Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
CodeQL documentation
CodeQL resources

CWE coverage for JavaScript and TypeScript

An overview of CWE coverage for JavaScript and TypeScript in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE-20 JavaScript/TypeScript js/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE-20 JavaScript/TypeScript js/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE-20 JavaScript/TypeScript js/incomplete-url-scheme-check Incomplete URL scheme check
CWE-20 JavaScript/TypeScript js/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE-20 JavaScript/TypeScript js/incorrect-suffix-check Incorrect suffix check
CWE-20 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-20 JavaScript/TypeScript js/regex/missing-regexp-anchor Missing regular expression anchor
CWE-20 JavaScript/TypeScript js/overly-large-range Overly permissive regular expression range
CWE-20 JavaScript/TypeScript js/untrusted-data-to-external-api Untrusted data passed to external API
CWE-20 JavaScript/TypeScript js/useless-regexp-character-escape Useless regular-expression character escape
CWE-20 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-20 JavaScript/TypeScript js/double-escaping Double escaping or unescaping
CWE-20 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-20 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-20 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-20 JavaScript/TypeScript js/untrusted-data-to-external-api-more-sources Untrusted data passed to external API with additional heuristic sources
CWE-22 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-22 JavaScript/TypeScript js/zipslip Arbitrary file access during archive extraction ("Zip Slip")
CWE-23 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-36 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-73 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-73 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-74 JavaScript/TypeScript js/disabling-electron-websecurity Disabling Electron webSecurity
CWE-74 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-74 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-74 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-74 JavaScript/TypeScript js/command-line-injection Uncontrolled command line
CWE-74 JavaScript/TypeScript js/indirect-command-line-injection Indirect uncontrolled command line
CWE-74 JavaScript/TypeScript js/second-order-command-line-injection Second order command injection
CWE-74 JavaScript/TypeScript js/shell-command-injection-from-environment Shell command built from environment values
CWE-74 JavaScript/TypeScript js/shell-command-constructed-from-input Unsafe shell command constructed from library input
CWE-74 JavaScript/TypeScript js/unnecessary-use-of-cat Unnecessary use of cat process
CWE-74 JavaScript/TypeScript js/xss-through-exception Exception text reinterpreted as HTML
CWE-74 JavaScript/TypeScript js/reflected-xss Reflected cross-site scripting
CWE-74 JavaScript/TypeScript js/stored-xss Stored cross-site scripting
CWE-74 JavaScript/TypeScript js/html-constructed-from-input Unsafe HTML constructed from library input
CWE-74 JavaScript/TypeScript js/unsafe-jquery-plugin Unsafe jQuery plugin
CWE-74 JavaScript/TypeScript js/xss Client-side cross-site scripting
CWE-74 JavaScript/TypeScript js/xss-through-dom DOM text reinterpreted as HTML
CWE-74 JavaScript/TypeScript js/sql-injection Database query built from user-controlled sources
CWE-74 JavaScript/TypeScript js/code-injection Code injection
CWE-74 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-74 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-74 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-74 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-74 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-74 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-74 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-74 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-74 JavaScript/TypeScript js/unsafe-html-expansion Unsafe expansion of self-closing HTML tag
CWE-74 JavaScript/TypeScript js/tainted-format-string Use of externally-controlled format string
CWE-74 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-74 JavaScript/TypeScript js/xpath-injection XPath injection
CWE-74 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-74 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-74 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-74 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-74 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-74 JavaScript/TypeScript js/env-key-and-value-injection User controlled arbitrary environment variable injection
CWE-74 JavaScript/TypeScript js/env-value-injection User controlled environment variable value injection
CWE-74 JavaScript/TypeScript js/command-line-injection-more-sources Uncontrolled command line with additional heuristic sources
CWE-74 JavaScript/TypeScript js/xss-more-sources Client-side cross-site scripting with additional heuristic sources
CWE-74 JavaScript/TypeScript js/sql-injection-more-sources Database query built from user-controlled sources with additional heuristic sources
CWE-74 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-74 JavaScript/TypeScript js/tainted-format-string-more-sources Use of externally-controlled format string with additional heuristic sources
CWE-74 JavaScript/TypeScript js/xpath-injection-more-sources XPath injection with additional heuristic sources
CWE-74 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-77 JavaScript/TypeScript js/command-line-injection Uncontrolled command line
CWE-77 JavaScript/TypeScript js/indirect-command-line-injection Indirect uncontrolled command line
CWE-77 JavaScript/TypeScript js/second-order-command-line-injection Second order command injection
CWE-77 JavaScript/TypeScript js/shell-command-injection-from-environment Shell command built from environment values
CWE-77 JavaScript/TypeScript js/shell-command-constructed-from-input Unsafe shell command constructed from library input
CWE-77 JavaScript/TypeScript js/unnecessary-use-of-cat Unnecessary use of cat process
CWE-77 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-77 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-77 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-77 JavaScript/TypeScript js/command-line-injection-more-sources Uncontrolled command line with additional heuristic sources
