hashes CWE-327 Java/Kotlin java/quantum/examples/weak-ciphers Weak symmetric ciphers CWE-328 Java/Kotlin java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm CWE-328 Java/Kotlin java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm CWE-328 Java/Kotlin java/weak-cryptographic-algorithm-new-model Use of a broken or risky cryptographic algorithm CWE-329 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-330 Java/Kotlin java/random-used-once Random used only once CWE-330 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-330 Java/Kotlin java/insecure-randomness Insecure randomness CWE-330 Java/Kotlin java/predictable-seed Use of a predictable seed in a secure random number generator CWE-330 Java/Kotlin java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303 CWE-330 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-330 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-330 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-330 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-335 Java/Kotlin java/random-used-once Random used only once CWE-335 Java/Kotlin java/predictable-seed Use of a predictable seed in a secure random number generator CWE-337 Java/Kotlin java/predictable-seed Use of a predictable seed in a secure random number generator CWE-338 Java/Kotlin java/insecure-randomness Insecure randomness CWE-338 Java/Kotlin java/jhipster-prng Detect JHipster Generator Vulnerability CVE-2019-16303 CWE-344 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-344 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-344 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-344 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-345 Java/Kotlin java/non-https-url Failure to use HTTPS URLs CWE-345 Java/Kotlin java/missing-jwt-signature-check Missing JWT signature check CWE-345 Java/Kotlin java/csrf-unprotected-request-type HTTP request type unprotected from CSRF CWE-345 Java/Kotlin java/spring-disabled-csrf-protection Disabled Spring CSRF protection CWE-345 Java/Kotlin java/unvalidated-cors-origin-set CORS is derived from untrusted input CWE-345 Java/Kotlin java/missing-jwt-signature-check-auth0 Missing JWT signature check CWE-345 Java/Kotlin java/ip-address-spoofing IP address spoofing CWE-345 Java/Kotlin java/jsonp-injection JSONP Injection CWE-346 Java/Kotlin java/unvalidated-cors-origin-set CORS is derived from untrusted input CWE-347 Java/Kotlin java/missing-jwt-signature-check Missing JWT signature check CWE-347 Java/Kotlin java/missing-jwt-signature-check-auth0 Missing JWT signature check CWE-348 Java/Kotlin java/ip-address-spoofing IP address spoofing CWE-352 Java/Kotlin java/csrf-unprotected-request-type HTTP request type unprotected from CSRF CWE-352 Java/Kotlin java/spring-disabled-csrf-protection Disabled Spring CSRF protection CWE-352 Java/Kotlin java/jsonp-injection JSONP Injection CWE-362 Java/Kotlin java/toctou-race-condition Time-of-check time-of-use race condition CWE-362 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-367 Java/Kotlin java/toctou-race-condition Time-of-check time-of-use race condition CWE-382 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-382 Java/Kotlin java/jvm-exit Forcible JVM termination CWE-383 Java/Kotlin java/ejb/threads EJB uses threads CWE-391 Java/Kotlin java/discarded-exception Discarded exception CWE-391 Java/Kotlin java/ignored-error-status-of-call Ignored error status of call CWE-396 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-398 Java/Kotlin java/deprecated-call Deprecated method or constructor invocation CWE-398 Java/Kotlin java/dead-class Dead class CWE-398 Java/Kotlin java/dead-enum-constant Dead enum constant CWE-398 Java/Kotlin java/dead-field Dead field CWE-398 Java/Kotlin java/dead-function Dead method CWE-398 Java/Kotlin java/lines-of-dead-code Lines of dead code in files CWE-398 Java/Kotlin java/unused-parameter Useless parameter CWE-398 Java/Kotlin java/useless-null-check Useless null check CWE-398 Java/Kotlin java/useless-type-test Useless type test CWE-398 Java/Kotlin java/useless-upcast Useless upcast CWE-398 Java/Kotlin java/empty-container Container contents are never initialized CWE-398 Java/Kotlin java/unused-container Container contents are never accessed CWE-398 Java/Kotlin java/equals-on-unrelated-types Equals on incomparable types CWE-398 Java/Kotlin java/constant-comparison Useless comparison test CWE-398 Java/Kotlin java/dereferenced-value-is-always-null Dereferenced variable is always null CWE-398 Java/Kotlin java/dereferenced-expr-may-be-null Dereferenced expression may be null CWE-398 Java/Kotlin java/dereferenced-value-may-be-null Dereferenced variable may be null CWE-398 Java/Kotlin java/empty-synchronized-block Empty synchronized block CWE-398 Java/Kotlin java/unreachable-catch-clause Unreachable catch clause CWE-398 Java/Kotlin java/potentially-dangerous-function Use of a potentially dangerous function CWE-398 Java/Kotlin java/todo-comment TODO/FIXME comments CWE-398 Java/Kotlin java/unused-reference-type Unused classes and interfaces CWE-398 Java/Kotlin java/overwritten-assignment-to-local Assigned value is overwritten CWE-398 Java/Kotlin java/useless-assignment-to-local Useless assignment to local variable CWE-398 Java/Kotlin java/unused-initialized-local Local variable is initialized but not used CWE-398 Java/Kotlin java/local-variable-is-never-read Unread local variable CWE-398 Java/Kotlin java/unused-field Unused field CWE-398 Java/Kotlin java/unused-label Unused label CWE-398 Java/Kotlin java/unused-local-variable Unused local variable CWE-398 Java/Kotlin java/switch-fall-through Unterminated switch case CWE-398 Java/Kotlin java/redundant-cast Unnecessary cast CWE-398 Java/Kotlin java/unused-import Unnecessary import CWE-400 Java/Kotlin java/input-resource-leak Potential input resource leak CWE-400 Java/Kotlin java/database-resource-leak Potential database resource leak CWE-400 Java/Kotlin java/output-resource-leak Potential output resource leak CWE-400 Java/Kotlin java/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-400 Java/Kotlin java/redos Inefficient regular expression CWE-400 Java/Kotlin java/regex-injection Regular expression injection CWE-400 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-400 Java/Kotlin java/local-thread-resource-abuse Uncontrolled thread resource consumption from local input source CWE-400 Java/Kotlin java/thread-resource-abuse Uncontrolled thread resource consumption CWE-404 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-404 Java/Kotlin java/input-resource-leak Potential input resource leak CWE-404 Java/Kotlin java/database-resource-leak Potential database resource leak CWE-404 Java/Kotlin java/output-resource-leak Potential output resource leak CWE-404 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-404 Java/Kotlin java/disabled-certificate-revocation-checking Disabled certificate revocation checking CWE-405 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-405 Java/Kotlin java/uncontrolled-file-decompression Uncontrolled file decompression CWE-409 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-409 Java/Kotlin java/uncontrolled-file-decompression Uncontrolled file decompression CWE-413 Java/Kotlin java/unsynchronized-getter Inconsistent synchronization of getter and setter CWE-420 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-421 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-441 Java/Kotlin java/android/unsafe-content-uri-resolution Uncontrolled data used in content resolution CWE-441 Java/Kotlin java/ssrf Server-side request forgery CWE-454 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-457 Java/Kotlin java/unassigned-field Field is never assigned a non-null value CWE-459 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-459 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-470 Java/Kotlin java/android/fragment-injection Android fragment injection CWE-470 Java/Kotlin java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity CWE-470 Java/Kotlin java/android/unsafe-reflection Load 3rd party classes or code ('unsafe reflection') without signature check CWE-470 Java/Kotlin java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection') CWE-476 Java/Kotlin