| HasMember | Allowed | V | 1004 | Sensitive Cookie Without 'HttpOnly' Flag |
| HasMember | Allowed | B | 1007 | Insufficient Visual Distinction of Homoglyphs Presented to User |
| HasMember | Allowed-with-Review | C | 1023 | Incomplete Comparison with Missing Factors |
| HasMember | Allowed | B | 1024 | Comparison of Incompatible Types |
| HasMember | Allowed | B | 1025 | Comparison Using Wrong Factors |
| HasMember | Allowed | B | 1037 | Processor Optimization Removal or Modification of Security-critical Code |
| HasMember | Allowed-with-Review | C | 1038 | Insecure Automated Optimizations |
| HasMember | Allowed-with-Review | C | 1039 | Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism |
| HasMember | Prohibited | B | 1041 | Use of Redundant Code |
| HasMember | Prohibited | C | 1059 | Insufficient Technical Documentation |
| HasMember | Prohibited | V | 1069 | Empty Exception Block |
| HasMember | Allowed | B | 1116 | Inaccurate Comments |
| HasMember | Allowed | B | 112 | Missing XML Validation |
| HasMember | Allowed | V | 113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') |
| HasMember | Discouraged | C | 114 | Process Control |
| HasMember | Allowed | B | 115 | Misinterpretation of Input |
| HasMember | Allowed-with-Review | C | 116 | Improper Encoding or Escaping of Output |
| HasMember | Allowed | B | 117 | Improper Output Neutralization for Logs |
| HasMember | Allowed | B | 1173 | Improper Use of Validation Framework |
| HasMember | Discouraged | C | 118 | Incorrect Access of Indexable Resource ('Range Error') |
| HasMember | Allowed | B | 1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
| HasMember | Allowed | B | 1190 | DMA Device Enabled Too Early in Boot Phase |
| HasMember | Allowed | B | 1191 | On-Chip Debug and Test Interface With Improper Access Control |
| HasMember | Allowed | B | 1192 | Improper Identifier for IP Block used in System-On-Chip (SOC) |
| HasMember | Allowed | B | 1204 | Generation of Weak Initialization Vector (IV) |
| HasMember | Allowed | B | 1209 | Failure to Disable Reserved Bits |
| HasMember | Allowed | B | 1220 | Insufficient Granularity of Access Control |
| HasMember | Allowed | V | 1222 | Insufficient Granularity of Address Regions Protected by Register Locks |
| HasMember | Allowed-with-Review | C | 1229 | Creation of Emergent Resource |
| HasMember | Allowed | B | 1230 | Exposure of Sensitive Information Through Metadata |
| HasMember | Allowed | B | 1231 | Improper Prevention of Lock Bit Modification |
| HasMember | Allowed | B | 1232 | Improper Lock Behavior After Power State Transition |
| HasMember | Allowed | B | 1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
| HasMember | Allowed | B | 1234 | Hardware Internal or Debug Modes Allow Override of Locks |
| HasMember | Allowed | B | 1236 | Improper Neutralization of Formula Elements in a CSV File |
| HasMember | Allowed | V | 1239 | Improper Zeroization of Hardware Register |
| HasMember | Allowed | B | 1240 | Use of a Cryptographic Primitive with a Risky Implementation |
| HasMember | Allowed | B | 1242 | Inclusion of Undocumented Features or Chicken Bits |
| HasMember | Allowed | B | 1243 | Sensitive Non-Volatile Information Not Protected During Debug |
| HasMember | Allowed | B | 1244 | Internal Asset Exposed to Unsafe Debug Access Level or State |
| HasMember | Allowed | B | 1245 | Improper Finite State Machines (FSMs) in Hardware Logic |
| HasMember | Allowed | B | 1246 | Improper Write Handling in Limited-write Non-Volatile Memories |
| HasMember | Allowed | B | 1247 | Improper Protection Against Voltage and Clock Glitches |
| HasMember | Allowed | B | 1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications |
| HasMember | Allowed | B | 1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System |
| HasMember | Allowed | B | 1250 | Improper Preservation of Consistency Between Independent Representations of Shared State |
| HasMember | Allowed | B | 1252 | CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations |
| HasMember | Allowed | B | 1253 | Incorrect Selection of Fuse Values |
| HasMember | Allowed | B | 1254 | Incorrect Comparison Logic Granularity |
| HasMember | Allowed | V | 1255 | Comparison Logic is Vulnerable to Power Side-Channel Attacks |
| HasMember | Allowed | B | 1256 | Improper Restriction of Software Interfaces to Hardware Features |
| HasMember | Allowed | B | 1257 | Improper Access Control Applied to Mirrored or Aliased Memory Regions |
| HasMember | Allowed | B | 1258 | Exposure of Sensitive System Information Due to Uncleared Debug Information |
| HasMember | Allowed | B | 1259 | Improper Restriction of Security Token Assignment |
| HasMember | Allowed | B | 1260 | Improper Handling of Overlap Between Protected Memory Ranges |
| HasMember | Allowed | B | 1261 | Improper Handling of Single Event Upsets |
| HasMember | Allowed | B | 1262 | Improper Access Control for Register Interface |
| HasMember | Allowed-with-Review | C | 1263 | Improper Physical Access Control |
| HasMember | Allowed | B | 1264 | Hardware Logic with Insecure De-Synchronization between Control and Data Channels |
| HasMember | Allowed | B | 1265 | Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls |
| HasMember | Allowed | B | 1266 | Improper Scrubbing of Sensitive Data from Decommissioned Device |
| HasMember | Allowed | B | 1267 | Policy Uses Obsolete Encoding |
| HasMember | Allowed | B | 1268 | Policy Privileges are not Assigned Consistently Between Control and Data Agents |
| HasMember | Allowed | B | 1270 | Generation of Incorrect Security Tokens |
| HasMember | Allowed | B | 1271 | Uninitialized Value on Reset for Registers Holding Security Settings |