CWE-77 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-78 JavaScript/TypeScript js/command-line-injection Uncontrolled command line
CWE-78 JavaScript/TypeScript js/indirect-command-line-injection Indirect uncontrolled command line
CWE-78 JavaScript/TypeScript js/second-order-command-line-injection Second order command injection
CWE-78 JavaScript/TypeScript js/shell-command-injection-from-environment Shell command built from environment values
CWE-78 JavaScript/TypeScript js/shell-command-constructed-from-input Unsafe shell command constructed from library input
CWE-78 JavaScript/TypeScript js/unnecessary-use-of-cat Unnecessary use of cat process
CWE-78 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-78 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-78 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-78 JavaScript/TypeScript js/command-line-injection-more-sources Uncontrolled command line with additional heuristic sources
CWE-78 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-79 JavaScript/TypeScript js/disabling-electron-websecurity Disabling Electron webSecurity
CWE-79 JavaScript/TypeScript js/xss-through-exception Exception text reinterpreted as HTML
CWE-79 JavaScript/TypeScript js/reflected-xss Reflected cross-site scripting
CWE-79 JavaScript/TypeScript js/stored-xss Stored cross-site scripting
CWE-79 JavaScript/TypeScript js/html-constructed-from-input Unsafe HTML constructed from library input
CWE-79 JavaScript/TypeScript js/unsafe-jquery-plugin Unsafe jQuery plugin
CWE-79 JavaScript/TypeScript js/xss Client-side cross-site scripting
CWE-79 JavaScript/TypeScript js/xss-through-dom DOM text reinterpreted as HTML
CWE-79 JavaScript/TypeScript js/code-injection Code injection
CWE-79 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-79 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-79 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-79 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-79 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-79 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-79 JavaScript/TypeScript js/unsafe-html-expansion Unsafe expansion of self-closing HTML tag
CWE-79 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-79 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-79 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-79 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-79 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-79 JavaScript/TypeScript js/xss-more-sources Client-side cross-site scripting with additional heuristic sources
CWE-79 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-79 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-80 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-80 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-80 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-88 JavaScript/TypeScript js/command-line-injection Uncontrolled command line
CWE-88 JavaScript/TypeScript js/indirect-command-line-injection Indirect uncontrolled command line
CWE-88 JavaScript/TypeScript js/second-order-command-line-injection Second order command injection
CWE-88 JavaScript/TypeScript js/shell-command-injection-from-environment Shell command built from environment values
CWE-88 JavaScript/TypeScript js/shell-command-constructed-from-input Unsafe shell command constructed from library input
CWE-88 JavaScript/TypeScript js/command-line-injection-more-sources Uncontrolled command line with additional heuristic sources
CWE-89 JavaScript/TypeScript js/sql-injection Database query built from user-controlled sources
CWE-89 JavaScript/TypeScript js/env-key-and-value-injection User controlled arbitrary environment variable injection
CWE-89 JavaScript/TypeScript js/env-value-injection User controlled environment variable value injection
CWE-89 JavaScript/TypeScript js/sql-injection-more-sources Database query built from user-controlled sources with additional heuristic sources
CWE-90 JavaScript/TypeScript js/sql-injection Database query built from user-controlled sources
CWE-90 JavaScript/TypeScript js/sql-injection-more-sources Database query built from user-controlled sources with additional heuristic sources
CWE-91 JavaScript/TypeScript js/xpath-injection XPath injection
CWE-91 JavaScript/TypeScript js/xpath-injection-more-sources XPath injection with additional heuristic sources
CWE-94 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-94 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-94 JavaScript/TypeScript js/code-injection Code injection
CWE-94 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-94 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-94 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-94 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-94 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-94 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-94 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-94 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-94 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-94 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-94 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-95 JavaScript/TypeScript js/code-injection Code injection
CWE-95 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-95 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-99 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-116 JavaScript/TypeScript js/angular/disabling-sce Disabling SCE
CWE-116 JavaScript/TypeScript js/identity-replacement Replacement of a substring with itself
CWE-116 JavaScript/TypeScript js/xss-through-exception Exception text reinterpreted as HTML
CWE-116 JavaScript/TypeScript js/reflected-xss Reflected cross-site scripting
CWE-116 JavaScript/TypeScript js/stored-xss Stored cross-site scripting
CWE-116 JavaScript/TypeScript js/html-constructed-from-input Unsafe HTML constructed from library input
CWE-116 JavaScript/TypeScript js/unsafe-jquery-plugin Unsafe jQuery plugin
CWE-116 JavaScript/TypeScript js/xss Client-side cross-site scripting
CWE-116 JavaScript/TypeScript js/xss-through-dom DOM text reinterpreted as HTML
CWE-116 JavaScript/TypeScript js/code-injection Code injection
CWE-116 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-116 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-116 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-116 JavaScript/TypeScript js/double-escaping Double escaping or unescaping