java/dereferenced-value-is-always-null Dereferenced variable is always null CWE-476 Java/Kotlin java/dereferenced-expr-may-be-null Dereferenced expression may be null CWE-476 Java/Kotlin java/dereferenced-value-may-be-null Dereferenced variable may be null CWE-477 Java/Kotlin java/deprecated-call Deprecated method or constructor invocation CWE-478 Java/Kotlin java/missing-default-in-switch Missing default case in switch CWE-478 Java/Kotlin java/missing-case-in-switch Missing enum case in switch CWE-480 Java/Kotlin java/assignment-in-boolean-expression Assignment in Boolean expression CWE-480 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-481 Java/Kotlin java/assignment-in-boolean-expression Assignment in Boolean expression CWE-484 Java/Kotlin java/switch-fall-through Unterminated switch case CWE-485 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-485 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-485 Java/Kotlin java/android/debuggable-attribute-enabled Android debuggable attribute enabled CWE-485 Java/Kotlin java/android/webview-debugging-enabled Android Webview debugging enabled CWE-485 Java/Kotlin java/trust-boundary-violation Trust boundary violation CWE-485 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-485 Java/Kotlin java/abstract-to-concrete-cast Cast from abstract to concrete collection CWE-485 Java/Kotlin java/internal-representation-exposure Exposing internal representation CWE-485 Java/Kotlin java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean CWE-485 Java/Kotlin java/main-method-in-web-components Main Method in Java EE Web Components CWE-485 Java/Kotlin java/struts-development-mode Apache Struts development mode enabled CWE-489 Java/Kotlin java/android/debuggable-attribute-enabled Android debuggable attribute enabled CWE-489 Java/Kotlin java/android/webview-debugging-enabled Android Webview debugging enabled CWE-489 Java/Kotlin java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean CWE-489 Java/Kotlin java/main-method-in-web-components Main Method in Java EE Web Components CWE-489 Java/Kotlin java/struts-development-mode Apache Struts development mode enabled CWE-494 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-497 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-499 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-501 Java/Kotlin java/trust-boundary-violation Trust boundary violation CWE-502 Java/Kotlin java/unsafe-deserialization Deserialization of user-controlled data CWE-502 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-502 Java/Kotlin java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method CWE-502 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters CWE-502 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters CWE-522 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-522 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-522 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-522 Java/Kotlin java/password-in-configuration Password in configuration file CWE-524 Java/Kotlin java/android/sensitive-keyboard-cache Android sensitive keyboard cache CWE-532 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-538 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-538 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-543 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-546 Java/Kotlin java/todo-comment TODO/FIXME comments CWE-548 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-552 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-552 Java/Kotlin java/unvalidated-url-forward URL forward from a remote source CWE-552 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-555 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-555 Java/Kotlin java/password-in-configuration Password in configuration file CWE-561 Java/Kotlin java/dead-class Dead class CWE-561 Java/Kotlin java/dead-enum-constant Dead enum constant CWE-561 Java/Kotlin java/dead-field Dead field CWE-561 Java/Kotlin java/dead-function Dead method CWE-561 Java/Kotlin java/lines-of-dead-code Lines of dead code in files CWE-561 Java/Kotlin java/unused-parameter Useless parameter CWE-561 Java/Kotlin java/useless-null-check Useless null check CWE-561 Java/Kotlin java/useless-type-test Useless type test CWE-561 Java/Kotlin java/useless-upcast Useless upcast CWE-561 Java/Kotlin java/empty-container Container contents are never initialized CWE-561 Java/Kotlin java/unused-container Container contents are never accessed CWE-561 Java/Kotlin java/equals-on-unrelated-types Equals on incomparable types CWE-561 Java/Kotlin java/constant-comparison Useless comparison test CWE-561 Java/Kotlin java/unreachable-catch-clause Unreachable catch clause CWE-561 Java/Kotlin java/unused-reference-type Unused classes and interfaces CWE-561 Java/Kotlin java/useless-assignment-to-local Useless assignment to local variable CWE-561 Java/Kotlin java/local-variable-is-never-read Unread local variable CWE-561 Java/Kotlin java/unused-field Unused field CWE-561 Java/Kotlin java/unused-label Unused label CWE-561 Java/Kotlin java/redundant-cast Unnecessary cast CWE-561 Java/Kotlin java/unused-import Unnecessary import CWE-563 Java/Kotlin java/overwritten-assignment-to-local Assigned value is overwritten CWE-563 Java/Kotlin java/unused-initialized-local Local variable is initialized but not used CWE-563 Java/Kotlin java/unused-local-variable Unused local variable CWE-564 Java/Kotlin java/concatenated-sql-query Query built by concatenation with a possibly-untrusted string CWE-564 Java/Kotlin java/sql-injection Query built from user-controlled sources CWE-568 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-568 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-570 Java/Kotlin java/constant-comparison Useless comparison test CWE-571 Java/Kotlin java/equals-on-unrelated-types Equals on incomparable types CWE-571 Java/Kotlin java/constant-comparison Useless comparison test CWE-572 Java/Kotlin java/call-to-thread-run Direct call to a run() method CWE-573 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-573 Java/Kotlin java/ejb/file-io EJB uses file input/output CWE-573 Java/Kotlin java/ejb/graphics EJB uses graphics CWE-573 Java/Kotlin java/ejb/native-code EJB uses native code CWE-573 Java/Kotlin java/ejb/reflection EJB uses reflection CWE-573 Java/Kotlin java/ejb/security-configuration-access EJB accesses security configuration CWE-573 Java/Kotlin java/ejb/substitution-in-serialization EJB uses substitution in serialization CWE-573 Java/Kotlin java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory CWE-573 Java/Kotlin java/ejb/server-socket EJB uses server socket CWE-573 Java/Kotlin java/ejb/non-final-static-field EJB uses non-final static field CWE-573 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-573 Java/Kotlin java/ejb/this EJB uses 'this' as argument or result CWE-573 Java/Kotlin java/ejb/threads EJB uses threads CWE-573 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-573 Java/Kotlin java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode CWE-573 Java/Kotlin java/unreleased-lock Unreleased lock CWE-573 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-573 Java/Kotlin java/missing-format-argument Missing format argument CWE-573 Java/Kotlin java/unused-format-argument Unused format argument CWE-573 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-573 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-574 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-575 Java/Kotlin java/ejb/graphics EJB uses graphics CWE-576 Java/Kotlin java/ejb/file-io EJB uses file input/output CWE-577 Java/Kotlin java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory CWE-577 Java/Kotlin java/ejb/server-socket EJB uses server socket CWE-578 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-580 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-581 Java/Kotlin java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode CWE-582 Java/Kotlin java/static-array Array constant vulnerable to change CWE-584 Java/Kotlin java/abnormal-finally-completion Finally block may not complete normally CWE-585 Java/Kotlin java/empty-synchronized-block Empty synchronized block CWE-586 Java/Kotlin java/do-not-call-finalize Do not call