| HasMember | Allowed | B | 1274 | Improper Access Control for Volatile Memory Containing Boot Code |
| HasMember | Allowed | V | 1275 | Sensitive Cookie with Improper SameSite Attribute |
| HasMember | Allowed | B | 1276 | Hardware Child Block Incorrectly Connected to Parent System |
| HasMember | Allowed | B | 1277 | Firmware Not Updateable |
| HasMember | Allowed | B | 1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
| HasMember | Allowed | B | 1279 | Cryptographic Operations are run Before Supporting Units are Ready |
| HasMember | Allowed | B | 1280 | Access Control Check Implemented After Asset is Accessed |
| HasMember | Allowed | B | 1281 | Sequence of Processor Instructions Leads to Unexpected Behavior |
| HasMember | Allowed | B | 1282 | Assumed-Immutable Data is Stored in Writable Memory |
| HasMember | Allowed | B | 1283 | Mutable Attestation or Measurement Reporting Data |
| HasMember | Allowed | B | 1284 | Improper Validation of Specified Quantity in Input |
| HasMember | Allowed | B | 1285 | Improper Validation of Specified Index, Position, or Offset in Input |
| HasMember | Allowed | B | 1286 | Improper Validation of Syntactic Correctness of Input |
| HasMember | Allowed | B | 1287 | Improper Validation of Specified Type of Input |
| HasMember | Allowed | B | 1288 | Improper Validation of Consistency within Input |
| HasMember | Allowed | B | 1289 | Improper Validation of Unsafe Equivalence in Input |
| HasMember | Allowed | V | 129 | Improper Validation of Array Index |
| HasMember | Allowed | B | 1290 | Incorrect Decoding of Security Identifiers |
| HasMember | Allowed | B | 1291 | Public Key Re-Use for Signing both Debug and Production Code |
| HasMember | Allowed | B | 1292 | Incorrect Conversion of Security Identifiers |
| HasMember | Allowed | B | 1293 | Missing Source Correlation of Multiple Independent Data |
| HasMember | Allowed-with-Review | C | 1294 | Insecure Security Identifier Mechanism |
| HasMember | Allowed | B | 1295 | Debug Messages Revealing Unnecessary Information |
| HasMember | Allowed | B | 1296 | Incorrect Chaining or Granularity of Debug Components |
| HasMember | Allowed | B | 1297 | Unprotected Confidential Information on Device is Accessible by OSAT Vendors |
| HasMember | Allowed | B | 1299 | Missing Protection Mechanism for Alternate Hardware Interface |
| HasMember | Allowed | B | 130 | Improper Handling of Length Parameter Inconsistency |
| HasMember | Allowed | B | 1300 | Improper Protection of Physical Side Channels |
| HasMember | Allowed | B | 1301 | Insufficient or Incomplete Data Removal within Hardware Component |
| HasMember | Allowed | B | 1302 | Missing Source Identifier in Entity Transactions on a System-On-Chip (SOC) |
| HasMember | Allowed | B | 1303 | Non-Transparent Sharing of Microarchitectural Resources |
| HasMember | Allowed | B | 1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
| HasMember | Allowed | B | 1310 | Missing Ability to Patch ROM Code |
| HasMember | Allowed | B | 1312 | Missing Protection for Mirrored Regions in On-Chip Fabric Firewall |
| HasMember | Allowed | B | 1313 | Hardware Allows Activation of Test or Debug Logic at Runtime |
| HasMember | Allowed | B | 1314 | Missing Write Protection for Parametric Data Values |
| HasMember | Allowed | B | 1315 | Improper Setting of Bus Controlling Capability in Fabric End-point |
| HasMember | Allowed | B | 1316 | Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges |
| HasMember | Allowed | B | 1317 | Improper Access Control in Fabric Bridge |
| HasMember | Allowed | B | 1318 | Missing Support for Security Features in On-chip Fabrics or Buses |
| HasMember | Allowed | B | 1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) |
| HasMember | Allowed | B | 1320 | Improper Protection for Outbound Error Messages and Alert Signals |
| HasMember | Allowed | B | 1323 | Improper Management of Sensitive Trace Data |
| HasMember | Allowed | B | 1325 | Improperly Controlled Sequential Memory Allocation |
| HasMember | Allowed | B | 1326 | Missing Immutable Root of Trust in Hardware |
| HasMember | Allowed | B | 1328 | Security Version Number Mutable to Older Versions |
| HasMember | Allowed | B | 1329 | Reliance on Component That is Not Updateable |
| HasMember | Allowed | V | 1330 | Remanent Data Readable after Memory Erase |
| HasMember | Allowed | B | 1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) |
| HasMember | Allowed | B | 1332 | Improper Handling of Faults that Lead to Instruction Skips |
| HasMember | Allowed | B | 1333 | Inefficient Regular Expression Complexity |
| HasMember | Allowed | B | 1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy |
| HasMember | Allowed | B | 1338 | Improper Protections Against Hardware Overheating |
| HasMember | Allowed | B | 1339 | Insufficient Precision or Accuracy of a Real Number |
| HasMember | Allowed | B | 1341 | Multiple Releases of Same Resource or Handle |
| HasMember | Allowed | B | 1342 | Information Exposure through Microarchitectural State after Transient Execution |
| HasMember | Allowed | B | 1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
| HasMember | Discouraged | C | 138 | Improper Neutralization of Special Elements |
| HasMember | Allowed | V | 1385 | Missing Origin Validation in WebSockets |
| HasMember | Allowed | B | 1386 | Insecure Operation on Windows Junction / Mount Point |
| HasMember | Allowed | B | 1389 | Incorrect Parsing of Numbers with Different Radices |
| HasMember | Allowed-with-Review | C | 1390 | Weak Authentication |
| HasMember | Allowed-with-Review | C | 1391 | Use of Weak Credentials |
| HasMember | Allowed | B | 1392 | Use of Default Credentials |
