CWE-20 Python py/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-20 Python py/untrusted-data-to-external-api Untrusted data passed to external API CWE-20 Python py/cookie-injection Construction of a cookie using user-supplied input CWE-20 Python py/incomplete-hostname-regexp Incomplete regular expression for hostnames CWE-20 Python py/incomplete-url-substring-sanitization Incomplete URL substring sanitization CWE-20 Python py/overly-large-range Overly permissive regular expression range CWE-20 Python py/bad-tag-filter Bad HTML filtering regexp CWE-22 Python py/path-injection Uncontrolled data used in path expression CWE-22 Python py/tarslip Arbitrary file write during tarfile extraction CWE-22 Python py/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-22 Python py/tarslip-extended Arbitrary file write during tarfile extraction CWE-22 Python py/unsafe-unpacking Arbitrary file write during a tarball extraction from a user controlled source CWE-23 Python py/path-injection Uncontrolled data used in path expression CWE-36 Python py/path-injection Uncontrolled data used in path expression CWE-73 Python py/path-injection Uncontrolled data used in path expression CWE-73 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-74 Python py/use-of-input 'input' function used in Python 2 CWE-74 Python py/path-injection Uncontrolled data used in path expression CWE-74 Python py/template-injection Server Side Template Injection CWE-74 Python py/command-line-injection Uncontrolled command line CWE-74 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-74 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False CWE-74 Python py/reflective-xss Reflected server-side cross-site scripting CWE-74 Python py/sql-injection SQL query built from user-controlled sources CWE-74 Python py/ldap-injection LDAP query built from user-controlled sources CWE-74 Python py/code-injection Code injection CWE-74 Python py/http-response-splitting HTTP Response Splitting CWE-74 Python py/xpath-injection XPath query built from user-controlled sources CWE-74 Python py/nosql-injection NoSQL Injection CWE-74 Python py/paramiko-command-injection Command execution on a secondary remote server CWE-74 Python py/reflective-xss-email Reflected server-side cross-site scripting CWE-74 Python py/xslt-injection XSLT query built from user-controlled sources CWE-74 Python py/js2py-rce JavaScript code execution CWE-77 Python py/command-line-injection Uncontrolled command line CWE-77 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-78 Python py/command-line-injection Uncontrolled command line CWE-78 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-79 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False CWE-79 Python py/reflective-xss Reflected server-side cross-site scripting CWE-79 Python py/http-response-splitting HTTP Response Splitting CWE-79 Python py/reflective-xss-email Reflected server-side cross-site scripting CWE-88 Python py/command-line-injection Uncontrolled command line CWE-88 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-89 Python py/sql-injection SQL query built from user-controlled sources CWE-90 Python py/ldap-injection LDAP query built from user-controlled sources CWE-91 Python py/xpath-injection XPath query built from user-controlled sources CWE-91 Python py/xslt-injection XSLT query built from user-controlled sources CWE-93 Python py/http-response-splitting HTTP Response Splitting CWE-94 Python py/use-of-input 'input' function used in Python 2 CWE-94 Python py/code-injection Code injection CWE-94 Python py/js2py-rce JavaScript code execution CWE-95 Python py/use-of-input 'input' function used in Python 2 CWE-95 Python py/code-injection Code injection CWE-99 Python py/path-injection Uncontrolled data used in path expression CWE-113 Python py/http-response-splitting HTTP Response Splitting CWE-116 Python py/reflective-xss Reflected server-side cross-site scripting CWE-116 Python py/code-injection Code injection CWE-116 Python py/bad-tag-filter Bad HTML filtering regexp CWE-116 Python py/log-injection Log Injection CWE-116 Python py/reflective-xss-email Reflected server-side cross-site scripting CWE-117 Python py/log-injection Log Injection CWE-172 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-176 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-179 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-180 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-183 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-185 Python py/bad-tag-filter Bad HTML filtering regexp