finalize() CWE-592 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-592 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-595 Java/Kotlin java/reference-equality-with-object Reference equality test on java.lang.Object CWE-595 Java/Kotlin java/reference-equality-of-boxed-types Reference equality test of boxed types CWE-595 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-597 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-598 Java/Kotlin java/sensitive-query-with-get Sensitive GET Query CWE-600 Java/Kotlin java/uncaught-servlet-exception Uncaught Servlet Exception CWE-601 Java/Kotlin java/unvalidated-url-redirection URL redirection from remote source CWE-601 Java/Kotlin java/spring-unvalidated-url-redirection Spring url redirection from remote source CWE-609 Java/Kotlin java/unsafe-double-checked-locking Double-checked locking is not thread-safe CWE-609 Java/Kotlin java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization CWE-609 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-610 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-610 Java/Kotlin java/android/unsafe-content-uri-resolution Uncontrolled data used in content resolution CWE-610 Java/Kotlin java/android/fragment-injection Android fragment injection CWE-610 Java/Kotlin java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity CWE-610 Java/Kotlin java/unvalidated-url-redirection URL redirection from remote source CWE-610 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-610 Java/Kotlin java/ssrf Server-side request forgery CWE-610 Java/Kotlin java/file-path-injection File Path Injection CWE-610 Java/Kotlin java/android/unsafe-reflection Load 3rd party classes or code ('unsafe reflection') without signature check CWE-610 Java/Kotlin java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection') CWE-610 Java/Kotlin java/spring-unvalidated-url-redirection Spring url redirection from remote source CWE-611 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-614 Java/Kotlin java/insecure-cookie Failure to use secure cookies CWE-625 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-628 Java/Kotlin java/missing-format-argument Missing format argument CWE-628 Java/Kotlin java/unused-format-argument Unused format argument CWE-642 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-642 Java/Kotlin java/file-path-injection File Path Injection CWE-643 Java/Kotlin java/xml/xpath-injection XPath injection CWE-652 Java/Kotlin java/xquery-injection XQuery query built from user-controlled sources CWE-657 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-657 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-657 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-657 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-662 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-662 Java/Kotlin java/wait-on-condition-interface Wait on condition CWE-662 Java/Kotlin java/call-to-thread-run Direct call to a run() method CWE-662 Java/Kotlin java/unsafe-double-checked-locking Double-checked locking is not thread-safe CWE-662 Java/Kotlin java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization CWE-662 Java/Kotlin java/unsafe-sync-on-field Futile synchronization on field CWE-662 Java/Kotlin java/inconsistent-field-synchronization Inconsistent synchronization for field CWE-662 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-662 Java/Kotlin java/non-sync-override Non-synchronized override of synchronized method CWE-662 Java/Kotlin java/notify-instead-of-notify-all notify instead of notifyAll CWE-662 Java/Kotlin java/sleep-with-lock-held Sleep with lock held CWE-662 Java/Kotlin java/sync-on-boxed-types Synchronization on boxed types or strings CWE-662 Java/Kotlin java/unsynchronized-getter Inconsistent synchronization of getter and setter CWE-662 Java/Kotlin java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject() CWE-662 Java/Kotlin java/unreleased-lock Unreleased lock CWE-662 Java/Kotlin java/wait-with-two-locks Wait with two locks held CWE-662 Java/Kotlin java/lock-order-inconsistency Lock order inconsistency CWE-664 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-664 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-664 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-664 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-664 Java/Kotlin java/wait-on-condition-interface Wait on condition CWE-664 Java/Kotlin java/call-to-thread-run Direct call to a run() method CWE-664 Java/Kotlin java/unsafe-double-checked-locking Double-checked locking is not thread-safe CWE-664 Java/Kotlin java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization CWE-664 Java/Kotlin java/unsafe-sync-on-field Futile synchronization on field CWE-664 Java/Kotlin java/inconsistent-field-synchronization Inconsistent synchronization for field CWE-664 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-664 Java/Kotlin java/non-sync-override Non-synchronized override of synchronized method CWE-664 Java/Kotlin java/notify-instead-of-notify-all notify instead of notifyAll CWE-664 Java/Kotlin java/sleep-with-lock-held Sleep with lock held CWE-664 Java/Kotlin java/sync-on-boxed-types Synchronization on boxed types or strings CWE-664 Java/Kotlin java/unsynchronized-getter Inconsistent synchronization of getter and setter CWE-664 Java/Kotlin java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject() CWE-664 Java/Kotlin java/unreleased-lock Unreleased lock CWE-664 Java/Kotlin java/wait-with-two-locks Wait with two locks held CWE-664 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-664 Java/Kotlin java/input-resource-leak Potential input resource leak CWE-664 Java/Kotlin java/database-resource-leak Potential database resource leak CWE-664 Java/Kotlin java/output-resource-leak Potential output resource leak CWE-664 Java/Kotlin java/impossible-array-cast Impossible array cast CWE-664 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-664 Java/Kotlin java/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-664 Java/Kotlin java/partial-path-traversal Partial path traversal vulnerability CWE-664 Java/Kotlin java/partial-path-traversal-from-remote Partial path traversal vulnerability from remote CWE-664 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-664 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-664 Java/Kotlin java/groovy-injection Groovy Language injection CWE-664 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-664 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-664 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-664 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-664 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-664 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-664 Java/Kotlin java/android/sensitive-notification Exposure of sensitive information to notifications CWE-664 Java/Kotlin java/android/sensitive-text Exposure of sensitive information to UI text views CWE-664 Java/Kotlin java/android/websettings-allow-content-access Android WebView settings allows access to content links CWE-664 Java/Kotlin java/android/websettings-file-access Android WebSettings file access CWE-664 Java/Kotlin java/spring-boot-exposed-actuators Exposed Spring Boot actuators CWE-664 Java/Kotlin java/spring-boot-exposed-actuators-config Exposed Spring Boot actuators in configuration file CWE-664 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-664 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-664 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-664 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-664 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-664 Java/Kotlin java/android/insecure-local-key-gen Insecurely generated keys for local authentication CWE-664 Java/Kotlin java/android/insecure-local-authentication Insecure local authentication CWE-664 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-664 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-664 Java/Kotlin java/android/backup-enabled Application backup allowed CWE-664 Java/Kotlin java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android CWE-664 Java/Kotlin java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem CWE-664 