CWE-20 Go go/constant-length-comparison Constant length comparison CWE-20 Go go/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-20 Go go/incomplete-hostname-regexp Incomplete regular expression for hostnames CWE-20 Go go/incomplete-url-scheme-check Incomplete URL scheme check CWE-20 Go go/regex/missing-regexp-anchor Missing regular expression anchor CWE-20 Go go/suspicious-character-in-regex Suspicious characters in a regular expression CWE-20 Go go/untrusted-data-to-external-api Untrusted data passed to external API CWE-20 Go go/untrusted-data-to-unknown-external-api Untrusted data passed to unknown external API CWE-22 Go go/path-injection Uncontrolled data used in path expression CWE-22 Go go/unsafe-unzip-symlink Arbitrary file write extracting an archive containing symbolic links CWE-22 Go go/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-23 Go go/path-injection Uncontrolled data used in path expression CWE-36 Go go/path-injection Uncontrolled data used in path expression CWE-73 Go go/path-injection Uncontrolled data used in path expression CWE-74 Go go/path-injection Uncontrolled data used in path expression CWE-74 Go go/command-injection Command built from user-controlled sources CWE-74 Go go/stored-command Command built from stored data CWE-74 Go go/html-template-escaping-bypass-xss Cross-site scripting via HTML template escaping bypass CWE-74 Go go/reflected-xss Reflected cross-site scripting CWE-74 Go go/stored-xss Stored cross-site scripting CWE-74 Go go/sql-injection Database query built from user-controlled sources CWE-74 Go go/unsafe-quoting Potentially unsafe quoting CWE-74 Go go/xml/xpath-injection XPath injection CWE-74 Go go/ldap-injection LDAP query built from user-controlled sources CWE-74 Go go/dsn-injection SQL Data-source URI built from user-controlled sources CWE-74 Go go/dsn-injection-local SQL Data-source URI built from local user-controlled sources CWE-77 Go go/command-injection Command built from user-controlled sources CWE-77 Go go/stored-command Command built from stored data CWE-77 Go go/unsafe-quoting Potentially unsafe quoting CWE-78 Go go/command-injection Command built from user-controlled sources CWE-78 Go go/stored-command Command built from stored data CWE-78 Go go/unsafe-quoting Potentially unsafe quoting CWE-79 Go go/html-template-escaping-bypass-xss Cross-site scripting via HTML template escaping bypass CWE-79 Go go/reflected-xss Reflected cross-site scripting CWE-79 Go go/stored-xss Stored cross-site scripting CWE-89 Go go/sql-injection Database query built from user-controlled sources CWE-89 Go go/unsafe-quoting Potentially unsafe quoting CWE-90 Go go/ldap-injection LDAP query built from user-controlled sources CWE-91 Go go/xml/xpath-injection XPath injection CWE-94 Go go/unsafe-quoting Potentially unsafe quoting CWE-99 Go go/path-injection Uncontrolled data used in path expression CWE-116 Go go/html-template-escaping-bypass-xss Cross-site scripting via HTML template escaping bypass CWE-116 Go go/reflected-xss Reflected cross-site scripting CWE-116 Go go/stored-xss Stored cross-site scripting CWE-116 Go go/log-injection Log entries created from user input CWE-117 Go go/log-injection Log entries created from user input CWE-118 Go go/wrong-usage-of-unsafe Wrong usage of package unsafe CWE-119 Go go/wrong-usage-of-unsafe Wrong usage of package unsafe CWE-125 Go go/wrong-usage-of-unsafe Wrong usage of package unsafe CWE-126 Go go/wrong-usage-of-unsafe Wrong usage of package unsafe CWE-129 Go go/constant-length-comparison Constant length comparison CWE-183 Go go/cors-misconfiguration CORS misconfiguration CWE-190 Go go/allocation-size-overflow Size computation for allocation may overflow CWE-190 Go go/incorrect-integer-conversion Incorrect conversion between integer types CWE-193 Go go/index-out-of-bounds Off-by-one comparison against length CWE-197 Go go/shift-out-of-range Shift out of range CWE-200 Go go/stack-trace-exposure Information exposure through a stack trace CWE-200 Go go/clear-text-logging Clear-text logging of sensitive information CWE-200 Go go/timing-attack Timing attacks due to comparison of sensitive secrets CWE-203 Go go/timing-attack