CWE-186 Python py/bad-tag-filter Bad HTML filtering regexp CWE-200 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces CWE-200 Python py/stack-trace-exposure Information exposure through an exception CWE-200 Python py/flask-debug Flask app is run in debug mode CWE-200 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-200 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-200 Python py/possible-timing-attack-against-hash Timing attack against Hash CWE-200 Python py/timing-attack-against-hash Timing attack against Hash CWE-200 Python py/timing-attack-against-header-value Timing attack against header value CWE-200 Python py/possible-timing-attack-sensitive-info Timing attack against secret CWE-200 Python py/timing-attack-sensitive-info Timing attack against secret CWE-203 Python py/possible-timing-attack-against-hash Timing attack against Hash CWE-203 Python py/timing-attack-against-hash Timing attack against Hash CWE-203 Python py/timing-attack-against-header-value Timing attack against header value CWE-203 Python py/possible-timing-attack-sensitive-info Timing attack against secret CWE-203 Python py/timing-attack-sensitive-info Timing attack against secret CWE-208 Python py/possible-timing-attack-against-hash Timing attack against Hash CWE-208 Python py/timing-attack-against-hash Timing attack against Hash CWE-208 Python py/timing-attack-against-header-value Timing attack against header value CWE-208 Python py/possible-timing-attack-sensitive-info Timing attack against secret CWE-208 Python py/timing-attack-sensitive-info Timing attack against secret CWE-209 Python py/stack-trace-exposure Information exposure through an exception CWE-215 Python py/flask-debug Flask app is run in debug mode CWE-221 Python py/catch-base-exception Except block handles 'BaseException' CWE-227 Python py/equals-hash-mismatch Inconsistent equality and hashing CWE-227 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation CWE-227 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation CWE-227 Python py/super-not-enclosing-class First argument to super() is not enclosing class CWE-227 Python py/call/wrong-named-argument Wrong name for an argument in a call CWE-227 Python py/percent-format/wrong-arguments Wrong number of arguments for format CWE-227 Python py/call/wrong-arguments Wrong number of arguments in a call CWE-252 Python py/ignored-return-value Ignored return value CWE-259 Python py/hardcoded-credentials Hard-coded credentials CWE-284 Python py/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-284 Python py/overly-permissive-file Overly permissive file permissions CWE-284 Python py/hardcoded-credentials Hard-coded credentials CWE-284 Python py/flask-constant-secret-key Initializing SECRET_KEY of Flask application with Constant value CWE-284 Python py/improper-ldap-auth Improper LDAP Authentication CWE-284 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-284 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-285 Python py/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-285 Python py/overly-permissive-file Overly permissive file permissions CWE-287 Python py/hardcoded-credentials Hard-coded credentials CWE-287 Python py/flask-constant-secret-key Initializing SECRET_KEY of Flask application with Constant value CWE-287 Python py/improper-ldap-auth Improper LDAP Authentication CWE-287 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-295 Python py/paramiko-missing-host-key-validation Accepting unknown SSH host keys when using Paramiko CWE-295 Python py/request-without-cert-validation Request without certificate validation CWE-311 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-311 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-311 Python py/insecure-cookie Failure to use secure cookies CWE-312 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-312 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-315 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-321 Python py/hardcoded-credentials Hard-coded credentials CWE-326 Python py/weak-crypto-key Use of weak cryptographic key CWE-326 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-326 Python py/unknown-asymmetric-key-gen-size Unknown key generation key size CWE-326 Python py/weak-asymmetric-key-gen-size Weak key generation key size (< 2048 bits) CWE-327 Python py/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-327 Python py/insecure-default-protocol Default version of SSL/TLS may be insecure CWE-327 Python py/insecure-protocol Use of insecure SSL/TLS version CWE-327 