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-664 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-664 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-664 Java/Kotlin java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android CWE-664 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-664 Java/Kotlin java/android/unsafe-content-uri-resolution Uncontrolled data used in content resolution CWE-664 Java/Kotlin java/android/fragment-injection Android fragment injection CWE-664 Java/Kotlin java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity CWE-664 Java/Kotlin java/android/debuggable-attribute-enabled Android debuggable attribute enabled CWE-664 Java/Kotlin java/android/webview-debugging-enabled Android Webview debugging enabled CWE-664 Java/Kotlin java/trust-boundary-violation Trust boundary violation CWE-664 Java/Kotlin java/unsafe-deserialization Deserialization of user-controlled data CWE-664 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-664 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-664 Java/Kotlin java/android/sensitive-keyboard-cache Android sensitive keyboard cache CWE-664 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-664 Java/Kotlin java/unvalidated-url-forward URL forward from a remote source CWE-664 Java/Kotlin java/unvalidated-url-redirection URL redirection from remote source CWE-664 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-664 Java/Kotlin java/tainted-numeric-cast User-controlled data in numeric cast CWE-664 Java/Kotlin java/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-664 Java/Kotlin java/redos Inefficient regular expression CWE-664 Java/Kotlin java/regex-injection Regular expression injection CWE-664 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-664 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-664 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-664 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-664 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-664 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-664 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-664 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-664 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-664 Java/Kotlin java/lock-order-inconsistency Lock order inconsistency CWE-664 Java/Kotlin java/ssrf Server-side request forgery CWE-664 Java/Kotlin java/improper-intent-verification Improper verification of intent by broadcast receiver CWE-664 Java/Kotlin java/android/incomplete-provider-permissions Missing read or write permission in a content provider CWE-664 Java/Kotlin java/android/implicitly-exported-component Implicitly exported Android component CWE-664 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-664 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-664 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-664 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-664 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-664 Java/Kotlin java/unassigned-field Field is never assigned a non-null value CWE-664 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-664 Java/Kotlin java/abstract-to-concrete-cast Cast from abstract to concrete collection CWE-664 Java/Kotlin java/internal-representation-exposure Exposing internal representation CWE-664 Java/Kotlin java/static-array Array constant vulnerable to change CWE-664 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-664 Java/Kotlin java/openstream-called-on-tainted-url openStream called on URLs created from remote source CWE-664 Java/Kotlin java/file-path-injection File Path Injection CWE-664 Java/Kotlin java/beanshell-injection BeanShell injection CWE-664 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-664 Java/Kotlin java/jshell-injection JShell injection CWE-664 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-664 Java/Kotlin java/jython-injection Injection in Jython CWE-664 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-664 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-664 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-664 Java/Kotlin java/insecure-webview-resource-response Insecure Android WebView Resource Response CWE-664 Java/Kotlin java/sensitive-android-file-leak Leaking sensitive Android file CWE-664 Java/Kotlin java/possible-timing-attack-against-signature Possible timing attack against signature validation CWE-664 Java/Kotlin java/timing-attack-against-headers-value Timing attack against header value CWE-664 Java/Kotlin java/timing-attack-against-signature Timing attack against signature validation CWE-664 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-664 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-664 Java/Kotlin java/disabled-certificate-revocation-checking Disabled certificate revocation checking CWE-664 Java/Kotlin java/unvalidated-cors-origin-set CORS is derived from untrusted input CWE-664 Java/Kotlin java/local-thread-resource-abuse Uncontrolled thread resource consumption from local input source CWE-664 Java/Kotlin java/thread-resource-abuse Uncontrolled thread resource consumption CWE-664 Java/Kotlin java/android/unsafe-reflection Load 3rd party classes or code ('unsafe reflection') without signature check CWE-664 Java/Kotlin java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection') CWE-664 Java/Kotlin java/main-method-in-enterprise-bean Main Method in Enterprise Java Bean CWE-664 Java/Kotlin java/main-method-in-web-components Main Method in Java EE Web Components CWE-664 Java/Kotlin java/struts-development-mode Apache Struts development mode enabled CWE-664 Java/Kotlin java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method CWE-664 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters CWE-664 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters CWE-664 Java/Kotlin java/uncontrolled-file-decompression Uncontrolled file decompression CWE-664 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-664 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-664 Java/Kotlin java/password-in-configuration Password in configuration file CWE-664 Java/Kotlin java/sensitive-query-with-get Sensitive GET Query CWE-664 Java/Kotlin java/spring-unvalidated-url-redirection Spring url redirection from remote source CWE-664 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-664 Java/Kotlin java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment CWE-664 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-665 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-665 Java/Kotlin java/unassigned-field Field is never assigned a non-null value CWE-665 Java/Kotlin java/insecure-rmi-jmx-server-initialization InsecureRmiJmxAuthenticationEnvironment CWE-667 Java/Kotlin java/unsafe-double-checked-locking Double-checked locking is not thread-safe CWE-667 Java/Kotlin java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization CWE-667 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-667 Java/Kotlin java/sleep-with-lock-held Sleep with lock held CWE-667 Java/Kotlin java/unsynchronized-getter Inconsistent synchronization of getter and setter CWE-667 Java/Kotlin java/unreleased-lock Unreleased lock CWE-667 Java/Kotlin java/wait-with-two-locks Wait with two locks held CWE-667 Java/Kotlin java/lock-order-inconsistency Lock order inconsistency CWE-668 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-668 Java/Kotlin java/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-668 Java/Kotlin java/partial-path-traversal Partial path traversal vulnerability CWE-668 Java/Kotlin java/partial-path-traversal-from-remote Partial path traversal vulnerability from remote CWE-668 Java/Kotlin java/android/sensitive-notification Exposure of sensitive information to notifications CWE-668 Java/Kotlin java/android/sensitive-text Exposure of sensitive information to UI text views CWE-668 Java/Kotlin java/android/websettings-allow-content-access Android WebView settings allows access to content links CWE-668 Java/Kotlin java/android/websettings-file-access Android WebSettings file access CWE-668 Java/Kotlin java/spring-boot-exposed-actuators Exposed Spring Boot actuators CWE-668 Java/Kotlin java/spring-boot-exposed-actuators-config Exposed Spring Boot actuators in configuration file