CWE
CWE Top 25 and beyond.
Common Weakness Enumeration entries that Deva detects. The CWE Top 25 (MITRE, 2024 edition) ranks the most dangerous and prevalent software weaknesses. Pages marked with a Deva guide include detection details, vulnerable / fixed code examples, and compliance framework mappings.
#1
CWE-79
Cross-site Scripting (XSS)
Deva guide
#2
CWE-787
Out-of-bounds Write
MITRE
#3
CWE-89
SQL Injection
Deva guide
#4
CWE-352
Cross-Site Request Forgery (CSRF)
Deva guide
#5
CWE-22
Path Traversal
Deva guide
#6
CWE-125
Out-of-bounds Read
MITRE
#7
CWE-78
OS Command Injection
Deva guide
#8
CWE-416
Use After Free
MITRE
#9
CWE-862
Missing Authorization
Deva guide
#10
CWE-434
Unrestricted Upload of File with Dangerous Type
Deva guide
#11
CWE-94
Code Injection
Deva guide
#12
CWE-20
Improper Input Validation
MITRE
#13
CWE-77
Command Injection
MITRE
#14
CWE-287
Improper Authentication
Deva guide
#15
CWE-269
Improper Privilege Management
MITRE
#16
CWE-502
Deserialization of Untrusted Data
Deva guide
#17
CWE-200
Exposure of Sensitive Information
Deva guide
#18
CWE-863
Incorrect Authorization
Deva guide
#19
CWE-918
Server-Side Request Forgery (SSRF)
Deva guide
#20
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
MITRE
#21
CWE-476
NULL Pointer Dereference
MITRE
#22
CWE-798
Use of Hardcoded Credentials
Deva guide
#23
CWE-190
Integer Overflow or Wraparound
MITRE
#24
CWE-400
Uncontrolled Resource Consumption
MITRE
#25
CWE-306
Missing Authentication for Critical Function
Deva guide
+
CWE-327
Broken Cryptography
Deva guide
Deva detects 970+ CWE patterns across 84 categories total. The page above lists the highest-priority entries (CWE Top 25 plus selected additions). For the complete coverage list, see the security scanner page.