CWE-116 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-116 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-116 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-116 JavaScript/TypeScript js/unsafe-html-expansion Unsafe expansion of self-closing HTML tag
CWE-116 JavaScript/TypeScript js/log-injection Log injection
CWE-116 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-116 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-116 JavaScript/TypeScript js/xss-more-sources Client-side cross-site scripting with additional heuristic sources
CWE-116 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-116 JavaScript/TypeScript js/log-injection-more-sources Log injection with additional heuristic sources
CWE-117 JavaScript/TypeScript js/log-injection Log injection
CWE-117 JavaScript/TypeScript js/log-injection-more-sources Log injection with additional heuristic sources
CWE-134 JavaScript/TypeScript js/tainted-format-string Use of externally-controlled format string
CWE-134 JavaScript/TypeScript js/tainted-format-string-more-sources Use of externally-controlled format string with additional heuristic sources
CWE-178 JavaScript/TypeScript js/case-sensitive-middleware-path Case-sensitive middleware path
CWE-183 JavaScript/TypeScript js/angular/insecure-url-whitelist Insecure URL whitelist
CWE-183 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-183 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-183 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-184 JavaScript/TypeScript js/incomplete-url-scheme-check Incomplete URL scheme check
CWE-184 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-185 JavaScript/TypeScript js/angular/insecure-url-whitelist Insecure URL whitelist
CWE-185 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-186 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-193 JavaScript/TypeScript js/index-out-of-bounds Off-by-one comparison against length
CWE-197 JavaScript/TypeScript js/shift-out-of-range Shift out of range
CWE-200 JavaScript/TypeScript js/unsafe-external-link Potentially unsafe external link
CWE-200 JavaScript/TypeScript js/file-access-to-http File data in outbound network request
CWE-200 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-200 JavaScript/TypeScript js/cross-window-information-leak Cross-window communication with unrestricted target origin
CWE-200 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-200 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-200 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-200 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-200 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-200 JavaScript/TypeScript js/sensitive-get-query Sensitive data read from GET request
CWE-201 JavaScript/TypeScript js/cross-window-information-leak Cross-window communication with unrestricted target origin
CWE-209 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-216 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-219 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-221 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-227 JavaScript/TypeScript js/superfluous-trailing-arguments Superfluous trailing arguments
CWE-227 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-248 JavaScript/TypeScript js/server-crash Server crash
CWE-250 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-250 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-256 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-258 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-259 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-260 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-260 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-269 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-269 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-284 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-284 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-284 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-284 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-284 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-284 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-284 JavaScript/TypeScript js/session-fixation Failure to abandon session
CWE-284 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-284 JavaScript/TypeScript js/host-header-forgery-in-email-generation Host header poisoning in email generation
CWE-284 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-284 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-284 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-284 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-284 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-284 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-284 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-284 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-284 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-284 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-285 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-285 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-285 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-285 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-287 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-287 JavaScript/TypeScript js/session-fixation Failure to abandon session
CWE-287 JavaScript/TypeScript js/host-header-forgery-in-email-generation Host header poisoning in email generation