| HasMember | Allowed | B | 1393 | Use of Default Password |
| HasMember | Allowed | B | 1394 | Use of Default Cryptographic Key |
| HasMember | Allowed-with-Review | C | 1395 | Dependency on Vulnerable Third-Party Component |
| HasMember | Allowed | V | 141 | Improper Neutralization of Parameter/Argument Delimiters |
| HasMember | Allowed-with-Review | C | 1419 | Incorrect Initialization of Resource |
| HasMember | Allowed | V | 142 | Improper Neutralization of Value Delimiters |
| HasMember | Allowed-with-Review | B | 1420 | Exposure of Sensitive Information during Transient Execution |
| HasMember | Allowed | B | 1421 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution |
| HasMember | Allowed | B | 1422 | Exposure of Sensitive Information caused by Incorrect Data Forwarding during Transient Execution |
| HasMember | Allowed | B | 1423 | Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution |
| HasMember | Discouraged | B | 1426 | Improper Validation of Generative AI Output |
| HasMember | Allowed | B | 1427 | Improper Neutralization of Input Used for LLM Prompting |
| HasMember | Allowed | B | 1428 | Reliance on HTTP instead of HTTPS |
| HasMember | Allowed | B | 1429 | Missing Security-Relevant Feedback for Unexecuted Operations in Hardware Interface |
| HasMember | Allowed | V | 143 | Improper Neutralization of Record Delimiters |
| HasMember | Allowed | B | 1431 | Driving Intermediate Cryptographic State/Results to Hardware Module Outputs |
| HasMember | Allowed | V | 144 | Improper Neutralization of Line Delimiters |
| HasMember | Allowed | V | 145 | Improper Neutralization of Section Delimiters |
| HasMember | Allowed | V | 146 | Improper Neutralization of Expression/Command Delimiters |
| HasMember | Allowed | V | 147 | Improper Neutralization of Input Terminators |
| HasMember | Allowed | V | 150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| HasMember | Allowed | V | 151 | Improper Neutralization of Comment Delimiters |
| HasMember | Allowed | V | 152 | Improper Neutralization of Macro Symbols |
| HasMember | Allowed | V | 153 | Improper Neutralization of Substitution Characters |
| HasMember | Allowed | V | 154 | Improper Neutralization of Variable Name Delimiters |
| HasMember | Allowed | V | 155 | Improper Neutralization of Wildcards or Matching Symbols |
| HasMember | Allowed | V | 156 | Improper Neutralization of Whitespace |
| HasMember | Allowed | V | 157 | Failure to Sanitize Paired Delimiters |
| HasMember | Allowed | V | 158 | Improper Neutralization of Null Byte or NUL Character |
| HasMember | Allowed-with-Review | C | 159 | Improper Handling of Invalid Use of Special Elements |
| HasMember | Allowed | V | 160 | Improper Neutralization of Leading Special Elements |
| HasMember | Allowed | V | 161 | Improper Neutralization of Multiple Leading Special Elements |
| HasMember | Allowed | V | 162 | Improper Neutralization of Trailing Special Elements |
| HasMember | Allowed | V | 163 | Improper Neutralization of Multiple Trailing Special Elements |
| HasMember | Allowed | V | 164 | Improper Neutralization of Internal Special Elements |
| HasMember | Allowed | V | 165 | Improper Neutralization of Multiple Internal Special Elements |
| HasMember | Allowed | B | 166 | Improper Handling of Missing Special Element |
| HasMember | Allowed | B | 167 | Improper Handling of Additional Special Element |
| HasMember | Allowed | B | 168 | Improper Handling of Inconsistent Special Elements |
| HasMember | Allowed-with-Review | C | 172 | Encoding Error |
| HasMember | Allowed | V | 173 | Improper Handling of Alternate Encoding |
| HasMember | Allowed | V | 174 | Double Decoding of the Same Data |
| HasMember | Allowed | V | 175 | Improper Handling of Mixed Encoding |
| HasMember | Allowed | V | 176 | Improper Handling of Unicode Encoding |
| HasMember | Allowed | V | 177 | Improper Handling of URL Encoding (Hex Encoding) |
| HasMember | Allowed | B | 178 | Improper Handling of Case Sensitivity |
| HasMember | Allowed | B | 179 | Incorrect Behavior Order: Early Validation |
| HasMember | Allowed | V | 180 | Incorrect Behavior Order: Validate Before Canonicalize |
| HasMember | Allowed | V | 181 | Incorrect Behavior Order: Validate Before Filter |
| HasMember | Allowed | B | 182 | Collapse of Data into Unsafe Value |
| HasMember | Allowed | B | 183 | Permissive List of Allowed Inputs |
| HasMember | Allowed | B | 184 | Incomplete List of Disallowed Inputs |
| HasMember | Allowed-with-Review | C | 185 | Incorrect Regular Expression |
| HasMember | Allowed | B | 186 | Overly Restrictive Regular Expression |
| HasMember | Allowed | V | 187 | Partial String Comparison |
| HasMember | Allowed | B | 190 | Integer Overflow or Wraparound |
| HasMember | Allowed | B | 193 | Off-by-one Error |
| HasMember | Allowed | V | 198 | Use of Incorrect Byte Ordering |
| HasMember | Discouraged | C | 20 | Improper Input Validation |
| HasMember | Discouraged | C | 200 | Exposure of Sensitive Information to an Unauthorized Actor |
| HasMember | Allowed | B | 201 | Insertion of Sensitive Information Into Sent Data |
| HasMember | Allowed | B | 202 | Exposure of Sensitive Information Through Data Queries |
| HasMember | Allowed | B | 203 | Observable Discrepancy |
| HasMember | Allowed | B | 204 | Observable Response Discrepancy |
| HasMember | Allowed | B | 205 | Observable Behavioral Discrepancy |
| HasMember | Allowed | V | 206 | Observable Internal Behavioral Discrepancy |
| HasMember | Allowed | V | 207 | Observable Behavioral Discrepancy With Equivalent Products |
| HasMember | Allowed | B | 208 | Observable Timing Discrepancy |
| HasMember | Allowed | B | 209 | Generation of Error Message Containing Sensitive Information |