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-327 Python py/azure-storage/unsafe-client-side-encryption-in-use Unsafe usage of v1 version of Azure Storage client-side encryption CWE-327 Python py/weak-block-mode Weak block mode CWE-327 Python py/weak-elliptic-curve Weak elliptic curve CWE-327 Python py/weak-hashes Weak hashes CWE-327 Python py/weak-symmetric-encryption Weak symmetric encryption algorithm CWE-328 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-330 Python py/hardcoded-credentials Hard-coded credentials CWE-330 Python py/insecure-randomness Insecure randomness CWE-330 Python py/predictable-token Predictable token CWE-338 Python py/insecure-randomness Insecure randomness CWE-340 Python py/predictable-token Predictable token CWE-344 Python py/hardcoded-credentials Hard-coded credentials CWE-345 Python py/csrf-protection-disabled CSRF protection weakened or disabled CWE-345 Python py/jwt-missing-verification JWT missing secret or public key verification CWE-345 Python py/ip-address-spoofing IP address spoofing CWE-347 Python py/jwt-missing-verification JWT missing secret or public key verification CWE-348 Python py/ip-address-spoofing IP address spoofing CWE-352 Python py/csrf-protection-disabled CSRF protection weakened or disabled CWE-359 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-359 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-377 Python py/insecure-temporary-file Insecure temporary file CWE-390 Python py/empty-except Empty except CWE-396 Python py/catch-base-exception Except block handles 'BaseException' CWE-398 Python py/unreachable-except Unreachable except block CWE-398 Python py/comparison-of-constants Comparison of constants CWE-398 Python py/comparison-of-identical-expressions Comparison of identical values CWE-398 Python py/comparison-missing-self Maybe missing 'self' in comparison CWE-398 Python py/redundant-comparison Redundant comparison CWE-398 Python py/duplicate-key-dict-literal Duplicate key in dict literal CWE-398 Python py/import-deprecated-module Import of deprecated module CWE-398 Python py/constant-conditional-expression Constant in conditional expression or statement CWE-398 Python py/redundant-assignment Redundant assignment CWE-398 Python py/ineffectual-statement Statement has no effect CWE-398 Python py/unreachable-statement Unreachable code CWE-398 Python py/multiple-definition Variable defined multiple times CWE-398 Python py/unused-local-variable Unused local variable CWE-398 Python py/unused-global-variable Unused global variable CWE-400 Python py/file-not-closed File is not always closed CWE-400 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-400 Python py/redos Inefficient regular expression CWE-400 Python py/regex-injection Regular expression injection CWE-400 Python py/xml-bomb XML internal entity expansion CWE-400 Python py/unicode-dos Denial of Service using Unicode Characters CWE-404 Python py/file-not-closed File is not always closed CWE-405 Python py/xml-bomb XML internal entity expansion CWE-405 Python py/decompression-bomb Decompression Bomb CWE-405 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-409 Python py/xml-bomb XML internal entity expansion CWE-409 Python py/decompression-bomb Decompression Bomb CWE-409 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-441 Python py/full-ssrf Full server-side request forgery CWE-441 Python py/partial-ssrf Partial server-side request forgery CWE-477 Python py/import-deprecated-module Import of deprecated module CWE-485 Python py/flask-debug Flask app is run in debug mode CWE-489 Python py/flask-debug Flask app is run in debug mode CWE-497 Python py/stack-trace-exposure Information exposure through an exception CWE-502 Python py/unsafe-deserialization Deserialization of user-controlled data CWE-522 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-523 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-532 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-538 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-552 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-561 Python py/unreachable-except Unreachable except block CWE-561 Python py/comparison-of-constants Comparison of constants CWE-561 Python py/comparison-of-identical-expressions Comparison of identical values CWE-561 Python py/comparison-missing-self Maybe missing 'self' in comparison CWE-561 Python py/redundant-comparison Redundant comparison CWE-561 Python py/duplicate-key-dict-literal Duplicate key in dict literal CWE-561 Python py/constant-conditional-expression Constant in