CWE-287 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-287 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-287 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-287 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-287 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-287 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-287 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-290 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-290 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-290 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-295 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-297 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-300 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-307 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-311 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-311 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-311 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-311 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-311 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-311 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-311 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-312 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-312 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-312 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-312 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-312 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-312 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-313 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-315 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-315 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-315 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-319 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-319 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-321 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-326 JavaScript/TypeScript js/insufficient-key-size Use of a weak cryptographic key
CWE-326 JavaScript/TypeScript js/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE-327 JavaScript/TypeScript js/biased-cryptographic-random Creating biased random numbers from a cryptographically secure source
CWE-327 JavaScript/TypeScript js/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE-327 JavaScript/TypeScript js/insufficient-password-hash Use of password hash with insufficient computational effort
CWE-328 JavaScript/TypeScript js/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE-330 JavaScript/TypeScript js/insecure-randomness Insecure randomness
CWE-330 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-330 JavaScript/TypeScript js/predictable-token Predictable token
CWE-338 JavaScript/TypeScript js/insecure-randomness Insecure randomness
CWE-340 JavaScript/TypeScript js/predictable-token Predictable token
CWE-344 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-345 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-345 JavaScript/TypeScript js/jwt-missing-verification JWT missing secret or public key verification
CWE-345 JavaScript/TypeScript js/missing-token-validation Missing CSRF middleware
CWE-345 JavaScript/TypeScript js/decode-jwt-without-verification JWT missing secret or public key verification
CWE-345 JavaScript/TypeScript js/decode-jwt-without-verification-local-source JWT missing secret or public key verification
CWE-345 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-346 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-346 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-347 JavaScript/TypeScript js/jwt-missing-verification JWT missing secret or public key verification
CWE-347 JavaScript/TypeScript js/decode-jwt-without-verification JWT missing secret or public key verification
CWE-347 JavaScript/TypeScript js/decode-jwt-without-verification-local-source JWT missing secret or public key verification
CWE-352 JavaScript/TypeScript js/missing-token-validation Missing CSRF middleware
CWE-359 JavaScript/TypeScript js/cross-window-information-leak Cross-window communication with unrestricted target origin
CWE-359 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-359 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-359 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-359 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-362 JavaScript/TypeScript js/file-system-race Potential file system race condition
CWE-367 JavaScript/TypeScript js/file-system-race Potential file system race condition
CWE-377 JavaScript/TypeScript js/insecure-temporary-file Insecure temporary file
CWE-378 JavaScript/TypeScript js/insecure-temporary-file Insecure temporary file
CWE-384 JavaScript/TypeScript js/session-fixation Failure to abandon session
CWE-398 JavaScript/TypeScript js/todo-comment TODO comment
CWE-398 JavaScript/TypeScript js/eval-like-call Call to eval-like DOM function
CWE-398 JavaScript/TypeScript js/variable-initialization-conflict Conflicting variable initialization
CWE-398 JavaScript/TypeScript js/function-declaration-conflict Conflicting function declarations
CWE-398 JavaScript/TypeScript js/useless-assignment-to-global Useless assignment to global variable
CWE-398 JavaScript/TypeScript js/useless-assignment-to-local Useless assignment to local variable
CWE-398 JavaScript/TypeScript js/overwritten-property Overwritten property
CWE-398 JavaScript/TypeScript js/comparison-of-identical-expressions Comparison of identical values
CWE-398 JavaScript/TypeScript js/comparison-with-nan Comparison with NaN
CWE-398 JavaScript/TypeScript js/duplicate-condition Duplicate 'if' condition
CWE-398 JavaScript/TypeScript js/duplicate-property Duplicate property
CWE-398 JavaScript/TypeScript js/duplicate-switch-case Duplicate switch case
CWE-398 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-398 JavaScript/TypeScript js/comparison-between-incompatible-types Comparison between inconvertible types
CWE-398 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-398 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-398 JavaScript/TypeScript js/call-to-non-callable Invocation of non-function
CWE-398 JavaScript/TypeScript js/property-access-on-non-object Property access on null or undefined
CWE-398 JavaScript/TypeScript js/unneeded-defensive-code Unneeded defensive code
CWE-398 JavaScript/TypeScript js/useless-type-test Useless type test
CWE-398 JavaScript/TypeScript js/eval-call Use of eval
CWE-398 JavaScript/TypeScript js/node/assignment-to-exports-variable Assignment to exports variable
CWE-398 JavaScript/TypeScript js/regex/unmatchable-caret Unmatchable caret in regular expression
CWE-398 JavaScript/TypeScript js/regex/unmatchable-dollar Unmatchable dollar in regular expression
CWE-398 JavaScript/TypeScript js/useless-assignment-in-return Return statement assigns local variable
CWE-398 JavaScript/TypeScript js/unreachable-statement Unreachable statement
CWE-398 JavaScript/TypeScript js/trivial-conditional Useless conditional
CWE-400 JavaScript/TypeScript js/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE-400 JavaScript/TypeScript js/redos Inefficient regular expression
