| HasMember | Allowed | V | 102 | Struts: Duplicate Validation Forms |
| HasMember | Allowed | V | 105 | Struts: Form Field Without Validator |
| HasMember | Allowed | V | 106 | Struts: Plug-in Framework not in Use |
| HasMember | Allowed | B | 112 | Missing XML Validation |
| HasMember | Allowed | B | 115 | Misinterpretation of Input |
| HasMember | Allowed | B | 1173 | Improper Use of Validation Framework |
| HasMember | Allowed | V | 1174 | ASP.NET Misconfiguration: Improper Model Validation |
| HasMember | Allowed | B | 1245 | Improper Finite State Machines (FSMs) in Hardware Logic |
| HasMember | Allowed | B | 1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System |
| HasMember | Allowed | B | 1262 | Improper Access Control for Register Interface |
| HasMember | Allowed | B | 1265 | Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls |
| HasMember | Allowed | B | 1304 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation |
| HasMember | Allowed | B | 1313 | Hardware Allows Activation of Test or Debug Logic at Runtime |
| HasMember | Allowed | B | 1320 | Improper Protection for Outbound Error Messages and Alert Signals |
| HasMember | Allowed | B | 1332 | Improper Handling of Faults that Lead to Instruction Skips |
| HasMember | Allowed | B | 1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy |
| HasMember | Allowed | B | 1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
| HasMember | Allowed-with-Review | C | 1384 | Improper Handling of Physical or Environmental Conditions |
| HasMember | Allowed | B | 140 | Improper Neutralization of Delimiters |
| HasMember | Allowed | V | 141 | Improper Neutralization of Parameter/Argument Delimiters |
| HasMember | Allowed-with-Review | C | 1419 | Incorrect Initialization of Resource |
| HasMember | Allowed | V | 142 | Improper Neutralization of Value Delimiters |
| HasMember | Allowed | V | 143 | Improper Neutralization of Record Delimiters |
| HasMember | Allowed | V | 144 | Improper Neutralization of Line Delimiters |
| HasMember | Allowed | V | 145 | Improper Neutralization of Section Delimiters |
| HasMember | Allowed | V | 147 | Improper Neutralization of Input Terminators |
| HasMember | Allowed | V | 148 | Improper Neutralization of Input Leaders |
| HasMember | Allowed | V | 149 | Improper Neutralization of Quoting Syntax |
| HasMember | Allowed | V | 150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| HasMember | Allowed | V | 151 | Improper Neutralization of Comment Delimiters |
| HasMember | Allowed | V | 152 | Improper Neutralization of Macro Symbols |
| HasMember | Allowed | V | 153 | Improper Neutralization of Substitution Characters |
| HasMember | Allowed | V | 154 | Improper Neutralization of Variable Name Delimiters |
| HasMember | Allowed | V | 155 | Improper Neutralization of Wildcards or Matching Symbols |
| HasMember | Allowed | V | 156 | Improper Neutralization of Whitespace |
| HasMember | Allowed | V | 157 | Failure to Sanitize Paired Delimiters |
| HasMember | Allowed | V | 158 | Improper Neutralization of Null Byte or NUL Character |
| HasMember | Allowed-with-Review | C | 159 | Improper Handling of Invalid Use of Special Elements |
| HasMember | Allowed | V | 160 | Improper Neutralization of Leading Special Elements |
| HasMember | Allowed | V | 161 | Improper Neutralization of Multiple Leading Special Elements |
| HasMember | Allowed | V | 162 | Improper Neutralization of Trailing Special Elements |
| HasMember | Allowed | V | 163 | Improper Neutralization of Multiple Trailing Special Elements |
| HasMember | Allowed | V | 164 | Improper Neutralization of Internal Special Elements |
| HasMember | Allowed | V | 165 | Improper Neutralization of Multiple Internal Special Elements |
| HasMember | Allowed | B | 167 | Improper Handling of Additional Special Element |
| HasMember | Allowed-with-Review | C | 172 | Encoding Error |
| HasMember | Allowed | V | 175 | Improper Handling of Mixed Encoding |
| HasMember | Allowed | V | 176 | Improper Handling of Unicode Encoding |
| HasMember | Allowed | V | 177 | Improper Handling of URL Encoding (Hex Encoding) |
| HasMember | Allowed-with-Review | C | 185 | Incorrect Regular Expression |
| HasMember | Allowed | V | 195 | Signed to Unsigned Conversion Error |
| HasMember | Allowed | V | 198 | Use of Incorrect Byte Ordering |
| HasMember | Allowed-with-Review | C | 228 | Improper Handling of Syntactically Invalid Structure |
| HasMember | Allowed | B | 229 | Improper Handling of Values |
| HasMember | Allowed | V | 230 | Improper Handling of Missing Values |