conditional expression or statement CWE-561 Python py/ineffectual-statement Statement has no effect CWE-561 Python py/unreachable-statement Unreachable code CWE-563 Python py/redundant-assignment Redundant assignment CWE-563 Python py/multiple-definition Variable defined multiple times CWE-563 Python py/unused-local-variable Unused local variable CWE-563 Python py/unused-global-variable Unused global variable CWE-570 Python py/comparison-of-constants Comparison of constants CWE-570 Python py/comparison-of-identical-expressions Comparison of identical values CWE-570 Python py/comparison-missing-self Maybe missing 'self' in comparison CWE-570 Python py/redundant-comparison Redundant comparison CWE-570 Python py/constant-conditional-expression Constant in conditional expression or statement CWE-571 Python py/comparison-of-constants Comparison of constants CWE-571 Python py/comparison-of-identical-expressions Comparison of identical values CWE-571 Python py/comparison-missing-self Maybe missing 'self' in comparison CWE-571 Python py/redundant-comparison Redundant comparison CWE-571 Python py/constant-conditional-expression Constant in conditional expression or statement CWE-573 Python py/equals-hash-mismatch Inconsistent equality and hashing CWE-573 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation CWE-573 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation CWE-573 Python py/super-not-enclosing-class First argument to super() is not enclosing class CWE-573 Python py/call/wrong-named-argument Wrong name for an argument in a call CWE-573 Python py/percent-format/wrong-arguments Wrong number of arguments for format CWE-573 Python py/call/wrong-arguments Wrong number of arguments in a call CWE-581 Python py/equals-hash-mismatch Inconsistent equality and hashing CWE-584 Python py/exit-from-finally 'break' or 'return' statement in finally CWE-601 Python py/url-redirection URL redirection from remote source CWE-610 Python py/path-injection Uncontrolled data used in path expression CWE-610 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-610 Python py/url-redirection URL redirection from remote source CWE-610 Python py/xxe XML external entity expansion CWE-610 Python py/full-ssrf Full server-side request forgery CWE-610 Python py/partial-ssrf Partial server-side request forgery CWE-611 Python py/xxe XML external entity expansion CWE-614 Python py/insecure-cookie Failure to use secure cookies CWE-628 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation CWE-628 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation CWE-628 Python py/super-not-enclosing-class First argument to super() is not enclosing class CWE-628 Python py/call/wrong-named-argument Wrong name for an argument in a call CWE-628 Python py/percent-format/wrong-arguments Wrong number of arguments for format CWE-628 Python py/call/wrong-arguments Wrong number of arguments in a call CWE-642 Python py/path-injection Uncontrolled data used in path expression CWE-642 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-643 Python py/xpath-injection XPath query built from user-controlled sources CWE-643 Python py/xslt-injection XSLT query built from user-controlled sources CWE-657 Python py/hardcoded-credentials Hard-coded credentials CWE-664 Python py/catch-base-exception Except block handles 'BaseException' CWE-664 Python py/implicit-string-concatenation-in-list Implicit string concatenation in a list CWE-664 Python py/use-of-input 'input' function used in Python 2 CWE-664 Python py/file-not-closed File is not always closed CWE-664 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces CWE-664 Python py/path-injection Uncontrolled data used in path expression CWE-664 Python py/tarslip Arbitrary file write during tarfile extraction CWE-664 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-664 Python py/code-injection Code injection CWE-664 Python py/stack-trace-exposure Information exposure through an exception CWE-664 Python py/flask-debug Flask app is run in debug mode CWE-664 Python py/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-664 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-664 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-664 Python py/insecure-temporary-file Insecure temporary file CWE-664 Python py/unsafe-deserialization Deserialization of user-controlled data CWE-664 Python py/url-redirection URL redirection from remote source CWE-664 Python py/xxe XML external entity expansion CWE-664 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-664 Python py/redos