CWE-400 JavaScript/TypeScript js/resource-exhaustion-from-deep-object-traversal Resources exhaustion from deep object traversal
CWE-400 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-400 JavaScript/TypeScript js/regex-injection Regular expression injection
CWE-400 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-400 JavaScript/TypeScript js/resource-exhaustion Resource exhaustion
CWE-400 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-400 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-400 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-400 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-400 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-400 JavaScript/TypeScript js/regex-injection-more-sources Regular expression injection with additional heuristic sources
CWE-400 JavaScript/TypeScript js/resource-exhaustion-more-sources Resource exhaustion with additional heuristic sources
CWE-400 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-400 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-405 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-405 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-409 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-409 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-434 JavaScript/TypeScript js/http-to-file-access Network data written to file
CWE-435 JavaScript/TypeScript js/insecure-http-parser Insecure http parser
CWE-436 JavaScript/TypeScript js/insecure-http-parser Insecure http parser
CWE-441 JavaScript/TypeScript js/client-side-request-forgery Client-side request forgery
CWE-441 JavaScript/TypeScript js/request-forgery Server-side request forgery
CWE-441 JavaScript/TypeScript javascript/ssrf Uncontrolled data used in network request
CWE-444 JavaScript/TypeScript js/insecure-http-parser Insecure http parser
CWE-451 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-471 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-471 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-471 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-471 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-476 JavaScript/TypeScript js/call-to-non-callable Invocation of non-function
CWE-476 JavaScript/TypeScript js/property-access-on-non-object Property access on null or undefined
CWE-480 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-480 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-480 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-480 JavaScript/TypeScript js/deletion-of-non-property Deleting non-property
CWE-483 JavaScript/TypeScript js/misleading-indentation-of-dangling-else Misleading indentation of dangling 'else'
CWE-483 JavaScript/TypeScript js/misleading-indentation-after-control-statement Misleading indentation after control statement
CWE-485 JavaScript/TypeScript js/alert-call Invocation of alert
CWE-485 JavaScript/TypeScript js/debugger-statement Use of debugger statement
CWE-485 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-489 JavaScript/TypeScript js/alert-call Invocation of alert
CWE-489 JavaScript/TypeScript js/debugger-statement Use of debugger statement
CWE-494 JavaScript/TypeScript js/enabling-electron-insecure-content Enabling Electron allowRunningInsecureContent
CWE-494 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-497 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-502 JavaScript/TypeScript js/unsafe-deserialization Deserialization of user-controlled data
CWE-502 JavaScript/TypeScript js/unsafe-deserialization-more-sources Deserialization of user-controlled data with additional heuristic sources
CWE-506 JavaScript/TypeScript js/hardcoded-data-interpreted-as-code Hard-coded data interpreted as code
CWE-521 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-522 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-522 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-522 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-532 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-538 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-538 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-546 JavaScript/TypeScript js/todo-comment TODO comment
CWE-548 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-552 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-552 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-561 JavaScript/TypeScript js/comparison-of-identical-expressions Comparison of identical values
CWE-561 JavaScript/TypeScript js/comparison-with-nan Comparison with NaN
CWE-561 JavaScript/TypeScript js/duplicate-condition Duplicate 'if' condition
CWE-561 JavaScript/TypeScript js/duplicate-switch-case Duplicate switch case
CWE-561 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-561 JavaScript/TypeScript js/comparison-between-incompatible-types Comparison between inconvertible types
CWE-561 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-561 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-561 JavaScript/TypeScript js/unneeded-defensive-code Unneeded defensive code
CWE-561 JavaScript/TypeScript js/useless-type-test Useless type test
CWE-561 JavaScript/TypeScript js/regex/unmatchable-caret Unmatchable caret in regular expression
CWE-561 JavaScript/TypeScript js/regex/unmatchable-dollar Unmatchable dollar in regular expression
CWE-561 JavaScript/TypeScript js/unreachable-statement Unreachable statement
CWE-561 JavaScript/TypeScript js/trivial-conditional Useless conditional
CWE-563 JavaScript/TypeScript js/variable-initialization-conflict Conflicting variable initialization
CWE-563 JavaScript/TypeScript js/function-declaration-conflict Conflicting function declarations
CWE-563 JavaScript/TypeScript js/useless-assignment-to-global Useless assignment to global variable
CWE-563 JavaScript/TypeScript js/useless-assignment-to-local Useless assignment to local variable
CWE-563 JavaScript/TypeScript js/overwritten-property Overwritten property
CWE-563 JavaScript/TypeScript js/duplicate-property Duplicate property
CWE-563 JavaScript/TypeScript js/node/assignment-to-exports-variable Assignment to exports variable
CWE-563 JavaScript/TypeScript js/useless-assignment-in-return Return statement assigns local variable
CWE-570 JavaScript/TypeScript js/comparison-of-identical-expressions Comparison of identical values
CWE-570 JavaScript/TypeScript js/comparison-with-nan Comparison with NaN
CWE-570 JavaScript/TypeScript js/comparison-between-incompatible-types Comparison between inconvertible types