| HasMember | Allowed | B | 210 | Self-generated Error Message Containing Sensitive Information |
| HasMember | Allowed | B | 211 | Externally-Generated Error Message Containing Sensitive Information |
| HasMember | Allowed | B | 212 | Improper Removal of Sensitive Information Before Storage or Transfer |
| HasMember | Allowed | B | 213 | Exposure of Sensitive Information Due to Incompatible Policies |
| HasMember | Allowed | B | 214 | Invocation of Process Using Visible Sensitive Information |
| HasMember | Allowed | B | 215 | Insertion of Sensitive Information Into Debugging Code |
| HasMember | Allowed | V | 219 | Storage of File with Sensitive Data Under Web Root |
| HasMember | Allowed | B | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| HasMember | Allowed | V | 220 | Storage of File With Sensitive Data Under FTP Root |
| HasMember | Allowed-with-Review | C | 221 | Information Loss or Omission |
| HasMember | Allowed | B | 222 | Truncation of Security-relevant Information |
| HasMember | Allowed | B | 223 | Omission of Security-relevant Information |
| HasMember | Allowed | B | 224 | Obscured Security-relevant Information by Alternate Name |
| HasMember | Allowed | B | 226 | Sensitive Information in Resource Not Removed Before Reuse |
| HasMember | Allowed | B | 23 | Relative Path Traversal |
| HasMember | Allowed | V | 230 | Improper Handling of Missing Values |
| HasMember | Allowed | V | 231 | Improper Handling of Extra Values |
| HasMember | Allowed | V | 232 | Improper Handling of Undefined Values |
| HasMember | Discouraged | V | 234 | Failure to Handle Missing Parameter |
| HasMember | Allowed | V | 235 | Improper Handling of Extra Parameters |
| HasMember | Allowed | V | 236 | Improper Handling of Undefined Parameters |
| HasMember | Allowed | V | 238 | Improper Handling of Incomplete Structural Elements |
| HasMember | Allowed | V | 239 | Failure to Handle Incomplete Element |
| HasMember | Allowed | V | 24 | Path Traversal: '../filedir' |
| HasMember | Allowed | B | 240 | Improper Handling of Inconsistent Structural Elements |
| HasMember | Allowed | B | 241 | Improper Handling of Unexpected Data Type |
| HasMember | Allowed | V | 25 | Path Traversal: '/../filedir' |
| HasMember | Allowed | B | 250 | Execution with Unnecessary Privileges |
| HasMember | Allowed | B | 252 | Unchecked Return Value |
| HasMember | Allowed | B | 253 | Incorrect Check of Function Return Value |
| HasMember | Allowed | B | 256 | Plaintext Storage of a Password |
| HasMember | Allowed | B | 257 | Storing Passwords in a Recoverable Format |
| HasMember | Allowed | V | 258 | Empty Password in Configuration File |
| HasMember | Allowed | V | 259 | Use of Hard-coded Password |
| HasMember | Allowed | V | 26 | Path Traversal: '/dir/../filename' |
| HasMember | Allowed | B | 260 | Password in Configuration File |
| HasMember | Allowed | B | 261 | Weak Encoding for Password |
| HasMember | Allowed | B | 262 | Not Using Password Aging |
| HasMember | Allowed | B | 263 | Password Aging with Long Expiration |
| HasMember | Allowed | B | 266 | Incorrect Privilege Assignment |
| HasMember | Allowed | B | 267 | Privilege Defined With Unsafe Actions |
| HasMember | Allowed | B | 268 | Privilege Chaining |
| HasMember | Discouraged | C | 269 | Improper Privilege Management |
| HasMember | Allowed | V | 27 | Path Traversal: 'dir/../../filename' |
| HasMember | Allowed | B | 270 | Privilege Context Switching Error |
| HasMember | Allowed-with-Review | C | 271 | Privilege Dropping / Lowering Errors |
| HasMember | Allowed | B | 272 | Least Privilege Violation |
| HasMember | Allowed | B | 273 | Improper Check for Dropped Privileges |
| HasMember | Discouraged | B | 274 | Improper Handling of Insufficient Privileges |
| HasMember | Allowed | B | 276 | Incorrect Default Permissions |
| HasMember | Allowed | V | 277 | Insecure Inherited Permissions |
| HasMember | Allowed | V | 278 | Insecure Preserved Inherited Permissions |
| HasMember | Allowed | V | 279 | Incorrect Execution-Assigned Permissions |
| HasMember | Allowed | V | 28 | Path Traversal: '..\filedir' |
| HasMember | Allowed | B | 280 | Improper Handling of Insufficient Permissions or Privileges |
| HasMember | Allowed | B | 281 | Improper Preservation of Permissions |
| HasMember | Allowed-with-Review | C | 282 | Improper Ownership Management |
| HasMember | Allowed | B | 283 | Unverified Ownership |
| HasMember | Discouraged | C | 285 | Improper Authorization |
| HasMember | Allowed-with-Review | C | 286 | Incorrect User Management |
| HasMember | Discouraged | C | 287 | Improper Authentication |
| HasMember | Allowed | B | 288 | Authentication Bypass Using an Alternate Path or Channel |
| HasMember | Allowed | B | 289 | Authentication Bypass by Alternate Name |
| HasMember | Allowed | V | 29 | Path Traversal: '\..\filename' |
| HasMember | Allowed | V | 291 | Reliance on IP Address for Authentication |
| HasMember | Allowed | V | 293 | Using Referer Field for Authentication |
| HasMember | Allowed | B | 294 | Authentication Bypass by Capture-replay |
| HasMember | Allowed | B | 295 | Improper Certificate Validation |
| HasMember | Allowed | B | 296 | Improper Following of a Certificate's Chain of Trust |
| HasMember | Allowed | V | 297 | Improper Validation of Certificate with Host Mismatch |
| HasMember | Allowed | V | 298 | Improper Validation of Certificate Expiration |
| HasMember | Allowed | B | 299 | Improper Check for Certificate Revocation |
| HasMember | Allowed | V | 30 | Path Traversal: '\dir\..\filename' |
| HasMember | Discouraged | C | 300 | Channel Accessible by Non-Endpoint |
| HasMember | Allowed | B | 301 | Reflection Attack in an Authentication Protocol |