Inefficient regular expression CWE-664 Python py/regex-injection Regular expression injection CWE-664 Python py/overly-permissive-file Overly permissive file permissions CWE-664 Python py/xml-bomb XML internal entity expansion CWE-664 Python py/hardcoded-credentials Hard-coded credentials CWE-664 Python py/full-ssrf Full server-side request forgery CWE-664 Python py/partial-ssrf Partial server-side request forgery CWE-664 Python py/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-664 Python py/tarslip-extended Arbitrary file write during tarfile extraction CWE-664 Python py/unsafe-unpacking Arbitrary file write during a tarball extraction from a user controlled source CWE-664 Python py/js2py-rce JavaScript code execution CWE-664 Python py/possible-timing-attack-against-hash Timing attack against Hash CWE-664 Python py/timing-attack-against-hash Timing attack against Hash CWE-664 Python py/timing-attack-against-header-value Timing attack against header value CWE-664 Python py/possible-timing-attack-sensitive-info Timing attack against secret CWE-664 Python py/timing-attack-sensitive-info Timing attack against secret CWE-664 Python py/flask-constant-secret-key Initializing SECRET_KEY of Flask application with Constant value CWE-664 Python py/improper-ldap-auth Improper LDAP Authentication CWE-664 Python py/decompression-bomb Decompression Bomb CWE-664 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-664 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-664 Python py/unicode-dos Denial of Service using Unicode Characters CWE-664 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-665 Python py/implicit-string-concatenation-in-list Implicit string concatenation in a list CWE-665 Python py/unicode-dos Denial of Service using Unicode Characters CWE-668 Python py/bind-socket-all-network-interfaces Binding a socket to all network interfaces CWE-668 Python py/path-injection Uncontrolled data used in path expression CWE-668 Python py/tarslip Arbitrary file write during tarfile extraction CWE-668 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-668 Python py/stack-trace-exposure Information exposure through an exception CWE-668 Python py/flask-debug Flask app is run in debug mode CWE-668 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-668 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-668 Python py/insecure-temporary-file Insecure temporary file CWE-668 Python py/overly-permissive-file Overly permissive file permissions CWE-668 Python py/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-668 Python py/tarslip-extended Arbitrary file write during tarfile extraction CWE-668 Python py/unsafe-unpacking Arbitrary file write during a tarball extraction from a user controlled source CWE-668 Python py/possible-timing-attack-against-hash Timing attack against Hash CWE-668 Python py/timing-attack-against-hash Timing attack against Hash CWE-668 Python py/timing-attack-against-header-value Timing attack against header value CWE-668 Python py/possible-timing-attack-sensitive-info Timing attack against secret CWE-668 Python py/timing-attack-sensitive-info Timing attack against secret CWE-668 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-668 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-669 Python py/xxe XML external entity expansion CWE-670 Python py/asserts-tuple Asserting a tuple CWE-671 Python py/hardcoded-credentials Hard-coded credentials CWE-674 Python py/xml-bomb XML internal entity expansion CWE-674 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-685 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation CWE-685 Python py/percent-format/wrong-arguments Wrong number of arguments for format CWE-685 Python py/call/wrong-arguments Wrong number of arguments in a call CWE-687 Python py/super-not-enclosing-class First argument to super() is not enclosing class CWE-691 Python py/catch-base-exception Except block handles 'BaseException' CWE-691 Python py/use-of-input 'input' function used in Python 2 CWE-691 Python py/code-injection Code injection CWE-691 Python py/xml-bomb XML internal entity expansion CWE-691 Python py/asserts-tuple Asserting a tuple CWE-691 Python py/exit-from-finally 'break' or 'return' statement in finally CWE-691 Python py/js2py-rce JavaScript code execution CWE-691 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-691 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-693 Python py/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data CWE-693 Python py/untrusted-data-to-external-api Untrusted data passed to