CWE-570 JavaScript/TypeScript js/unneeded-defensive-code Unneeded defensive code
CWE-570 JavaScript/TypeScript js/useless-type-test Useless type test
CWE-570 JavaScript/TypeScript js/trivial-conditional Useless conditional
CWE-571 JavaScript/TypeScript js/comparison-of-identical-expressions Comparison of identical values
CWE-571 JavaScript/TypeScript js/comparison-with-nan Comparison with NaN
CWE-571 JavaScript/TypeScript js/comparison-between-incompatible-types Comparison between inconvertible types
CWE-571 JavaScript/TypeScript js/unneeded-defensive-code Unneeded defensive code
CWE-571 JavaScript/TypeScript js/useless-type-test Useless type test
CWE-571 JavaScript/TypeScript js/trivial-conditional Useless conditional
CWE-573 JavaScript/TypeScript js/superfluous-trailing-arguments Superfluous trailing arguments
CWE-584 JavaScript/TypeScript js/exit-from-finally Jump from finally
CWE-592 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-592 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-592 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-598 JavaScript/TypeScript js/sensitive-get-query Sensitive data read from GET request
CWE-601 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-601 JavaScript/TypeScript js/server-side-unvalidated-url-redirection Server-side URL redirect
CWE-610 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-610 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-610 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-610 JavaScript/TypeScript js/server-side-unvalidated-url-redirection Server-side URL redirect
CWE-610 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-610 JavaScript/TypeScript js/client-side-request-forgery Client-side request forgery
CWE-610 JavaScript/TypeScript js/request-forgery Server-side request forgery
CWE-610 JavaScript/TypeScript javascript/ssrf Uncontrolled data used in network request
CWE-610 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-611 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-611 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-614 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-625 JavaScript/TypeScript js/angular/insecure-url-whitelist Insecure URL whitelist
CWE-628 JavaScript/TypeScript js/superfluous-trailing-arguments Superfluous trailing arguments
CWE-639 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-639 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-640 JavaScript/TypeScript js/host-header-forgery-in-email-generation Host header poisoning in email generation
CWE-642 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-642 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-643 JavaScript/TypeScript js/xpath-injection XPath injection
CWE-643 JavaScript/TypeScript js/xpath-injection-more-sources XPath injection with additional heuristic sources
CWE-657 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-657 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-657 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-664 JavaScript/TypeScript js/alert-call Invocation of alert
CWE-664 JavaScript/TypeScript js/unsafe-external-link Potentially unsafe external link
CWE-664 JavaScript/TypeScript js/enabling-electron-insecure-content Enabling Electron allowRunningInsecureContent
CWE-664 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-664 JavaScript/TypeScript js/implicit-operand-conversion Implicit operand conversion
CWE-664 JavaScript/TypeScript js/shift-out-of-range Shift out of range
CWE-664 JavaScript/TypeScript js/debugger-statement Use of debugger statement
CWE-664 JavaScript/TypeScript js/invalid-prototype-value Invalid prototype value
CWE-664 JavaScript/TypeScript js/property-assignment-on-primitive Assignment to property of primitive value
CWE-664 JavaScript/TypeScript js/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE-664 JavaScript/TypeScript js/redos Inefficient regular expression
CWE-664 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-664 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-664 JavaScript/TypeScript js/zipslip Arbitrary file access during archive extraction ("Zip Slip")
CWE-664 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-664 JavaScript/TypeScript js/code-injection Code injection
CWE-664 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-664 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-664 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-664 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-664 JavaScript/TypeScript js/case-sensitive-middleware-path Case-sensitive middleware path
CWE-664 JavaScript/TypeScript js/file-access-to-http File data in outbound network request
CWE-664 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-664 JavaScript/TypeScript js/cross-window-information-leak Cross-window communication with unrestricted target origin
CWE-664 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-664 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-664 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-664 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-664 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-664 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-664 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-664 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-664 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-664 JavaScript/TypeScript js/insecure-temporary-file Insecure temporary file
CWE-664 JavaScript/TypeScript js/session-fixation Failure to abandon session
CWE-664 JavaScript/TypeScript js/resource-exhaustion-from-deep-object-traversal Resources exhaustion from deep object traversal
CWE-664 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-664 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-664 JavaScript/TypeScript js/unsafe-deserialization Deserialization of user-controlled data
CWE-664 JavaScript/TypeScript js/sensitive-get-query Sensitive data read from GET request
CWE-664 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-664 JavaScript/TypeScript js/server-side-unvalidated-url-redirection Server-side URL redirect
CWE-664 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-664 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-664 JavaScript/TypeScript js/host-header-forgery-in-email-generation Host header poisoning in email generation
CWE-664 JavaScript/TypeScript js/regex-injection Regular expression injection