Timing attacks due to comparison of sensitive secrets CWE-209 Go go/stack-trace-exposure Information exposure through a stack trace CWE-247 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-248 Go go/redundant-recover Redundant call to recover CWE-252 Go go/missing-error-check Missing error check CWE-252 Go go/unhandled-writable-file-close Writable file handle closed without error handling CWE-259 Go go/hardcoded-credentials Hard-coded credentials CWE-284 Go go/insecure-hostkeycallback Use of insecure HostKeyCallback implementation CWE-284 Go go/email-injection Email content injection CWE-284 Go go/hardcoded-credentials Hard-coded credentials CWE-284 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-284 Go go/improper-ldap-auth Improper LDAP Authentication CWE-284 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-284 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-284 Go go/cors-misconfiguration CORS misconfiguration CWE-285 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-287 Go go/email-injection Email content injection CWE-287 Go go/hardcoded-credentials Hard-coded credentials CWE-287 Go go/improper-ldap-auth Improper LDAP Authentication CWE-287 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-287 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-290 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-295 Go go/disabled-certificate-check Disabled TLS certificate check CWE-311 Go go/clear-text-logging Clear-text logging of sensitive information CWE-311 Go go/cookie-secure-not-set Cookie 'Secure' attribute is not set to true CWE-312 Go go/clear-text-logging Clear-text logging of sensitive information CWE-315 Go go/clear-text-logging Clear-text logging of sensitive information CWE-321 Go go/hardcoded-credentials Hard-coded credentials CWE-321 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-322 Go go/insecure-hostkeycallback Use of insecure HostKeyCallback implementation CWE-326 Go go/weak-crypto-key Use of a weak cryptographic key CWE-326 Go go/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-326 Go go/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-327 Go go/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-327 Go go/insecure-tls Insecure TLS configuration CWE-327 Go go/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-328 Go go/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-328 Go go/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-330 Go go/insecure-randomness Use of insufficient randomness as the key of a cryptographic algorithm CWE-330 Go go/hardcoded-credentials Hard-coded credentials CWE-330 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-338 Go go/insecure-randomness Use of insufficient randomness as the key of a cryptographic algorithm CWE-344 Go go/hardcoded-credentials Hard-coded credentials CWE-344 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-345 Go go/missing-jwt-signature-check Missing JWT signature check CWE-345 Go go/constant-oauth2-state Use of constant state value in OAuth 2.0 URL CWE-345 Go go/cors-misconfiguration CORS misconfiguration CWE-346 Go go/cors-misconfiguration CORS misconfiguration CWE-347 Go go/missing-jwt-signature-check Missing JWT signature check CWE-350 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-352 Go go/constant-oauth2-state Use of constant state value in OAuth 2.0 URL CWE-359 Go go/clear-text-logging Clear-text logging of sensitive information CWE-369 Go go/divide-by-zero Divide by zero CWE-398 Go go/comparison-of-identical-expressions Comparison of identical values CWE-398 Go go/useless-assignment-to-field Useless assignment to field CWE-398 Go go/useless-assignment-to-local Useless assignment to local variable CWE-398 Go go/duplicate-branches Duplicate 'if' branches CWE-398 Go go/duplicate-condition Duplicate 'if' condition CWE-398 Go go/duplicate-switch-case Duplicate switch case CWE-398 Go go/useless-expression Expression has no effect CWE-398 Go go/impossible-interface-nil-check Impossible interface nil check CWE-398 Go go/negative-length-check Redundant check for negative value CWE-398 Go go/redundant-operation Identical operands CWE-398 Go go/redundant-assignment