CWE-668 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-668 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-668 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-668 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-668 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-668 Java/Kotlin java/android/sensitive-keyboard-cache Android sensitive keyboard cache CWE-668 Java/Kotlin java/sensitive-log Insertion of sensitive information into log files CWE-668 Java/Kotlin java/unvalidated-url-forward URL forward from a remote source CWE-668 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-668 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-668 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-668 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-668 Java/Kotlin java/static-array Array constant vulnerable to change CWE-668 Java/Kotlin java/openstream-called-on-tainted-url openStream called on URLs created from remote source CWE-668 Java/Kotlin java/file-path-injection File Path Injection CWE-668 Java/Kotlin java/insecure-webview-resource-response Insecure Android WebView Resource Response CWE-668 Java/Kotlin java/sensitive-android-file-leak Leaking sensitive Android file CWE-668 Java/Kotlin java/possible-timing-attack-against-signature Possible timing attack against signature validation CWE-668 Java/Kotlin java/timing-attack-against-headers-value Timing attack against header value CWE-668 Java/Kotlin java/timing-attack-against-signature Timing attack against signature validation CWE-668 Java/Kotlin java/server-directory-listing Directories and files exposure CWE-668 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-668 Java/Kotlin java/password-in-configuration Password in configuration file CWE-668 Java/Kotlin java/sensitive-query-with-get Sensitive GET Query CWE-669 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-669 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-670 Java/Kotlin java/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-670 Java/Kotlin java/assignment-in-boolean-expression Assignment in Boolean expression CWE-670 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-670 Java/Kotlin java/switch-fall-through Unterminated switch case CWE-671 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-671 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-671 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-671 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-674 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-675 Java/Kotlin java/unreleased-lock Unreleased lock CWE-676 Java/Kotlin java/potentially-dangerous-function Use of a potentially dangerous function CWE-681 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-681 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-681 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-681 Java/Kotlin java/tainted-numeric-cast User-controlled data in numeric cast CWE-682 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-682 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-682 Java/Kotlin java/index-out-of-bounds Array index out of bounds CWE-682 Java/Kotlin java/tainted-arithmetic User-controlled data in arithmetic expression CWE-682 Java/Kotlin java/uncontrolled-arithmetic Uncontrolled data in arithmetic expression CWE-682 Java/Kotlin java/extreme-value-arithmetic Use of extreme values in arithmetic expression CWE-682 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-685 Java/Kotlin java/missing-format-argument Missing format argument CWE-685 Java/Kotlin java/unused-format-argument Unused format argument CWE-691 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-691 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-691 Java/Kotlin java/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-691 Java/Kotlin java/assignment-in-boolean-expression Assignment in Boolean expression CWE-691 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-691 Java/Kotlin java/wait-on-condition-interface Wait on condition CWE-691 Java/Kotlin java/call-to-thread-run Direct call to a run() method CWE-691 Java/Kotlin java/unsafe-double-checked-locking Double-checked locking is not thread-safe CWE-691 Java/Kotlin java/unsafe-double-checked-locking-init-order Race condition in double-checked locking object initialization CWE-691 Java/Kotlin java/unsafe-sync-on-field Futile synchronization on field CWE-691 Java/Kotlin java/inconsistent-field-synchronization Inconsistent synchronization for field CWE-691 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-691 Java/Kotlin java/non-sync-override Non-synchronized override of synchronized method CWE-691 Java/Kotlin java/notify-instead-of-notify-all notify instead of notifyAll CWE-691 Java/Kotlin java/sleep-with-lock-held Sleep with lock held CWE-691 Java/Kotlin java/sync-on-boxed-types Synchronization on boxed types or strings CWE-691 Java/Kotlin java/unsynchronized-getter Inconsistent synchronization of getter and setter CWE-691 Java/Kotlin java/inconsistent-sync-writeobject Inconsistent synchronization for writeObject() CWE-691 Java/Kotlin java/unreleased-lock Unreleased lock CWE-691 Java/Kotlin java/wait-with-two-locks Wait with two locks held CWE-691 Java/Kotlin java/non-short-circuit-evaluation Dangerous non-short-circuit logic CWE-691 Java/Kotlin java/constant-loop-condition Constant loop condition CWE-691 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-691 Java/Kotlin java/groovy-injection Groovy Language injection CWE-691 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-691 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-691 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-691 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-691 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-691 Java/Kotlin java/toctou-race-condition Time-of-check time-of-use race condition CWE-691 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-691 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-691 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-691 Java/Kotlin java/lock-order-inconsistency Lock order inconsistency CWE-691 Java/Kotlin java/unreachable-exit-in-loop Loop with unreachable exit condition CWE-691 Java/Kotlin java/switch-fall-through Unterminated switch case CWE-691 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-691 Java/Kotlin java/uncaught-number-format-exception Missing catch of NumberFormatException CWE-691 Java/Kotlin java/jvm-exit Forcible JVM termination CWE-691 Java/Kotlin java/abnormal-finally-completion Finally block may not complete normally CWE-691 Java/Kotlin java/beanshell-injection BeanShell injection CWE-691 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-691 Java/Kotlin java/jshell-injection JShell injection CWE-691 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-691 Java/Kotlin java/jython-injection Injection in Jython CWE-691 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-691 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-691 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-691 Java/Kotlin java/uncaught-servlet-exception Uncaught Servlet Exception CWE-693 Java/Kotlin java/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-693 Java/Kotlin java/overly-large-range Overly permissive regular expression range CWE-693 Java/Kotlin java/untrusted-data-to-external-api Untrusted data passed to external API CWE-693 Java/Kotlin java/improper-validation-of-array-construction Improper validation of user-provided size used for array construction CWE-693 Java/Kotlin java/improper-validation-of-array-construction-code-specified Improper validation of code-specified size used for array construction CWE-693 Java/Kotlin java/improper-validation-of-array-index Improper validation of user-provided array index CWE-693 Java/Kotlin java/improper-validation-of-array-index-code-specified Improper validation of code-specified array index CWE-693 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-693 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-693 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-693 Java/Kotlin java/android/insecure-local-key-gen Insecurely generated keys for local authentication CWE-693 Java/Kotlin java/android/insecure-local-authentication