| HasMember | Allowed | B | 302 | Authentication Bypass by Assumed-Immutable Data |
| HasMember | Allowed | B | 303 | Incorrect Implementation of Authentication Algorithm |
| HasMember | Allowed | B | 304 | Missing Critical Step in Authentication |
| HasMember | Allowed | B | 305 | Authentication Bypass by Primary Weakness |
| HasMember | Allowed | B | 306 | Missing Authentication for Critical Function |
| HasMember | Allowed | B | 307 | Improper Restriction of Excessive Authentication Attempts |
| HasMember | Allowed | B | 308 | Use of Single-factor Authentication |
| HasMember | Allowed | B | 309 | Use of Password System for Primary Authentication |
| HasMember | Allowed | V | 31 | Path Traversal: 'dir\..\..\filename' |
| HasMember | Discouraged | C | 311 | Missing Encryption of Sensitive Data |
| HasMember | Allowed | B | 312 | Cleartext Storage of Sensitive Information |
| HasMember | Allowed | V | 313 | Cleartext Storage in a File or on Disk |
| HasMember | Allowed | V | 314 | Cleartext Storage in the Registry |
| HasMember | Allowed | V | 315 | Cleartext Storage of Sensitive Information in a Cookie |
| HasMember | Allowed | V | 316 | Cleartext Storage of Sensitive Information in Memory |
| HasMember | Allowed | V | 317 | Cleartext Storage of Sensitive Information in GUI |
| HasMember | Allowed | V | 318 | Cleartext Storage of Sensitive Information in Executable |
| HasMember | Allowed | B | 319 | Cleartext Transmission of Sensitive Information |
| HasMember | Allowed | V | 32 | Path Traversal: '...' (Triple Dot) |
| HasMember | Allowed | V | 321 | Use of Hard-coded Cryptographic Key |
| HasMember | Allowed | B | 322 | Key Exchange without Entity Authentication |
| HasMember | Allowed | B | 323 | Reusing a Nonce, Key Pair in Encryption |
| HasMember | Allowed | B | 324 | Use of a Key Past its Expiration Date |
| HasMember | Allowed | B | 325 | Missing Cryptographic Step |
| HasMember | Allowed-with-Review | C | 326 | Inadequate Encryption Strength |
| HasMember | Allowed-with-Review | C | 327 | Use of a Broken or Risky Cryptographic Algorithm |
| HasMember | Allowed | B | 328 | Use of Weak Hash |
| HasMember | Allowed | V | 329 | Generation of Predictable IV with CBC Mode |
| HasMember | Allowed | V | 33 | Path Traversal: '....' (Multiple Dot) |
| HasMember | Discouraged | C | 330 | Use of Insufficiently Random Values |
| HasMember | Allowed | B | 331 | Insufficient Entropy |
| HasMember | Allowed | V | 332 | Insufficient Entropy in PRNG |
| HasMember | Allowed | V | 333 | Improper Handling of Insufficient Entropy in TRNG |
| HasMember | Allowed | B | 334 | Small Space of Random Values |
| HasMember | Allowed | B | 335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
| HasMember | Allowed | V | 336 | Same Seed in Pseudo-Random Number Generator (PRNG) |
| HasMember | Allowed | V | 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) |
| HasMember | Allowed | B | 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| HasMember | Allowed | V | 339 | Small Seed Space in PRNG |
| HasMember | Allowed | V | 34 | Path Traversal: '....//' |
| HasMember | Allowed | B | 341 | Predictable from Observable State |
| HasMember | Allowed | B | 342 | Predictable Exact Value from Previous Values |
| HasMember | Allowed | B | 343 | Predictable Value Range from Previous Values |
| HasMember | Allowed | B | 344 | Use of Invariant Value in Dynamically Changing Context |
| HasMember | Discouraged | C | 345 | Insufficient Verification of Data Authenticity |
| HasMember | Allowed-with-Review | C | 346 | Origin Validation Error |
| HasMember | Allowed | B | 347 | Improper Verification of Cryptographic Signature |
| HasMember | Allowed | B | 348 | Use of Less Trusted Source |
| HasMember | Allowed | B | 349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| HasMember | Allowed | V | 35 | Path Traversal: '.../...//' |
| HasMember | Allowed | V | 350 | Reliance on Reverse DNS Resolution for a Security-Critical Action |
| HasMember | Allowed | B | 351 | Insufficient Type Distinction |
| HasMember | Allowed | C | 352 | Cross-Site Request Forgery (CSRF) |
| HasMember | Allowed | B | 353 | Missing Support for Integrity Check |
| HasMember | Allowed | B | 354 | Improper Validation of Integrity Check Value |
| HasMember | Allowed | B | 356 | Product UI does not Warn User of Unsafe Actions |
| HasMember | Allowed | B | 357 | Insufficient UI Warning of Dangerous Operations |
| HasMember | Allowed | B | 358 | Improperly Implemented Security Check for Standard |
| HasMember | Allowed | B | 359 | Exposure of Private Personal Information to an Unauthorized Actor |
| HasMember | Allowed | B | 36 | Absolute Path Traversal |
| HasMember | Allowed | B | 360 | Trust of System Event Data |
| HasMember | Allowed | B | 363 | Race Condition Enabling Link Following |
| HasMember | Allowed | B | 367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| HasMember | Allowed | B | 368 | Context Switching Race Condition |
| HasMember | Allowed | V | 37 | Path Traversal: '/absolute/pathname/here' |
| HasMember | Allowed | V | 370 | Missing Check for Certificate Revocation after Initial Check |
| HasMember | Discouraged | B | 372 | Incomplete Internal State Distinction |
| HasMember | Allowed-with-Review | C | 377 | Insecure Temporary File |
| HasMember | Allowed | B | 378 | Creation of Temporary File With Insecure Permissions |
| HasMember | Allowed | B | 379 | Creation of Temporary File in Directory with Insecure Permissions |
| HasMember | Allowed | V | 38 | Path Traversal: '\absolute\pathname\here' |
| HasMember | Allowed | C | 384 | Session Fixation |
| HasMember | Allowed | B | 385 | Covert Timing Channel |