Self assignment CWE-398 Go go/unreachable-statement Unreachable statement CWE-398 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-400 Go go/uncontrolled-allocation-size Slice memory allocation with excessive size value CWE-405 Go go/uncontrolled-file-decompression Uncontrolled file decompression CWE-409 Go go/uncontrolled-file-decompression Uncontrolled file decompression CWE-441 Go go/request-forgery Uncontrolled data used in network request CWE-441 Go go/ssrf Uncontrolled data used in network request CWE-480 Go go/mistyped-exponentiation Bitwise exclusive-or used like exponentiation CWE-480 Go go/useless-expression Expression has no effect CWE-480 Go go/redundant-operation Identical operands CWE-480 Go go/redundant-assignment Self assignment CWE-497 Go go/stack-trace-exposure Information exposure through a stack trace CWE-561 Go go/comparison-of-identical-expressions Comparison of identical values CWE-561 Go go/duplicate-branches Duplicate 'if' branches CWE-561 Go go/duplicate-condition Duplicate 'if' condition CWE-561 Go go/duplicate-switch-case Duplicate switch case CWE-561 Go go/useless-expression Expression has no effect CWE-561 Go go/impossible-interface-nil-check Impossible interface nil check CWE-561 Go go/negative-length-check Redundant check for negative value CWE-561 Go go/redundant-operation Identical operands CWE-561 Go go/redundant-assignment Self assignment CWE-561 Go go/unreachable-statement Unreachable statement CWE-561 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-563 Go go/useless-assignment-to-field Useless assignment to field CWE-563 Go go/useless-assignment-to-local Useless assignment to local variable CWE-570 Go go/comparison-of-identical-expressions Comparison of identical values CWE-570 Go go/impossible-interface-nil-check Impossible interface nil check CWE-571 Go go/comparison-of-identical-expressions Comparison of identical values CWE-571 Go go/negative-length-check Redundant check for negative value CWE-592 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-601 Go go/bad-redirect-check Bad redirect check CWE-601 Go go/unvalidated-url-redirection Open URL redirect CWE-610 Go go/path-injection Uncontrolled data used in path expression CWE-610 Go go/bad-redirect-check Bad redirect check CWE-610 Go go/unvalidated-url-redirection Open URL redirect CWE-610 Go go/request-forgery Uncontrolled data used in network request CWE-610 Go go/ssrf Uncontrolled data used in network request CWE-614 Go go/cookie-secure-not-set Cookie 'Secure' attribute is not set to true CWE-640 Go go/email-injection Email content injection CWE-642 Go go/path-injection Uncontrolled data used in path expression CWE-643 Go go/xml/xpath-injection XPath injection CWE-657 Go go/hardcoded-credentials Hard-coded credentials CWE-657 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-664 Go go/shift-out-of-range Shift out of range CWE-664 Go go/path-injection Uncontrolled data used in path expression CWE-664 Go go/unsafe-unzip-symlink Arbitrary file write extracting an archive containing symbolic links CWE-664 Go go/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-664 Go go/unsafe-quoting Potentially unsafe quoting CWE-664 Go go/stack-trace-exposure Information exposure through a stack trace CWE-664 Go go/clear-text-logging Clear-text logging of sensitive information CWE-664 Go go/insecure-hostkeycallback Use of insecure HostKeyCallback implementation CWE-664 Go go/bad-redirect-check Bad redirect check CWE-664 Go go/unvalidated-url-redirection Open URL redirect CWE-664 Go go/email-injection Email content injection CWE-664 Go go/incorrect-integer-conversion Incorrect conversion between integer types CWE-664 Go go/uncontrolled-allocation-size Slice memory allocation with excessive size value CWE-664 Go go/hardcoded-credentials Hard-coded credentials CWE-664 Go go/request-forgery Uncontrolled data used in network request CWE-664 Go go/timing-attack Timing attacks due to comparison of sensitive secrets CWE-664 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-664 Go go/improper-ldap-auth Improper LDAP Authentication CWE-664 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-664 Go