CWE-664 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-664 JavaScript/TypeScript js/resource-exhaustion Resource exhaustion
CWE-664 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-664 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-664 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-664 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-664 JavaScript/TypeScript js/insecure-download Download of sensitive file through insecure connection
CWE-664 JavaScript/TypeScript js/functionality-from-untrusted-domain Untrusted domain used in script or other content
CWE-664 JavaScript/TypeScript js/functionality-from-untrusted-source Inclusion of functionality from an untrusted source
CWE-664 JavaScript/TypeScript js/type-confusion-through-parameter-tampering Type confusion through parameter tampering
CWE-664 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-664 JavaScript/TypeScript js/http-to-file-access Network data written to file
CWE-664 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-664 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-664 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-664 JavaScript/TypeScript js/client-side-request-forgery Client-side request forgery
CWE-664 JavaScript/TypeScript js/request-forgery Server-side request forgery
CWE-664 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-664 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-664 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-664 JavaScript/TypeScript javascript/ssrf Uncontrolled data used in network request
CWE-664 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-664 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-664 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-664 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-664 JavaScript/TypeScript js/unsafe-deserialization-more-sources Deserialization of user-controlled data with additional heuristic sources
CWE-664 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-664 JavaScript/TypeScript js/regex-injection-more-sources Regular expression injection with additional heuristic sources
CWE-664 JavaScript/TypeScript js/resource-exhaustion-more-sources Resource exhaustion with additional heuristic sources
CWE-664 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-664 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-664 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-665 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-665 JavaScript/TypeScript js/resource-exhaustion Resource exhaustion
CWE-665 JavaScript/TypeScript js/resource-exhaustion-more-sources Resource exhaustion with additional heuristic sources
CWE-668 JavaScript/TypeScript js/unsafe-external-link Potentially unsafe external link
CWE-668 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-668 JavaScript/TypeScript js/zipslip Arbitrary file access during archive extraction ("Zip Slip")
CWE-668 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-668 JavaScript/TypeScript js/file-access-to-http File data in outbound network request
CWE-668 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-668 JavaScript/TypeScript js/cross-window-information-leak Cross-window communication with unrestricted target origin
CWE-668 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-668 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-668 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-668 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-668 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-668 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-668 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-668 JavaScript/TypeScript js/insecure-temporary-file Insecure temporary file
CWE-668 JavaScript/TypeScript js/sensitive-get-query Sensitive data read from GET request
CWE-668 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-668 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-668 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-668 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-669 JavaScript/TypeScript js/enabling-electron-insecure-content Enabling Electron allowRunningInsecureContent
CWE-669 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-669 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-669 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-669 JavaScript/TypeScript js/insecure-download Download of sensitive file through insecure connection
CWE-669 JavaScript/TypeScript js/functionality-from-untrusted-domain Untrusted domain used in script or other content
CWE-669 JavaScript/TypeScript js/functionality-from-untrusted-source Inclusion of functionality from an untrusted source
CWE-669 JavaScript/TypeScript js/http-to-file-access Network data written to file
CWE-669 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-670 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-670 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-670 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-670 JavaScript/TypeScript js/unclear-operator-precedence Unclear precedence of nested operators
CWE-670 JavaScript/TypeScript js/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE-670 JavaScript/TypeScript js/deletion-of-non-property Deleting non-property
CWE-670 JavaScript/TypeScript js/misleading-indentation-of-dangling-else Misleading indentation of dangling 'else'
CWE-670 JavaScript/TypeScript js/misleading-indentation-after-control-statement Misleading indentation after control statement
CWE-671 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-674 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-674 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-676 JavaScript/TypeScript js/eval-like-call Call to eval-like DOM function
CWE-676 JavaScript/TypeScript js/eval-call Use of eval
CWE-681 JavaScript/TypeScript js/shift-out-of-range Shift out of range
CWE-682 JavaScript/TypeScript js/index-out-of-bounds Off-by-one comparison against length
CWE-684 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-685 JavaScript/TypeScript js/superfluous-trailing-arguments Superfluous trailing arguments
CWE-691 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-691 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-691 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-691 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-691 JavaScript/TypeScript js/unclear-operator-precedence Unclear precedence of nested operators