Insecure local authentication CWE-693 Java/Kotlin java/android/missing-certificate-pinning Android missing certificate pinning CWE-693 Java/Kotlin java/improper-webview-certificate-validation Android WebView that accepts all certificates CWE-693 Java/Kotlin java/insecure-trustmanager TrustManager that accepts all certificates CWE-693 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-693 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-693 Java/Kotlin java/android/backup-enabled Application backup allowed CWE-693 Java/Kotlin java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android CWE-693 Java/Kotlin java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem CWE-693 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-693 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-693 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-693 Java/Kotlin java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android CWE-693 Java/Kotlin java/non-https-url Failure to use HTTPS URLs CWE-693 Java/Kotlin java/non-ssl-connection Failure to use SSL CWE-693 Java/Kotlin java/non-ssl-socket-factory Failure to use SSL socket factories CWE-693 Java/Kotlin java/insufficient-key-size Use of a cryptographic algorithm with insufficient key size CWE-693 Java/Kotlin java/weak-cryptographic-algorithm Use of a broken or risky cryptographic algorithm CWE-693 Java/Kotlin java/potentially-weak-cryptographic-algorithm Use of a potentially broken or risky cryptographic algorithm CWE-693 Java/Kotlin java/missing-jwt-signature-check Missing JWT signature check CWE-693 Java/Kotlin java/csrf-unprotected-request-type HTTP request type unprotected from CSRF CWE-693 Java/Kotlin java/spring-disabled-csrf-protection Disabled Spring CSRF protection CWE-693 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-693 Java/Kotlin java/insecure-basic-auth Insecure basic authentication CWE-693 Java/Kotlin java/insecure-ldap-auth Insecure LDAP authentication CWE-693 Java/Kotlin java/insecure-cookie Failure to use secure cookies CWE-693 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-693 Java/Kotlin java/rsa-without-oaep Use of RSA algorithm without OAEP CWE-693 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-693 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-693 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-693 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-693 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-693 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-693 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-693 Java/Kotlin java/improper-intent-verification Improper verification of intent by broadcast receiver CWE-693 Java/Kotlin java/android/incomplete-provider-permissions Missing read or write permission in a content provider CWE-693 Java/Kotlin java/android/implicitly-exported-component Implicitly exported Android component CWE-693 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-693 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-693 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-693 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-693 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-693 Java/Kotlin java/jxbrowser/disabled-certificate-validation JxBrowser with disabled certificate validation CWE-693 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-693 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-693 Java/Kotlin java/disabled-certificate-revocation-checking Disabled certificate revocation checking CWE-693 Java/Kotlin java/azure-storage/unsafe-client-side-encryption-in-use Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187) CWE-693 Java/Kotlin java/unsafe-tls-version Unsafe TLS version CWE-693 Java/Kotlin java/unvalidated-cors-origin-set CORS is derived from untrusted input CWE-693 Java/Kotlin java/missing-jwt-signature-check-auth0 Missing JWT signature check CWE-693 Java/Kotlin java/ip-address-spoofing IP address spoofing CWE-693 Java/Kotlin java/jsonp-injection JSONP Injection CWE-693 Java/Kotlin java/credentials-in-properties Cleartext Credentials in Properties File CWE-693 Java/Kotlin java/password-in-configuration Password in configuration file CWE-693 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-693 Java/Kotlin java/hash-without-salt Use of a hash function without a salt CWE-693 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-693 Java/Kotlin java/weak-cryptographic-algorithm-new-model Use of a broken or risky cryptographic algorithm CWE-693 Java/Kotlin java/quantum/examples/weak-hash Weak hashes CWE-693 Java/Kotlin java/quantum/examples/weak-ciphers Weak symmetric ciphers CWE-695 Java/Kotlin java/ejb/file-io EJB uses file input/output CWE-695 Java/Kotlin java/ejb/graphics EJB uses graphics CWE-695 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-695 Java/Kotlin java/ejb/threads EJB uses threads CWE-697 Java/Kotlin java/missing-default-in-switch Missing default case in switch CWE-697 Java/Kotlin java/reference-equality-with-object Reference equality test on java.lang.Object CWE-697 Java/Kotlin java/reference-equality-of-boxed-types Reference equality test of boxed types CWE-697 Java/Kotlin java/reference-equality-on-strings Reference equality test on strings CWE-697 Java/Kotlin java/missing-case-in-switch Missing enum case in switch CWE-697 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-703 Java/Kotlin java/inconsistent-call-on-result Inconsistent operation on return value CWE-703 Java/Kotlin java/return-value-ignored Method result ignored CWE-703 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-703 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-703 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-703 Java/Kotlin java/discarded-exception Discarded exception CWE-703 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-703 Java/Kotlin java/ignored-error-status-of-call Ignored error status of call CWE-703 Java/Kotlin java/uncaught-number-format-exception Missing catch of NumberFormatException CWE-703 Java/Kotlin java/uncaught-servlet-exception Uncaught Servlet Exception CWE-703 Java/Kotlin java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException CWE-704 Java/Kotlin java/implicit-cast-in-compound-assignment Implicit narrowing conversion in compound assignment CWE-704 Java/Kotlin java/integer-multiplication-cast-to-long Result of multiplication cast to wider type CWE-704 Java/Kotlin java/impossible-array-cast Impossible array cast CWE-704 Java/Kotlin java/comparison-with-wider-type Comparison of narrow type with wide type in loop condition CWE-704 Java/Kotlin java/tainted-numeric-cast User-controlled data in numeric cast CWE-705 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-705 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-705 Java/Kotlin java/uncaught-number-format-exception Missing catch of NumberFormatException CWE-705 Java/Kotlin java/jvm-exit Forcible JVM termination CWE-705 Java/Kotlin java/abnormal-finally-completion Finally block may not complete normally CWE-705 Java/Kotlin java/uncaught-servlet-exception Uncaught Servlet Exception CWE-706 Java/Kotlin java/path-injection Uncontrolled data used in path expression CWE-706 Java/Kotlin java/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-706 Java/Kotlin java/partial-path-traversal Partial path traversal vulnerability CWE-706 Java/Kotlin java/partial-path-traversal-from-remote Partial path traversal vulnerability from remote CWE-706 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-706 Java/Kotlin java/openstream-called-on-tainted-url openStream called on URLs created from remote source CWE-707 Java/Kotlin java/jndi-injection JNDI lookup with user-controlled name CWE-707 Java/Kotlin java/xslt-injection XSLT transformation with user-controlled stylesheet CWE-707 Java/Kotlin java/relative-path-command Executing a command with a relative path CWE-707 Java/Kotlin java/command-line-injection Uncontrolled command line CWE-707 Java/Kotlin java/exec-tainted-environment Building a command with an injected environment variable CWE-707 Java/Kotlin java/concatenated-command-line Building a command line with string concatenation CWE-707 Java/Kotlin java/android/webview-addjavascriptinterface