go/uncontrolled-file-decompression Uncontrolled file decompression CWE-664 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-664 Go go/ssrf Uncontrolled data used in network request CWE-664 Go go/cors-misconfiguration CORS misconfiguration CWE-665 Go go/uncontrolled-allocation-size Slice memory allocation with excessive size value CWE-668 Go go/path-injection Uncontrolled data used in path expression CWE-668 Go go/unsafe-unzip-symlink Arbitrary file write extracting an archive containing symbolic links CWE-668 Go go/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-668 Go go/stack-trace-exposure Information exposure through a stack trace CWE-668 Go go/clear-text-logging Clear-text logging of sensitive information CWE-668 Go go/timing-attack Timing attacks due to comparison of sensitive secrets CWE-668 Go go/cors-misconfiguration CORS misconfiguration CWE-670 Go go/mistyped-exponentiation Bitwise exclusive-or used like exponentiation CWE-670 Go go/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-670 Go go/useless-expression Expression has no effect CWE-670 Go go/redundant-operation Identical operands CWE-670 Go go/redundant-assignment Self assignment CWE-671 Go go/hardcoded-credentials Hard-coded credentials CWE-671 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-681 Go go/shift-out-of-range Shift out of range CWE-681 Go go/incorrect-integer-conversion Incorrect conversion between integer types CWE-682 Go go/index-out-of-bounds Off-by-one comparison against length CWE-682 Go go/allocation-size-overflow Size computation for allocation may overflow CWE-682 Go go/incorrect-integer-conversion Incorrect conversion between integer types CWE-682 Go go/divide-by-zero Divide by zero CWE-691 Go go/inconsistent-loop-direction Inconsistent direction of for loop CWE-691 Go go/mistyped-exponentiation Bitwise exclusive-or used like exponentiation CWE-691 Go go/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-691 Go go/useless-expression Expression has no effect CWE-691 Go go/redundant-operation Identical operands CWE-691 Go go/redundant-recover Redundant call to recover CWE-691 Go go/redundant-assignment Self assignment CWE-691 Go go/unsafe-quoting Potentially unsafe quoting CWE-693 Go go/constant-length-comparison Constant length comparison CWE-693 Go go/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-693 Go go/incomplete-hostname-regexp Incomplete regular expression for hostnames CWE-693 Go go/incomplete-url-scheme-check Incomplete URL scheme check CWE-693 Go go/regex/missing-regexp-anchor Missing regular expression anchor CWE-693 Go go/suspicious-character-in-regex Suspicious characters in a regular expression CWE-693 Go go/untrusted-data-to-external-api Untrusted data passed to external API CWE-693 Go go/untrusted-data-to-unknown-external-api Untrusted data passed to unknown external API CWE-693 Go go/disabled-certificate-check Disabled TLS certificate check CWE-693 Go go/clear-text-logging Clear-text logging of sensitive information CWE-693 Go go/insecure-hostkeycallback Use of insecure HostKeyCallback implementation CWE-693 Go go/weak-crypto-key Use of a weak cryptographic key CWE-693 Go go/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-693 Go go/insecure-tls Insecure TLS configuration CWE-693 Go go/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-693 Go go/missing-jwt-signature-check Missing JWT signature check CWE-693 Go go/constant-oauth2-state Use of constant state value in OAuth 2.0 URL CWE-693 Go go/cookie-secure-not-set Cookie 'Secure' attribute is not set to true CWE-693 Go go/email-injection Email content injection CWE-693 Go go/hardcoded-credentials Hard-coded credentials CWE-693 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-693 Go go/improper-ldap-auth Improper LDAP Authentication CWE-693 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-693 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-693 Go go/cors-misconfiguration CORS misconfiguration CWE-697 Go go/cors-misconfiguration CORS misconfiguration CWE-703 Go go/missing-error-check Missing error check CWE-703 Go go/unhandled-writable-file-close Writable file handle closed without error handling