Categories
| CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
|---|---|---|---|---|---|---|---|
| CWE-908 | Use of Uninitialized Resource The software uses or accesses a resource that has not been initialized. | 16 | 223 | 125 | 48 | 412 | |
| CWE-667 | Improper Locking The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. | 8 | 317 | 72 | 1 | 398 | |
| CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. | 3 | 53 | 261 | 75 | 392 | |
| CWE-617 | Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. | 2 | 172 | 210 | 1 | 385 | |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. | 9 | 131 | 198 | 47 | 385 | |
| CWE-772 | Missing Release of Resource after Effective Lifetime The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. | 7 | 236 | 128 | 6 | 377 | |
| CWE-129 | Improper Validation of Array Index The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. | 0 | 58 | 227 | 41 | 326 | |
| CWE-347 | Improper Verification of Cryptographic Signature The software does not verify, or incorrectly verifies, the cryptographic signature for data. | 2 | 118 | 153 | 51 | 324 | |
| CWE-326 | Inadequate Encryption Strength The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. | 8 | 121 | 153 | 34 | 316 | |
| CWE-209 | Information Exposure Through an Error Message The software generates an error message that includes sensitive information about its environment, users, or associated data. | 35 | 221 | 38 | 16 | 310 |