| HasMember | Allowed | B | 386 | Symbolic Name not Mapping to Correct Object |
| HasMember | Allowed | V | 39 | Path Traversal: 'C:dirname' |
| HasMember | Allowed | B | 390 | Detection of Error Condition Without Action |
| HasMember | Prohibited | B | 391 | Unchecked Error Condition |
| HasMember | Allowed | B | 392 | Missing Report of Error Condition |
| HasMember | Allowed | B | 393 | Return of Wrong Status Code |
| HasMember | Allowed | B | 394 | Unexpected Status Code or Return Value |
| HasMember | Allowed | V | 40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
| HasMember | Discouraged | C | 400 | Uncontrolled Resource Consumption |
| HasMember | Allowed | B | 403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
| HasMember | Allowed-with-Review | C | 404 | Improper Resource Shutdown or Release |
| HasMember | Allowed-with-Review | C | 405 | Asymmetric Resource Consumption (Amplification) |
| HasMember | Allowed-with-Review | C | 406 | Insufficient Control of Network Message Volume (Network Amplification) |
| HasMember | Allowed-with-Review | C | 407 | Inefficient Algorithmic Complexity |
| HasMember | Allowed | B | 408 | Incorrect Behavior Order: Early Amplification |
| HasMember | Allowed | B | 409 | Improper Handling of Highly Compressed Data (Data Amplification) |
| HasMember | Allowed | B | 41 | Improper Resolution of Path Equivalence |
| HasMember | Allowed | C | 410 | Insufficient Resource Pool |
| HasMember | Allowed | B | 412 | Unrestricted Externally Accessible Lock |
| HasMember | Allowed | B | 413 | Improper Resource Locking |
| HasMember | Allowed | B | 414 | Missing Lock Check |
| HasMember | Allowed | B | 419 | Unprotected Primary Channel |
| HasMember | Allowed | V | 42 | Path Equivalence: 'filename.' (Trailing Dot) |
| HasMember | Allowed | B | 420 | Unprotected Alternate Channel |
| HasMember | Allowed | B | 421 | Race Condition During Access to Alternate Channel |
| HasMember | Allowed | V | 422 | Unprotected Windows Messaging Channel ('Shatter') |
| HasMember | Allowed-with-Review | C | 424 | Improper Protection of Alternate Path |
| HasMember | Allowed | B | 425 | Direct Request ('Forced Browsing') |
| HasMember | Allowed-with-Review | B | 426 | Untrusted Search Path |
| HasMember | Allowed-with-Review | B | 427 | Uncontrolled Search Path Element |
| HasMember | Allowed | B | 428 | Unquoted Search Path or Element |
| HasMember | Allowed | V | 43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) |
| HasMember | Allowed | B | 430 | Deployment of Wrong Handler |
| HasMember | Allowed | B | 431 | Missing Handler |
| HasMember | Allowed | B | 432 | Dangerous Signal Handler not Disabled During Sensitive Operations |
| HasMember | Allowed | V | 433 | Unparsed Raw Web Content Delivery |
| HasMember | Allowed | B | 434 | Unrestricted Upload of File with Dangerous Type |
| HasMember | Discouraged | P | 435 | Improper Interaction Between Multiple Correctly-Behaving Entities |
| HasMember | Allowed-with-Review | C | 436 | Interpretation Conflict |
| HasMember | Allowed | B | 437 | Incomplete Model of Endpoint Features |
| HasMember | Allowed | B | 439 | Behavioral Change in New Version or Environment |
| HasMember | Allowed | V | 44 | Path Equivalence: 'file.name' (Internal Dot) |
| HasMember | Allowed | B | 440 | Expected Behavior Violation |
| HasMember | Allowed-with-Review | C | 441 | Unintended Proxy or Intermediary ('Confused Deputy') |
| HasMember | Allowed | B | 444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HasMember | Allowed-with-Review | C | 446 | UI Discrepancy for Security Feature |
| HasMember | Allowed | B | 447 | Unimplemented or Unsupported Feature in UI |
| HasMember | Allowed | B | 448 | Obsolete Feature in UI |
| HasMember | Allowed | B | 449 | The UI Performs the Wrong Action |
| HasMember | Allowed | V | 45 | Path Equivalence: 'file...name' (Multiple Internal Dot) |
| HasMember | Allowed | B | 450 | Multiple Interpretations of UI Input |
| HasMember | Allowed-with-Review | C | 451 | User Interface (UI) Misrepresentation of Critical Information |
| HasMember | Allowed | V | 453 | Insecure Default Variable Initialization |
| HasMember | Allowed | B | 454 | External Initialization of Trusted Variables or Data Stores |
| HasMember | Allowed | B | 455 | Non-exit on Failed Initialization |
| HasMember | Allowed | V | 456 | Missing Initialization of a Variable |
| HasMember | Allowed | V | 457 | Use of Uninitialized Variable |
| HasMember | Allowed | B | 459 | Incomplete Cleanup |
| HasMember | Allowed | V | 46 | Path Equivalence: 'filename ' (Trailing Space) |
| HasMember | Allowed | V | 47 | Path Equivalence: ' filename' (Leading Space) |
| HasMember | Allowed | B | 471 | Modification of Assumed-Immutable Data (MAID) |
| HasMember | Allowed | B | 472 | External Control of Assumed-Immutable Web Parameter |
| HasMember | Allowed | B | 474 | Use of Function with Inconsistent Implementations |
| HasMember | Allowed | B | 475 | Undefined Behavior for Input to API |
| HasMember | Allowed | B | 477 | Use of Obsolete Function |
| HasMember | Allowed | V | 48 | Path Equivalence: 'file name' (Internal Whitespace) |
| HasMember | Allowed | B | 480 | Use of Incorrect Operator |
| HasMember | Allowed | B | 488 | Exposure of Data Element to Wrong Session |
| HasMember | Allowed | B | 489 | Active Debug Code |
| HasMember | Allowed | V | 49 | Path Equivalence: 'filename/' (Trailing Slash) |
| HasMember | Allowed | B | 494 | Download of Code Without Integrity Check |
| HasMember | Allowed | B | 497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere |
| HasMember | Allowed | V | 50 | Path Equivalence: '//multiple/leading/slash' |
| HasMember | Allowed | B | 501 | Trust Boundary Violation |