CWE-703 Go go/redundant-recover Redundant call to recover CWE-703 Go go/stack-trace-exposure Information exposure through a stack trace CWE-704 Go go/shift-out-of-range Shift out of range CWE-704 Go go/incorrect-integer-conversion Incorrect conversion between integer types CWE-705 Go go/redundant-recover Redundant call to recover CWE-706 Go go/path-injection Uncontrolled data used in path expression CWE-706 Go go/unsafe-unzip-symlink Arbitrary file write extracting an archive containing symbolic links CWE-706 Go go/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-707 Go go/path-injection Uncontrolled data used in path expression CWE-707 Go go/command-injection Command built from user-controlled sources CWE-707 Go go/stored-command Command built from stored data CWE-707 Go go/html-template-escaping-bypass-xss Cross-site scripting via HTML template escaping bypass CWE-707 Go go/reflected-xss Reflected cross-site scripting CWE-707 Go go/stored-xss Stored cross-site scripting CWE-707 Go go/sql-injection Database query built from user-controlled sources CWE-707 Go go/unsafe-quoting Potentially unsafe quoting CWE-707 Go go/log-injection Log entries created from user input CWE-707 Go go/xml/xpath-injection XPath injection CWE-707 Go go/ldap-injection LDAP query built from user-controlled sources CWE-707 Go go/dsn-injection SQL Data-source URI built from user-controlled sources CWE-707 Go go/dsn-injection-local SQL Data-source URI built from local user-controlled sources CWE-710 Go go/comparison-of-identical-expressions Comparison of identical values CWE-710 Go go/useless-assignment-to-field Useless assignment to field CWE-710 Go go/useless-assignment-to-local Useless assignment to local variable CWE-710 Go go/duplicate-branches Duplicate 'if' branches CWE-710 Go go/duplicate-condition Duplicate 'if' condition CWE-710 Go go/duplicate-switch-case Duplicate switch case CWE-710 Go go/useless-expression Expression has no effect CWE-710 Go go/impossible-interface-nil-check Impossible interface nil check CWE-710 Go go/negative-length-check Redundant check for negative value CWE-710 Go go/redundant-operation Identical operands CWE-710 Go go/redundant-assignment Self assignment CWE-710 Go go/unreachable-statement Unreachable statement CWE-710 Go go/hardcoded-credentials Hard-coded credentials CWE-710 Go go/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-710 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-754 Go go/missing-error-check Missing error check CWE-754 Go go/unhandled-writable-file-close Writable file handle closed without error handling CWE-755 Go go/stack-trace-exposure Information exposure through a stack trace CWE-770 Go go/uncontrolled-allocation-size Slice memory allocation with excessive size value CWE-783 Go go/whitespace-contradicts-precedence Whitespace contradicts operator precedence CWE-788 Go go/wrong-usage-of-unsafe Wrong usage of package unsafe CWE-798 Go go/hardcoded-credentials Hard-coded credentials CWE-798 Go go/parse-jwt-with-hardcoded-key Decoding JWT with hardcoded key CWE-807 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-834 Go go/inconsistent-loop-direction Inconsistent direction of for loop CWE-835 Go go/inconsistent-loop-direction Inconsistent direction of for loop CWE-913 Go go/unsafe-quoting Potentially unsafe quoting CWE-916 Go go/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-918 Go go/request-forgery Uncontrolled data used in network request CWE-918 Go go/ssrf Uncontrolled data used in network request CWE-922 Go go/clear-text-logging Clear-text logging of sensitive information CWE-923 Go go/insecure-hostkeycallback Use of insecure HostKeyCallback implementation CWE-923 Go go/sensitive-condition-bypass User-controlled bypassing of sensitive action CWE-942 Go go/cors-misconfiguration CORS misconfiguration CWE-943 Go go/sql-injection Database query built from user-controlled sources CWE-943 Go go/unsafe-quoting Potentially unsafe quoting CWE-943 Go go/xml/xpath-injection XPath injection CWE-943 Go go/ldap-injection LDAP query built from user-controlled sources CWE-1004 Go go/cookie-httponly-not-set Cookie 'HttpOnly' attribute is not set to true