| HasMember | Allowed | B | 1024 | Comparison of Incompatible Types |
| HasMember | Allowed | B | 1025 | Comparison Using Wrong Factors |
| HasMember | Allowed-with-Review | C | 1039 | Inadequate Detection or Handling of Adversarial Input Perturbations in Automated Recognition Mechanism |
| HasMember | Prohibited | C | 1059 | Insufficient Technical Documentation |
| HasMember | Discouraged | C | 118 | Incorrect Access of Indexable Resource ('Range Error') |
| HasMember | Allowed | B | 1209 | Failure to Disable Reserved Bits |
| HasMember | Allowed | B | 1221 | Incorrect Register Defaults or Module Parameters |
| HasMember | Allowed | B | 1224 | Improper Restriction of Write-Once Bit Fields |
| HasMember | Allowed | V | 1239 | Improper Zeroization of Hardware Register |
| HasMember | Allowed | B | 1249 | Application-Level Admin Tool with Inconsistent View of Underlying Operating System |
| HasMember | Allowed | B | 125 | Out-of-bounds Read |
| HasMember | Allowed | B | 1251 | Mirrored Regions with Different Values |
| HasMember | Allowed-with-Review | C | 1263 | Improper Physical Access Control |
| HasMember | Allowed | B | 1271 | Uninitialized Value on Reset for Registers Holding Security Settings |
| HasMember | Allowed | B | 1276 | Hardware Child Block Incorrectly Connected to Parent System |
| HasMember | Allowed | B | 1278 | Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques |
| HasMember | Allowed | B | 1279 | Cryptographic Operations are run Before Supporting Units are Ready |
| HasMember | Allowed | B | 1281 | Sequence of Processor Instructions Leads to Unexpected Behavior |
| HasMember | Allowed | B | 1282 | Assumed-Immutable Data is Stored in Writable Memory |
| HasMember | Allowed | B | 1284 | Improper Validation of Specified Quantity in Input |
| HasMember | Allowed | B | 1285 | Improper Validation of Specified Index, Position, or Offset in Input |
| HasMember | Allowed | B | 1286 | Improper Validation of Syntactic Correctness of Input |
| HasMember | Allowed | B | 1287 | Improper Validation of Specified Type of Input |
| HasMember | Allowed | B | 1288 | Improper Validation of Consistency within Input |
| HasMember | Allowed | B | 1289 | Improper Validation of Unsafe Equivalence in Input |
| HasMember | Allowed | B | 1291 | Public Key Re-Use for Signing both Debug and Production Code |
| HasMember | Allowed | B | 1295 | Debug Messages Revealing Unnecessary Information |
| HasMember | Allowed | B | 130 | Improper Handling of Length Parameter Inconsistency |
| HasMember | Allowed | B | 1310 | Missing Ability to Patch ROM Code |
| HasMember | Allowed | B | 1331 | Improper Isolation of Shared Resources in Network On Chip (NoC) |
| HasMember | Allowed | B | 1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
| HasMember | Allowed-with-Review | C | 1384 | Improper Handling of Physical or Environmental Conditions |
| HasMember | Allowed | V | 1385 | Missing Origin Validation in WebSockets |
| HasMember | Allowed-with-Review | C | 1395 | Dependency on Vulnerable Third-Party Component |
| HasMember | Allowed-with-Review | C | 1419 | Incorrect Initialization of Resource |
| HasMember | Discouraged | B | 1426 | Improper Validation of Generative AI Output |
| HasMember | Allowed | B | 1427 | Improper Neutralization of Input Used for LLM Prompting |
| HasMember | Allowed | B | 15 | External Control of System or Configuration Setting |
| HasMember | Allowed | V | 174 | Double Decoding of the Same Data |
| HasMember | Allowed-with-Review | C | 185 | Incorrect Regular Expression |
| HasMember | Allowed | V | 239 | Failure to Handle Incomplete Element |
| HasMember | Allowed | B | 240 | Improper Handling of Inconsistent Structural Elements |
| HasMember | Allowed | B | 241 | Improper Handling of Unexpected Data Type |
| HasMember | Allowed | B | 242 | Use of Inherently Dangerous Function |
| HasMember | Discouraged | P | 284 | Improper Access Control |
| HasMember | Allowed-with-Review | C | 286 | Incorrect User Management |
| HasMember | Allowed | B | 306 | Missing Authentication for Critical Function |
| HasMember | Allowed | V | 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) |
| HasMember | Allowed | V | 339 | Small Seed Space in PRNG |
| HasMember | Allowed-with-Review | C | 340 | Generation of Predictable Numbers or Identifiers |
| HasMember | Allowed | B | 341 | Predictable from Observable State |
| HasMember | Allowed | B | 342 | Predictable Exact Value from Previous Values |
| HasMember | Allowed | B | 343 | Predictable Value Range from Previous Values |