| HasMember | Allowed | V | 51 | Path Equivalence: '/multiple//internal/slash' |
| HasMember | Allowed | B | 511 | Logic/Time Bomb |
| HasMember | Allowed | V | 52 | Path Equivalence: '/multiple/trailing/slash//' |
| HasMember | Allowed | B | 521 | Weak Password Requirements |
| HasMember | Allowed-with-Review | C | 522 | Insufficiently Protected Credentials |
| HasMember | Allowed | V | 53 | Path Equivalence: '\multiple\\internal\backslash' |
| HasMember | Allowed | B | 538 | Insertion of Sensitive Information into Externally-Accessible File or Directory |
| HasMember | Allowed | V | 54 | Path Equivalence: 'filedir\' (Trailing Backslash) |
| HasMember | Allowed | V | 546 | Suspicious Comment |
| HasMember | Allowed | V | 55 | Path Equivalence: '/./' (Single Dot Directory) |
| HasMember | Allowed | B | 552 | Files or Directories Accessible to External Parties |
| HasMember | Allowed | V | 56 | Path Equivalence: 'filedir*' (Wildcard) |
| HasMember | Allowed | B | 561 | Dead Code |
| HasMember | Allowed | V | 57 | Path Equivalence: 'fakedir/../realdir/filename' |
| HasMember | Allowed | B | 570 | Expression is Always False |
| HasMember | Allowed | B | 571 | Expression is Always True |
| HasMember | Allowed | V | 58 | Path Equivalence: Windows 8.3 Filename |
| HasMember | Allowed | B | 59 | Improper Link Resolution Before File Access ('Link Following') |
| HasMember | Allowed | V | 595 | Comparison of Object References Instead of Object Contents |
| HasMember | Allowed | B | 601 | URL Redirection to Untrusted Site ('Open Redirect') |
| HasMember | Allowed-with-Review | C | 602 | Client-Side Enforcement of Server-Side Security |
| HasMember | Allowed | B | 603 | Use of Client-Side Authentication |
| HasMember | Allowed | V | 605 | Multiple Binds to the Same Port |
| HasMember | Allowed | C | 61 | UNIX Symbolic Link (Symlink) Following |
| HasMember | Allowed | B | 612 | Improper Authorization of Index Containing Sensitive Information |
| HasMember | Allowed | V | 62 | UNIX Hard Link |
| HasMember | Allowed | B | 620 | Unverified Password Change |
| HasMember | Allowed | V | 622 | Improper Validation of Function Hook Arguments |
| HasMember | Allowed | B | 628 | Function Call with Incorrectly Specified Arguments |
| HasMember | Allowed-with-Review | C | 636 | Not Failing Securely ('Failing Open') |
| HasMember | Allowed-with-Review | C | 637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
| HasMember | Allowed-with-Review | C | 638 | Not Using Complete Mediation |
| HasMember | Allowed | B | 639 | Authorization Bypass Through User-Controlled Key |
| HasMember | Allowed | V | 64 | Windows Shortcut Following (.LNK) |
| HasMember | Allowed-with-Review | B | 640 | Weak Password Recovery Mechanism for Forgotten Password |
| HasMember | Allowed | B | 641 | Improper Restriction of Names for Files and Other Resources |
| HasMember | Allowed-with-Review | C | 642 | External Control of Critical State Data |
| HasMember | Allowed | B | 643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
| HasMember | Allowed | V | 644 | Improper Neutralization of HTTP Headers for Scripting Syntax |
| HasMember | Allowed | B | 645 | Overly Restrictive Account Lockout Mechanism |
| HasMember | Allowed | V | 646 | Reliance on File Name or Extension of Externally-Supplied File |
| HasMember | Allowed | V | 647 | Use of Non-Canonical URL Paths for Authorization Decisions |
| HasMember | Allowed | B | 648 | Incorrect Use of Privileged APIs |
| HasMember | Allowed | B | 649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| HasMember | Allowed | V | 65 | Windows Hard Link |
| HasMember | Allowed | V | 650 | Trusting HTTP Permission Methods on the Server Side |
| HasMember | Allowed | V | 651 | Exposure of WSDL File Containing Sensitive Information |
| HasMember | Allowed | B | 652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
| HasMember | Allowed | C | 653 | Improper Isolation or Compartmentalization |
| HasMember | Allowed | B | 654 | Reliance on a Single Factor in a Security Decision |
| HasMember | Allowed-with-Review | C | 655 | Insufficient Psychological Acceptability |
| HasMember | Allowed-with-Review | C | 656 | Reliance on Security Through Obscurity |
| HasMember | Allowed | B | 66 | Improper Handling of File Names that Identify Virtual Resources |
| HasMember | Discouraged | P | 664 | Improper Control of a Resource Through its Lifetime |
| HasMember | Discouraged | C | 665 | Improper Initialization |
| HasMember | Allowed | V | 67 | Improper Handling of Windows Device Names |
| HasMember | Allowed-with-Review | C | 672 | Operation on a Resource after Expiration or Release |
| HasMember | Allowed-with-Review | C | 674 | Uncontrolled Recursion |
| HasMember | Allowed-with-Review | C | 675 | Multiple Operations on Resource in Single-Operation Context |
| HasMember | Discouraged | C | 680 | Integer Overflow to Buffer Overflow |
| HasMember | Allowed | B | 681 | Incorrect Conversion between Numeric Types |
| HasMember | Discouraged | P | 682 | Incorrect Calculation |
| HasMember | Allowed | V | 69 | Improper Handling of Windows ::DATA Alternate Data Stream |
| HasMember | Discouraged | P | 691 | Insufficient Control Flow Management |
| HasMember | Discouraged | C | 692 | Incomplete Denylist to Cross-Site Scripting |
| HasMember | Discouraged | P | 693 | Protection Mechanism Failure |
| HasMember | Allowed | B | 694 | Use of Multiple Resources with Duplicate Identifier |
| HasMember | Discouraged | P | 697 | Incorrect Comparison |
| HasMember | Discouraged | P | 703 | Improper Check or Handling of Exceptional Conditions |
| HasMember | Allowed-with-Review | C | 704 | Incorrect Type Conversion or Cast |