external API CWE-693 Python py/cookie-injection Construction of a cookie using user-supplied input CWE-693 Python py/incomplete-hostname-regexp Incomplete regular expression for hostnames CWE-693 Python py/incomplete-url-substring-sanitization Incomplete URL substring sanitization CWE-693 Python py/overly-large-range Overly permissive regular expression range CWE-693 Python py/bad-tag-filter Bad HTML filtering regexp CWE-693 Python py/pam-auth-bypass PAM authorization bypass due to incorrect usage CWE-693 Python py/paramiko-missing-host-key-validation Accepting unknown SSH host keys when using Paramiko CWE-693 Python py/request-without-cert-validation Request without certificate validation CWE-693 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-693 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-693 Python py/weak-crypto-key Use of weak cryptographic key CWE-693 Python py/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm CWE-693 Python py/insecure-default-protocol Default version of SSL/TLS may be insecure CWE-693 Python py/insecure-protocol Use of insecure SSL/TLS version CWE-693 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-693 Python py/csrf-protection-disabled CSRF protection weakened or disabled CWE-693 Python py/insecure-cookie Failure to use secure cookies CWE-693 Python py/overly-permissive-file Overly permissive file permissions CWE-693 Python py/hardcoded-credentials Hard-coded credentials CWE-693 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-693 Python py/flask-constant-secret-key Initializing SECRET_KEY of Flask application with Constant value CWE-693 Python py/improper-ldap-auth Improper LDAP Authentication CWE-693 Python py/azure-storage/unsafe-client-side-encryption-in-use Unsafe usage of v1 version of Azure Storage client-side encryption CWE-693 Python py/jwt-missing-verification JWT missing secret or public key verification CWE-693 Python py/ip-address-spoofing IP address spoofing CWE-693 Python py/insecure-ldap-auth Python Insecure LDAP Authentication CWE-693 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-693 Python py/unknown-asymmetric-key-gen-size Unknown key generation key size CWE-693 Python py/weak-asymmetric-key-gen-size Weak key generation key size (< 2048 bits) CWE-693 Python py/weak-block-mode Weak block mode CWE-693 Python py/weak-elliptic-curve Weak elliptic curve CWE-693 Python py/weak-hashes Weak hashes CWE-693 Python py/weak-symmetric-encryption Weak symmetric encryption algorithm CWE-696 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-697 Python py/bad-tag-filter Bad HTML filtering regexp CWE-697 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-703 Python py/catch-base-exception Except block handles 'BaseException' CWE-703 Python py/empty-except Empty except CWE-703 Python py/ignored-return-value Ignored return value CWE-703 Python py/stack-trace-exposure Information exposure through an exception CWE-705 Python py/catch-base-exception Except block handles 'BaseException' CWE-705 Python py/exit-from-finally 'break' or 'return' statement in finally CWE-706 Python py/path-injection Uncontrolled data used in path expression CWE-706 Python py/tarslip Arbitrary file write during tarfile extraction CWE-706 Python py/xxe XML external entity expansion CWE-706 Python py/zipslip Arbitrary file access during archive extraction ("Zip Slip") CWE-706 Python py/tarslip-extended Arbitrary file write during tarfile extraction CWE-706 Python py/unsafe-unpacking Arbitrary file write during a tarball extraction from a user controlled source CWE-707 Python py/use-of-input 'input' function used in Python 2 CWE-707 Python py/path-injection Uncontrolled data used in path expression CWE-707 Python py/template-injection Server Side Template Injection CWE-707 Python py/command-line-injection Uncontrolled command line CWE-707 Python py/shell-command-constructed-from-input Unsafe shell command constructed from library input CWE-707 Python py/jinja2/autoescape-false Jinja2 templating with autoescape=False CWE-707 Python py/reflective-xss Reflected server-side cross-site scripting CWE-707 Python py/sql-injection SQL query built from user-controlled sources CWE-707 Python py/ldap-injection LDAP query built from user-controlled sources CWE-707 Python py/code-injection Code injection CWE-707 Python py/http-response-splitting HTTP Response Splitting CWE-707 Python py/bad-tag-filter Bad HTML filtering regexp CWE-707 Python py/log-injection Log Injection CWE-707 Python py/xpath-injection XPath query built from user-controlled sources