| HasMember | Allowed | B | 344 | Use of Invariant Value in Dynamically Changing Context |
| HasMember | Discouraged | C | 345 | Insufficient Verification of Data Authenticity |
| HasMember | Allowed-with-Review | C | 346 | Origin Validation Error |
| HasMember | Discouraged | B | 372 | Incomplete Internal State Distinction |
| HasMember | Allowed | B | 390 | Detection of Error Condition Without Action |
| HasMember | Prohibited | B | 391 | Unchecked Error Condition |
| HasMember | Allowed | B | 392 | Missing Report of Error Condition |
| HasMember | Allowed-with-Review | C | 404 | Improper Resource Shutdown or Release |
| HasMember | Allowed | B | 430 | Deployment of Wrong Handler |
| HasMember | Allowed | B | 431 | Missing Handler |
| HasMember | Discouraged | P | 435 | Improper Interaction Between Multiple Correctly-Behaving Entities |
| HasMember | Allowed-with-Review | C | 436 | Interpretation Conflict |
| HasMember | Allowed | B | 437 | Incomplete Model of Endpoint Features |
| HasMember | Allowed | B | 439 | Behavioral Change in New Version or Environment |
| HasMember | Allowed | B | 440 | Expected Behavior Violation |
| HasMember | Allowed-with-Review | C | 446 | UI Discrepancy for Security Feature |
| HasMember | Allowed | B | 447 | Unimplemented or Unsupported Feature in UI |
| HasMember | Allowed | B | 448 | Obsolete Feature in UI |
| HasMember | Allowed | B | 449 | The UI Performs the Wrong Action |
| HasMember | Allowed | B | 450 | Multiple Interpretations of UI Input |
| HasMember | Allowed | V | 456 | Missing Initialization of a Variable |
| HasMember | Allowed | B | 460 | Improper Cleanup on Thrown Exception |
| HasMember | Allowed | V | 462 | Duplicate Key in Associative List (Alist) |
| HasMember | Allowed | B | 474 | Use of Function with Inconsistent Implementations |
| HasMember | Allowed | B | 475 | Undefined Behavior for Input to API |
| HasMember | Allowed | B | 478 | Missing Default Case in Multiple Condition Expression |
| HasMember | Allowed | B | 489 | Active Debug Code |
| HasMember | Allowed | V | 491 | Public cloneable() Method Without Final ('Object Hijack') |
| HasMember | Allowed | B | 502 | Deserialization of Untrusted Data |
| HasMember | Allowed | B | 511 | Logic/Time Bomb |
| HasMember | Allowed | B | 544 | Missing Standardized Error Handling Mechanism |
| HasMember | Allowed | B | 547 | Use of Hard-coded, Security-relevant Constants |
| HasMember | Allowed | B | 563 | Assignment to Variable without Use |
| HasMember | Allowed | B | 570 | Expression is Always False |
| HasMember | Allowed | B | 571 | Expression is Always True |
| HasMember | Allowed | V | 572 | Call to Thread run() instead of start() |
| HasMember | Allowed-with-Review | C | 573 | Improper Following of Specification by Caller |
| HasMember | Allowed | V | 578 | EJB Bad Practices: Use of Class Loader |
| HasMember | Allowed | V | 595 | Comparison of Object References Instead of Object Contents |
| HasMember | Discouraged | C | 668 | Exposure of Resource to Wrong Sphere |
| HasMember | Allowed-with-Review | C | 671 | Lack of Administrator Control over Security |
| HasMember | Allowed | B | 676 | Use of Potentially Dangerous Function |
| HasMember | Discouraged | P | 697 | Incorrect Comparison |
| HasMember | Allowed | V | 768 | Incorrect Short Circuit Evaluation |
| HasMember | Allowed | V | 782 | Exposed IOCTL with Insufficient Access Control |
| HasMember | Allowed | B | 783 | Operator Precedence Logic Error |
| HasMember | Allowed | B | 807 | Reliance on Untrusted Inputs in a Security Decision |
| HasMember | Allowed | V | 831 | Signal Handler Function Associated with Multiple Signals |
| HasMember | Allowed | B | 837 | Improper Enforcement of a Single, Unique Action |
| HasMember | Allowed-with-Review | C | 912 | Hidden Functionality |
| HasMember | Allowed-with-Review | C | 913 | Improper Control of Dynamically-Managed Code Resources |
| HasMember | Allowed | B | 914 | Improper Control of Dynamically-Identified Variables |
| HasMember | Allowed | B | 915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| HasMember | Allowed | V | 926 | Improper Export of Android Application Components |
| HasMember | Allowed | V | 927 | Use of Implicit Intent for Sensitive Communication |
| HasMember | Allowed | B | 940 | Improper Verification of Source of a Communication Channel |
| HasMember | Allowed | V | 942 | Permissive Cross-domain Policy with Untrusted Domains |
| HasMember | Allowed-with-Review | C | 943 | Improper Neutralization of Special Elements in Data Query Logic |