| HasMember | Allowed-with-Review | C | 705 | Incorrect Control Flow Scoping |
| HasMember | Allowed-with-Review | C | 706 | Use of Incorrectly-Resolved Name or Reference |
| HasMember | Discouraged | P | 707 | Improper Neutralization |
| HasMember | Allowed | B | 708 | Incorrect Ownership Assignment |
| HasMember | Discouraged | P | 710 | Improper Adherence to Coding Standards |
| HasMember | Allowed | V | 72 | Improper Handling of Apple HFS+ Alternate Data Stream Path |
| HasMember | Allowed | B | 73 | External Control of File Name or Path |
| HasMember | Allowed-with-Review | C | 732 | Incorrect Permission Assignment for Critical Resource |
| HasMember | Discouraged | C | 74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| HasMember | Allowed | B | 749 | Exposed Dangerous Method or Function |
| HasMember | Discouraged | C | 75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| HasMember | Allowed-with-Review | C | 754 | Improper Check for Unusual or Exceptional Conditions |
| HasMember | Discouraged | C | 755 | Improper Handling of Exceptional Conditions |
| HasMember | Allowed | B | 76 | Improper Neutralization of Equivalent Special Elements |
| HasMember | Allowed-with-Review | C | 77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| HasMember | Allowed | B | 770 | Allocation of Resources Without Limits or Throttling |
| HasMember | Allowed | B | 778 | Insufficient Logging |
| HasMember | Allowed | B | 779 | Logging of Excessive Data |
| HasMember | Allowed | B | 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| HasMember | Allowed | B | 783 | Operator Precedence Logic Error |
| HasMember | Allowed | V | 784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
| HasMember | Allowed | V | 789 | Memory Allocation with Excessive Size Value |
| HasMember | Allowed | B | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| HasMember | Allowed | B | 798 | Use of Hard-coded Credentials |
| HasMember | Allowed-with-Review | C | 799 | Improper Control of Interaction Frequency |
| HasMember | Allowed | V | 80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| HasMember | Allowed | B | 804 | Guessable CAPTCHA |
| HasMember | Allowed | B | 807 | Reliance on Untrusted Inputs in a Security Decision |
| HasMember | Allowed | V | 81 | Improper Neutralization of Script in an Error Message Web Page |
| HasMember | Allowed | V | 82 | Improper Neutralization of Script in Attributes of IMG Tags in a Web Page |
| HasMember | Allowed | V | 83 | Improper Neutralization of Script in Attributes in a Web Page |
| HasMember | Allowed | B | 835 | Loop with Unreachable Exit Condition ('Infinite Loop') |
| HasMember | Allowed | B | 836 | Use of Password Hash Instead of Password for Authentication |
| HasMember | Allowed | B | 837 | Improper Enforcement of a Single, Unique Action |
| HasMember | Allowed | B | 838 | Inappropriate Encoding for Output Context |
| HasMember | Allowed | V | 84 | Improper Neutralization of Encoded URI Schemes in a Web Page |
| HasMember | Allowed | B | 842 | Placement of User into Incorrect Group |
| HasMember | Allowed | V | 85 | Doubled Character XSS Manipulations |
| HasMember | Allowed | V | 86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
| HasMember | Allowed-with-Review | C | 862 | Missing Authorization |
| HasMember | Allowed-with-Review | C | 863 | Incorrect Authorization |
| HasMember | Allowed | V | 87 | Improper Neutralization of Alternate XSS Syntax |
| HasMember | Allowed | B | 88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| HasMember | Allowed | B | 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| HasMember | Allowed | B | 90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| HasMember | Allowed | B | 908 | Use of Uninitialized Resource |
| HasMember | Allowed-with-Review | C | 909 | Missing Initialization of Resource |
| HasMember | Allowed | B | 91 | XML Injection (aka Blind XPath Injection) |
| HasMember | Allowed | B | 910 | Use of Expired File Descriptor |
| HasMember | Allowed | B | 911 | Improper Update of Reference Count |
| HasMember | Allowed | B | 915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| HasMember | Allowed | B | 916 | Use of Password Hash With Insufficient Computational Effort |
| HasMember | Allowed | B | 918 | Server-Side Request Forgery (SSRF) |
| HasMember | Allowed | B | 920 | Improper Restriction of Power Consumption |
| HasMember | Allowed | B | 921 | Storage of Sensitive Data in a Mechanism without Access Control |
| HasMember | Allowed-with-Review | C | 922 | Insecure Storage of Sensitive Information |
| HasMember | Allowed-with-Review | C | 923 | Improper Restriction of Communication Channel to Intended Endpoints |
| HasMember | Allowed | B | 924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
| HasMember | Allowed | V | 925 | Improper Verification of Intent by Broadcast Receiver |
| HasMember | Allowed | V | 926 | Improper Export of Android Application Components |
| HasMember | Allowed | V | 927 | Use of Implicit Intent for Sensitive Communication |
| HasMember | Allowed | B | 93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| HasMember | Allowed | B | 940 | Improper Verification of Source of a Communication Channel |
| HasMember | Allowed | B | 941 | Incorrectly Specified Destination in a Communication Channel |
| HasMember | Allowed | V | 942 | Permissive Cross-domain Policy with Untrusted Domains |
| HasMember | Allowed-with-Review | C | 943 | Improper Neutralization of Special Elements in Data Query Logic |
| HasMember | Allowed | V | 97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| HasMember | Allowed-with-Review | C | 99 | Improper Control of Resource Identifiers ('Resource Injection') |