CWE-707 Python py/nosql-injection NoSQL Injection CWE-707 Python py/paramiko-command-injection Command execution on a secondary remote server CWE-707 Python py/reflective-xss-email Reflected server-side cross-site scripting CWE-707 Python py/xslt-injection XSLT query built from user-controlled sources CWE-707 Python py/js2py-rce JavaScript code execution CWE-707 Python py/unicode-bypass-validation Bypass Logical Validation Using Unicode Characters CWE-710 Python py/equals-hash-mismatch Inconsistent equality and hashing CWE-710 Python py/call/wrong-named-class-argument Wrong name for an argument in a class instantiation CWE-710 Python py/call/wrong-number-class-arguments Wrong number of arguments in a class instantiation CWE-710 Python py/unreachable-except Unreachable except block CWE-710 Python py/super-not-enclosing-class First argument to super() is not enclosing class CWE-710 Python py/comparison-of-constants Comparison of constants CWE-710 Python py/comparison-of-identical-expressions Comparison of identical values CWE-710 Python py/comparison-missing-self Maybe missing 'self' in comparison CWE-710 Python py/redundant-comparison Redundant comparison CWE-710 Python py/duplicate-key-dict-literal Duplicate key in dict literal CWE-710 Python py/call/wrong-named-argument Wrong name for an argument in a call CWE-710 Python py/percent-format/wrong-arguments Wrong number of arguments for format CWE-710 Python py/call/wrong-arguments Wrong number of arguments in a call CWE-710 Python py/import-deprecated-module Import of deprecated module CWE-710 Python py/hardcoded-credentials Hard-coded credentials CWE-710 Python py/constant-conditional-expression Constant in conditional expression or statement CWE-710 Python py/redundant-assignment Redundant assignment CWE-710 Python py/ineffectual-statement Statement has no effect CWE-710 Python py/unreachable-statement Unreachable code CWE-710 Python py/multiple-definition Variable defined multiple times CWE-710 Python py/unused-local-variable Unused local variable CWE-710 Python py/unused-global-variable Unused global variable CWE-732 Python py/overly-permissive-file Overly permissive file permissions CWE-754 Python py/ignored-return-value Ignored return value CWE-755 Python py/catch-base-exception Except block handles 'BaseException' CWE-755 Python py/empty-except Empty except CWE-755 Python py/stack-trace-exposure Information exposure through an exception CWE-770 Python py/unicode-dos Denial of Service using Unicode Characters CWE-772 Python py/file-not-closed File is not always closed CWE-776 Python py/xml-bomb XML internal entity expansion CWE-776 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-798 Python py/hardcoded-credentials Hard-coded credentials CWE-827 Python py/xxe XML external entity expansion CWE-829 Python py/xxe XML external entity expansion CWE-834 Python py/xml-bomb XML internal entity expansion CWE-834 Python py/simple-xml-rpc-server-dos SimpleXMLRPCServer denial of service CWE-913 Python py/use-of-input 'input' function used in Python 2 CWE-913 Python py/code-injection Code injection CWE-913 Python py/unsafe-deserialization Deserialization of user-controlled data CWE-913 Python py/js2py-rce JavaScript code execution CWE-916 Python py/weak-sensitive-data-hashing Use of a broken or weak cryptographic hashing algorithm on sensitive data CWE-918 Python py/full-ssrf Full server-side request forgery CWE-918 Python py/partial-ssrf Partial server-side request forgery CWE-922 Python py/clear-text-logging-sensitive-data Clear-text logging of sensitive information CWE-922 Python py/clear-text-storage-sensitive-data Clear-text storage of sensitive information CWE-942 Python py/cors-misconfiguration-with-credentials Cors misconfiguration with credentials CWE-943 Python py/sql-injection SQL query built from user-controlled sources CWE-943 Python py/ldap-injection LDAP query built from user-controlled sources CWE-943 Python py/xpath-injection XPath query built from user-controlled sources CWE-943 Python py/nosql-injection NoSQL Injection CWE-943 Python py/xslt-injection XSLT query built from user-controlled sources CWE-1004 Python py/client-exposed-cookie Sensitive cookie missing HttpOnly attribute CWE-1236 Python py/csv-injection Csv Injection CWE-1275 Python py/samesite-none-cookie Sensitive cookie with SameSite attribute set to None CWE-1333 Python py/polynomial-redos Polynomial regular expression used on uncontrolled data CWE-1333 Python py/redos Inefficient regular expression CWE-1427 Python py/prompt-injection Prompt injection