CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-682
Incorrect Calculation
CWE-683
Function Call With Incorrect Order of Arguments
CWE-684
Incorrect Provision of Specified Functionality
CWE-685
Function Call With Incorrect Number of Arguments
CWE-686
Function Call With Incorrect Argument Type
CWE-687
Function Call With Incorrectly Specified Argument Value
CWE-688
Function Call With Incorrect Variable or Reference as Argument
CWE-689
Permission Race Condition During Resource Copy
CWE-690
Unchecked Return Value to NULL Pointer Dereference
CWE-691
Insufficient Control Flow Management
CWE-692
Incomplete Denylist to Cross-Site Scripting
CWE-693
Protection Mechanism Failure
CWE-694
Use of Multiple Resources with Duplicate Identifier
CWE-695
Use of Low-Level Functionality
CWE-696
Incorrect Behavior Order
CWE-697
Incorrect Comparison
CWE-698
Execution After Redirect (EAR)
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-704
Incorrect Type Conversion or Cast
CWE-705
Incorrect Control Flow Scoping
CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE-707
Improper Neutralization
CWE-708
Incorrect Ownership Assignment
CWE-710
Improper Adherence to Coding Standards
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-733
Compiler Optimization Removal or Modification of Security-critical Code
CWE-749
Exposed Dangerous Method or Function
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-755
Improper Handling of Exceptional Conditions
CWE-756
Missing Custom Error Page
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-759
Use of a One-Way Hash without a Salt
CWE-760
Use of a One-Way Hash with a Predictable Salt
CWE-761
Free of Pointer not at Start of Buffer
CWE-762
Mismatched Memory Management Routines
CWE-763
Release of Invalid Pointer or Reference
CWE-764
Multiple Locks of a Critical Resource
CWE-765
Multiple Unlocks of a Critical Resource
CWE-766
Critical Data Element Declared Public
CWE-767
Access to Critical Private Variable via Public Method