Access Java object methods through JavaScript exposure CWE-707 Java/Kotlin java/android/websettings-javascript-enabled Android WebView JavaScript settings CWE-707 Java/Kotlin java/xss Cross-site scripting CWE-707 Java/Kotlin java/concatenated-sql-query Query built by concatenation with a possibly-untrusted string CWE-707 Java/Kotlin java/sql-injection Query built from user-controlled sources CWE-707 Java/Kotlin java/ldap-injection LDAP query built from user-controlled sources CWE-707 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-707 Java/Kotlin java/groovy-injection Groovy Language injection CWE-707 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-707 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-707 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-707 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-707 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-707 Java/Kotlin java/netty-http-request-or-response-splitting Disabled Netty HTTP header validation CWE-707 Java/Kotlin java/http-response-splitting HTTP response splitting CWE-707 Java/Kotlin java/log-injection Log Injection CWE-707 Java/Kotlin java/tainted-format-string Use of externally-controlled format string CWE-707 Java/Kotlin java/xml/xpath-injection XPath injection CWE-707 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-707 Java/Kotlin java/ognl-injection OGNL Expression Language statement with user-controlled input CWE-707 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-707 Java/Kotlin java/command-line-injection-extra Command Injection into Runtime.exec() with dangerous command CWE-707 Java/Kotlin java/command-line-injection-extra-local Command Injection into Runtime.exec() with dangerous command CWE-707 Java/Kotlin java/command-line-injection-experimental Uncontrolled command line (experimental sinks) CWE-707 Java/Kotlin java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation CWE-707 Java/Kotlin java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML CWE-707 Java/Kotlin java/beanshell-injection BeanShell injection CWE-707 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-707 Java/Kotlin java/jshell-injection JShell injection CWE-707 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-707 Java/Kotlin java/jython-injection Injection in Jython CWE-707 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-707 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-707 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-707 Java/Kotlin java/xquery-injection XQuery query built from user-controlled sources CWE-710 Java/Kotlin java/deprecated-call Deprecated method or constructor invocation CWE-710 Java/Kotlin java/dead-class Dead class CWE-710 Java/Kotlin java/dead-enum-constant Dead enum constant CWE-710 Java/Kotlin java/dead-field Dead field CWE-710 Java/Kotlin java/dead-function Dead method CWE-710 Java/Kotlin java/lines-of-dead-code Lines of dead code in files CWE-710 Java/Kotlin java/unused-parameter Useless parameter CWE-710 Java/Kotlin java/ejb/container-interference EJB interferes with container operation CWE-710 Java/Kotlin java/ejb/file-io EJB uses file input/output CWE-710 Java/Kotlin java/ejb/graphics EJB uses graphics CWE-710 Java/Kotlin java/ejb/native-code EJB uses native code CWE-710 Java/Kotlin java/ejb/reflection EJB uses reflection CWE-710 Java/Kotlin java/ejb/security-configuration-access EJB accesses security configuration CWE-710 Java/Kotlin java/ejb/substitution-in-serialization EJB uses substitution in serialization CWE-710 Java/Kotlin java/ejb/socket-or-stream-handler-factory EJB sets socket factory or URL stream handler factory CWE-710 Java/Kotlin java/ejb/server-socket EJB uses server socket CWE-710 Java/Kotlin java/ejb/non-final-static-field EJB uses non-final static field CWE-710 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-710 Java/Kotlin java/ejb/this EJB uses 'this' as argument or result CWE-710 Java/Kotlin java/ejb/threads EJB uses threads CWE-710 Java/Kotlin java/useless-null-check Useless null check CWE-710 Java/Kotlin java/useless-type-test Useless type test CWE-710 Java/Kotlin java/useless-upcast Useless upcast CWE-710 Java/Kotlin java/missing-call-to-super-clone Missing super clone CWE-710 Java/Kotlin java/empty-container Container contents are never initialized CWE-710 Java/Kotlin java/unused-container Container contents are never accessed CWE-710 Java/Kotlin java/equals-on-unrelated-types Equals on incomparable types CWE-710 Java/Kotlin java/inconsistent-equals-and-hashcode Inconsistent equals and hashCode CWE-710 Java/Kotlin java/constant-comparison Useless comparison test CWE-710 Java/Kotlin java/unreleased-lock Unreleased lock CWE-710 Java/Kotlin java/missing-super-finalize Finalizer inconsistency CWE-710 Java/Kotlin java/missing-format-argument Missing format argument CWE-710 Java/Kotlin java/unused-format-argument Unused format argument CWE-710 Java/Kotlin java/dereferenced-value-is-always-null Dereferenced variable is always null CWE-710 Java/Kotlin java/dereferenced-expr-may-be-null Dereferenced expression may be null CWE-710 Java/Kotlin java/dereferenced-value-may-be-null Dereferenced variable may be null CWE-710 Java/Kotlin java/empty-synchronized-block Empty synchronized block CWE-710 Java/Kotlin java/unreachable-catch-clause Unreachable catch clause CWE-710 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-710 Java/Kotlin java/potentially-dangerous-function Use of a potentially dangerous function CWE-710 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-710 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-710 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-710 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-710 Java/Kotlin java/todo-comment TODO/FIXME comments CWE-710 Java/Kotlin java/unused-reference-type Unused classes and interfaces CWE-710 Java/Kotlin java/overwritten-assignment-to-local Assigned value is overwritten CWE-710 Java/Kotlin java/useless-assignment-to-local Useless assignment to local variable CWE-710 Java/Kotlin java/empty-finalizer Empty body of finalizer CWE-710 Java/Kotlin java/unused-initialized-local Local variable is initialized but not used CWE-710 Java/Kotlin java/local-variable-is-never-read Unread local variable CWE-710 Java/Kotlin java/unused-field Unused field CWE-710 Java/Kotlin java/unused-label Unused label CWE-710 Java/Kotlin java/unused-local-variable Unused local variable CWE-710 Java/Kotlin java/switch-fall-through Unterminated switch case CWE-710 Java/Kotlin java/do-not-call-finalize Do not call finalize() CWE-710 Java/Kotlin java/redundant-cast Unnecessary cast CWE-710 Java/Kotlin java/unused-import Unnecessary import CWE-732 Java/Kotlin java/local-temp-file-or-directory-information-disclosure Local information disclosure in a temporary directory CWE-732 Java/Kotlin java/world-writable-file-read Reading from a world writable file CWE-749 Java/Kotlin java/android/unsafe-android-webview-fetch Unsafe resource fetching in Android WebView CWE-754 Java/Kotlin java/inconsistent-call-on-result Inconsistent operation on return value CWE-754 Java/Kotlin java/return-value-ignored Method result ignored CWE-754 Java/Kotlin java/unsafe-cert-trust Unsafe certificate trust CWE-755 Java/Kotlin java/error-message-exposure Information exposure through an error message CWE-755 Java/Kotlin java/stack-trace-exposure Information exposure through a stack trace CWE-755 Java/Kotlin java/overly-general-catch Overly-general catch clause CWE-755 Java/Kotlin java/android/nfe-local-android-dos Local Android DoS Caused By NumberFormatException CWE-759 Java/Kotlin java/hash-without-salt Use of a hash function without a salt CWE-764 Java/Kotlin java/unreleased-lock Unreleased lock CWE-772 Java/Kotlin java/input-resource-leak Potential input resource leak CWE-772 Java/Kotlin java/database-resource-leak Potential database resource leak CWE-772 Java/Kotlin java/output-resource-leak Potential output resource leak CWE-776 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-780 Java/Kotlin java/rsa-without-oaep Use of RSA algorithm without OAEP CWE-783 Java/Kotlin java/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-798 Java/Kotlin java/hardcoded-credential-api-call Hard-coded