| HasMember | Allowed | V | 231 | Improper Handling of Extra Values |
| HasMember | Allowed | V | 232 | Improper Handling of Undefined Values |
| HasMember | Allowed | B | 233 | Improper Handling of Parameters |
| HasMember | Allowed | V | 235 | Improper Handling of Extra Parameters |
| HasMember | Allowed | V | 236 | Improper Handling of Undefined Parameters |
| HasMember | Allowed | B | 237 | Improper Handling of Structural Elements |
| HasMember | Allowed | V | 238 | Improper Handling of Incomplete Structural Elements |
| HasMember | Allowed | V | 239 | Failure to Handle Incomplete Element |
| HasMember | Allowed | B | 240 | Improper Handling of Inconsistent Structural Elements |
| HasMember | Allowed | B | 241 | Improper Handling of Unexpected Data Type |
| HasMember | Allowed | B | 252 | Unchecked Return Value |
| HasMember | Allowed | B | 253 | Incorrect Check of Function Return Value |
| HasMember | Discouraged | C | 345 | Insufficient Verification of Data Authenticity |
| HasMember | Allowed | B | 366 | Race Condition within a Thread |
| HasMember | Allowed | B | 367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| HasMember | Discouraged | B | 372 | Incomplete Internal State Distinction |
| HasMember | Allowed | B | 390 | Detection of Error Condition Without Action |
| HasMember | Prohibited | B | 391 | Unchecked Error Condition |
| HasMember | Allowed | B | 392 | Missing Report of Error Condition |
| HasMember | Allowed | B | 393 | Return of Wrong Status Code |
| HasMember | Allowed | B | 394 | Unexpected Status Code or Return Value |
| HasMember | Allowed | B | 430 | Deployment of Wrong Handler |
| HasMember | Discouraged | P | 435 | Improper Interaction Between Multiple Correctly-Behaving Entities |
| HasMember | Allowed-with-Review | C | 436 | Interpretation Conflict |
| HasMember | Allowed | B | 437 | Incomplete Model of Endpoint Features |
| HasMember | Allowed | B | 444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| HasMember | Allowed | V | 456 | Missing Initialization of a Variable |
| HasMember | Allowed | B | 471 | Modification of Assumed-Immutable Data (MAID) |
| HasMember | Allowed | V | 482 | Comparing instead of Assigning |
| HasMember | Allowed | V | 491 | Public cloneable() Method Without Final ('Object Hijack') |
| HasMember | Allowed | B | 502 | Deserialization of Untrusted Data |
| HasMember | Allowed | B | 544 | Missing Standardized Error Handling Mechanism |
| HasMember | Allowed | V | 554 | ASP.NET Misconfiguration: Not Using Input Validation Framework |
| HasMember | Allowed | V | 580 | clone() Method Without super.clone() |
| HasMember | Allowed | B | 586 | Explicit Call to Finalize() |
| HasMember | Allowed | V | 622 | Improper Validation of Function Hook Arguments |
| HasMember | Allowed | V | 626 | Null Byte Interaction Error (Poison Null Byte) |
| HasMember | Allowed | B | 649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| HasMember | Allowed-with-Review | C | 669 | Incorrect Resource Transfer Between Spheres |
| HasMember | Allowed | B | 676 | Use of Potentially Dangerous Function |
| HasMember | Allowed | B | 681 | Incorrect Conversion between Numeric Types |
| HasMember | Discouraged | P | 703 | Improper Check or Handling of Exceptional Conditions |
| HasMember | Allowed-with-Review | C | 754 | Improper Check for Unusual or Exceptional Conditions |
| HasMember | Allowed | B | 764 | Multiple Locks of a Critical Resource |
| HasMember | Allowed | B | 765 | Multiple Unlocks of a Critical Resource |
| HasMember | Allowed | B | 783 | Operator Precedence Logic Error |
| HasMember | Allowed | B | 787 | Out-of-bounds Write |
| HasMember | Allowed-with-Review | C | 790 | Improper Filtering of Special Elements |
| HasMember | Allowed | B | 791 | Incomplete Filtering of Special Elements |
| HasMember | Allowed | V | 792 | Incomplete Filtering of One or More Instances of Special Elements |
| HasMember | Allowed | V | 793 | Only Filtering One Instance of a Special Element |
| HasMember | Allowed | V | 794 | Incomplete Filtering of Multiple Instances of Special Elements |
| HasMember | Allowed | B | 795 | Only Filtering Special Elements at a Specified Location |
| HasMember | Allowed | V | 796 | Only Filtering Special Elements Relative to a Marker |
| HasMember | Allowed | V | 797 | Only Filtering Special Elements at an Absolute Position |
| HasMember | Allowed | V | 84 | Improper Neutralization of Encoded URI Schemes in a Web Page |
| HasMember | Allowed | V | 926 | Improper Export of Android Application Components |