CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-1055
Multiple Inheritance from Concrete Classes
CWE-1056
Invokable Control Element with Variadic Parameters
CWE-1057
Data Access Operations Outside of Expected Data Manager Component
CWE-1058
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
CWE-1059
Insufficient Technical Documentation
CWE-1060
Excessive Number of Inefficient Server-Side Data Accesses
CWE-1061
Insufficient Encapsulation
CWE-1062
Parent Class with References to Child Class
CWE-1063
Creation of Class Instance within a Static Code Block
CWE-1064
Invokable Control Element with Signature Containing an Excessive Number of Parameters
CWE-1065
Runtime Resource Management Control Element in a Component Built to Run on Application Servers
CWE-1066
Missing Serialization Control Element
CWE-1067
Excessive Execution of Sequential Searches of Data Resource
CWE-1068
Inconsistency Between Implementation and Documented Design
CWE-1069
Empty Exception Block
CWE-1070
Serializable Data Element Containing non-Serializable Item Elements
CWE-1071
Empty Code Block
CWE-1072
Data Resource Access without Use of Connection Pooling
CWE-1073
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
CWE-1074
Class with Excessively Deep Inheritance
CWE-1075
Unconditional Control Flow Transfer outside of Switch Block
CWE-1076
Insufficient Adherence to Expected Conventions
CWE-1077
Floating Point Comparison with Incorrect Operator
CWE-1078
Inappropriate Source Code Style or Formatting
CWE-1079
Parent Class without Virtual Destructor Method
CWE-1080
Source Code File with Excessive Number of Lines of Code
CWE-1082
Class Instance Self Destruction Control Element
CWE-1083
Data Access from Outside Expected Data Manager Component
CWE-1084
Invokable Control Element with Excessive File or Data Access Operations
CWE-1085
Invokable Control Element with Excessive Volume of Commented-out Code
CWE-1086
Class with Excessive Number of Child Classes
CWE-1087
Class with Virtual Method without a Virtual Destructor
CWE-1088
Synchronous Access of Remote Resource without Timeout
CWE-1089
Large Data Table with Excessive Number of Indices
CWE-1090
Method Containing Access of a Member Element from Another Class
CWE-1091
Use of Object without Invoking Destructor Method
CWE-1092
Use of Same Invokable Control Element in Multiple Architectural Layers
CWE-1093
Excessively Complex Data Representation
CWE-1094
Excessive Index Range Scan for a Data Resource
CWE-1095
Loop Condition Value Update within the Loop
CWE-1096
Singleton Class Instance Creation without Proper Locking or Synchronization
CWE-1097
Persistent Storable Data Element without Associated Comparison Control Element
CWE-1098
Data Element containing Pointer Item without Proper Copy Control Element
CWE-1099
Inconsistent Naming Conventions for Identifiers
CWE-1100
Insufficient Isolation of System-Dependent Functions
CWE-1101
Reliance on Runtime Component in Generated Code
CWE-1102
Reliance on Machine-Dependent Data Representation
CWE-1103
Use of Platform-Dependent Third Party Components
CWE-1104
Use of Unmaintained Third Party Components
CWE-1105
Insufficient Encapsulation of Machine-Dependent Functionality