credential in API call CWE-798 Java/Kotlin java/hardcoded-credential-comparison Hard-coded credential comparison CWE-798 Java/Kotlin java/hardcoded-credential-sensitive-call Hard-coded credential in sensitive call CWE-798 Java/Kotlin java/hardcoded-password-field Hard-coded password field CWE-807 Java/Kotlin java/user-controlled-bypass User-controlled bypass of sensitive method CWE-807 Java/Kotlin java/tainted-permissions-check User-controlled data used in permissions check CWE-820 Java/Kotlin java/lazy-initialization Incorrect lazy initialization of a static field CWE-820 Java/Kotlin java/non-sync-override Non-synchronized override of synchronized method CWE-821 Java/Kotlin java/ejb/synchronization EJB uses synchronization CWE-821 Java/Kotlin java/call-to-thread-run Direct call to a run() method CWE-827 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-829 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-829 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-833 Java/Kotlin java/sleep-with-lock-held Sleep with lock held CWE-833 Java/Kotlin java/unreleased-lock Unreleased lock CWE-833 Java/Kotlin java/wait-with-two-locks Wait with two locks held CWE-833 Java/Kotlin java/lock-order-inconsistency Lock order inconsistency CWE-834 Java/Kotlin java/constant-loop-condition Constant loop condition CWE-834 Java/Kotlin java/xxe Resolving XML external entity in user-controlled data CWE-834 Java/Kotlin java/unreachable-exit-in-loop Loop with unreachable exit condition CWE-835 Java/Kotlin java/constant-loop-condition Constant loop condition CWE-835 Java/Kotlin java/unreachable-exit-in-loop Loop with unreachable exit condition CWE-862 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-863 Java/Kotlin java/permissive-dot-regex URL matched by permissive . in a regular expression CWE-913 Java/Kotlin java/android/arbitrary-apk-installation Android APK installation CWE-913 Java/Kotlin java/groovy-injection Groovy Language injection CWE-913 Java/Kotlin java/insecure-bean-validation Insecure Bean Validation CWE-913 Java/Kotlin java/jexl-expression-injection Expression language injection (JEXL) CWE-913 Java/Kotlin java/mvel-expression-injection Expression language injection (MVEL) CWE-913 Java/Kotlin java/spel-expression-injection Expression language injection (Spring) CWE-913 Java/Kotlin java/server-side-template-injection Server-side template injection CWE-913 Java/Kotlin java/android/fragment-injection Android fragment injection CWE-913 Java/Kotlin java/android/fragment-injection-preference-activity Android fragment injection in PreferenceActivity CWE-913 Java/Kotlin java/unsafe-deserialization Deserialization of user-controlled data CWE-913 Java/Kotlin java/log4j-injection Potential Log4J LDAP JNDI injection (CVE-2021-44228) CWE-913 Java/Kotlin java/beanshell-injection BeanShell injection CWE-913 Java/Kotlin java/android-insecure-dex-loading Insecure loading of an Android Dex File CWE-913 Java/Kotlin java/jshell-injection JShell injection CWE-913 Java/Kotlin java/javaee-expression-injection Jakarta Expression Language injection CWE-913 Java/Kotlin java/jython-injection Injection in Jython CWE-913 Java/Kotlin java/unsafe-eval Injection in Java Script Engine CWE-913 Java/Kotlin java/spring-view-manipulation-implicit Spring Implicit View Manipulation CWE-913 Java/Kotlin java/spring-view-manipulation Spring View Manipulation CWE-913 Java/Kotlin java/android/unsafe-reflection Load 3rd party classes or code ('unsafe reflection') without signature check CWE-913 Java/Kotlin java/unsafe-reflection Use of externally-controlled input to select classes or code ('unsafe reflection') CWE-913 Java/Kotlin java/unsafe-deserialization-rmi Unsafe deserialization in a remotely callable method CWE-913 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-configuration-class Unsafe deserialization with Spring's remote service exporters CWE-913 Java/Kotlin java/unsafe-deserialization-spring-exporter-in-xml-configuration Unsafe deserialization with Spring's remote service exporters CWE-916 Java/Kotlin java/hash-without-salt Use of a hash function without a salt CWE-917 Java/Kotlin java/ognl-injection OGNL Expression Language statement with user-controlled input CWE-918 Java/Kotlin java/ssrf Server-side request forgery CWE-922 Java/Kotlin java/android/backup-enabled Application backup allowed CWE-922 Java/Kotlin java/android/cleartext-storage-database Cleartext storage of sensitive information using a local database on Android CWE-922 Java/Kotlin java/android/cleartext-storage-filesystem Cleartext storage of sensitive information in the Android filesystem CWE-922 Java/Kotlin java/cleartext-storage-in-class Cleartext storage of sensitive information using storable class CWE-922 Java/Kotlin java/cleartext-storage-in-cookie Cleartext storage of sensitive information in cookie CWE-922 Java/Kotlin java/cleartext-storage-in-properties Cleartext storage of sensitive information using 'Properties' class CWE-922 Java/Kotlin java/android/cleartext-storage-shared-prefs Cleartext storage of sensitive information using SharedPreferences on Android CWE-923 Java/Kotlin java/insecure-smtp-ssl Insecure JavaMail SSL Configuration CWE-923 Java/Kotlin java/unsafe-hostname-verification Unsafe hostname verification CWE-923 Java/Kotlin java/socket-auth-race-condition Race condition in socket authentication CWE-923 Java/Kotlin java/maven/non-https-url Failure to use HTTPS or SFTP URL in Maven artifact upload/download CWE-923 Java/Kotlin java/improper-intent-verification Improper verification of intent by broadcast receiver CWE-923 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-923 Java/Kotlin java/ignored-hostname-verification Ignored result of hostname verification CWE-923 Java/Kotlin java/insecure-ldaps-endpoint Insecure LDAPS Endpoint Configuration CWE-925 Java/Kotlin java/improper-intent-verification Improper verification of intent by broadcast receiver CWE-926 Java/Kotlin java/android/intent-uri-permission-manipulation Intent URI permission manipulation CWE-926 Java/Kotlin java/android/incomplete-provider-permissions Missing read or write permission in a content provider CWE-926 Java/Kotlin java/android/implicitly-exported-component Implicitly exported Android component CWE-926 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-927 Java/Kotlin java/android/implicit-pendingintents Use of implicit PendingIntents CWE-927 Java/Kotlin java/android/sensitive-communication Leaking sensitive information through an implicit Intent CWE-927 Java/Kotlin java/android/sensitive-result-receiver Leaking sensitive information through a ResultReceiver CWE-939 Java/Kotlin java/incorrect-url-verification Incorrect URL verification CWE-940 Java/Kotlin java/android/intent-redirection Android Intent redirection CWE-943 Java/Kotlin java/concatenated-sql-query Query built by concatenation with a possibly-untrusted string CWE-943 Java/Kotlin java/sql-injection Query built from user-controlled sources CWE-943 Java/Kotlin java/ldap-injection LDAP query built from user-controlled sources CWE-943 Java/Kotlin java/xml/xpath-injection XPath injection CWE-943 Java/Kotlin java/mybatis-annotation-sql-injection SQL injection in MyBatis annotation CWE-943 Java/Kotlin java/mybatis-xml-sql-injection SQL injection in MyBatis Mapper XML CWE-943 Java/Kotlin java/xquery-injection XQuery query built from user-controlled sources CWE-1004 Java/Kotlin java/sensitive-cookie-not-httponly Sensitive cookies without the HttpOnly response header set CWE-1004 Java/Kotlin java/tomcat-disabled-httponly Tomcat config disables 'HttpOnly' flag (XSS risk) CWE-1071 Java/Kotlin java/empty-method Empty method CWE-1104 Java/Kotlin java/maven/dependency-upon-bintray Depending upon JCenter/Bintray as an artifact repository CWE-1176 Java/Kotlin java/string-replace-all-with-non-regex Use of String#replaceAll with a first argument which is not a regular expression CWE-1204 Java/Kotlin java/static-initialization-vector Using a static initialization vector for encryption CWE-1333 Java/Kotlin java/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-1333 Java/Kotlin java/redos Inefficient regular expression CWE-1336 Java/Kotlin java/server-side-template-injection Server-side template injection