CWE-691 JavaScript/TypeScript js/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE-691 JavaScript/TypeScript js/deletion-of-non-property Deleting non-property
CWE-691 JavaScript/TypeScript js/exit-from-finally Jump from finally
CWE-691 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-691 JavaScript/TypeScript js/code-injection Code injection
CWE-691 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-691 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-691 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-691 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-691 JavaScript/TypeScript js/file-system-race Potential file system race condition
CWE-691 JavaScript/TypeScript js/server-crash Server crash
CWE-691 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-691 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-691 JavaScript/TypeScript js/loop-bound-injection Loop bound injection
CWE-691 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-691 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-691 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-691 JavaScript/TypeScript js/misleading-indentation-of-dangling-else Misleading indentation of dangling 'else'
CWE-691 JavaScript/TypeScript js/inconsistent-loop-direction Inconsistent direction of for loop
CWE-691 JavaScript/TypeScript js/misleading-indentation-after-control-statement Misleading indentation after control statement
CWE-691 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-691 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-691 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-691 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-691 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-693 JavaScript/TypeScript js/angular/insecure-url-whitelist Insecure URL whitelist
CWE-693 JavaScript/TypeScript js/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE-693 JavaScript/TypeScript js/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE-693 JavaScript/TypeScript js/incomplete-url-scheme-check Incomplete URL scheme check
CWE-693 JavaScript/TypeScript js/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE-693 JavaScript/TypeScript js/incorrect-suffix-check Incorrect suffix check
CWE-693 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-693 JavaScript/TypeScript js/regex/missing-regexp-anchor Missing regular expression anchor
CWE-693 JavaScript/TypeScript js/overly-large-range Overly permissive regular expression range
CWE-693 JavaScript/TypeScript js/untrusted-data-to-external-api Untrusted data passed to external API
CWE-693 JavaScript/TypeScript js/useless-regexp-character-escape Useless regular-expression character escape
CWE-693 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-693 JavaScript/TypeScript js/double-escaping Double escaping or unescaping
CWE-693 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-693 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-693 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-693 JavaScript/TypeScript js/exposure-of-private-files Exposure of private files
CWE-693 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-693 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-693 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-693 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-693 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-693 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-693 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-693 JavaScript/TypeScript js/insufficient-key-size Use of a weak cryptographic key
CWE-693 JavaScript/TypeScript js/biased-cryptographic-random Creating biased random numbers from a cryptographically secure source
CWE-693 JavaScript/TypeScript js/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE-693 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-693 JavaScript/TypeScript js/jwt-missing-verification JWT missing secret or public key verification
CWE-693 JavaScript/TypeScript js/missing-token-validation Missing CSRF middleware
CWE-693 JavaScript/TypeScript js/session-fixation Failure to abandon session
CWE-693 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-693 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-693 JavaScript/TypeScript js/host-header-forgery-in-email-generation Host header poisoning in email generation
CWE-693 JavaScript/TypeScript js/insecure-helmet-configuration Insecure configuration of Helmet security middleware
CWE-693 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-693 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-693 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-693 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-693 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-693 JavaScript/TypeScript js/insufficient-password-hash Use of password hash with insufficient computational effort
CWE-693 JavaScript/TypeScript js/decode-jwt-without-verification JWT missing secret or public key verification
CWE-693 JavaScript/TypeScript js/decode-jwt-without-verification-local-source JWT missing secret or public key verification
CWE-693 JavaScript/TypeScript js/user-controlled-data-decompression User-controlled file decompression
CWE-693 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-693 JavaScript/TypeScript js/untrusted-data-to-external-api-more-sources Untrusted data passed to external API with additional heuristic sources
CWE-693 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-693 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-693 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-697 JavaScript/TypeScript js/angular/insecure-url-whitelist Insecure URL whitelist
CWE-697 JavaScript/TypeScript js/incomplete-url-scheme-check Incomplete URL scheme check
CWE-697 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-697 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-697 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-697 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-703 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-703 JavaScript/TypeScript js/server-crash Server crash
CWE-703 JavaScript/TypeScript js/unvalidated-dynamic-method-call Unvalidated dynamic method call
CWE-704 JavaScript/TypeScript js/implicit-operand-conversion Implicit operand conversion
CWE-704 JavaScript/TypeScript js/shift-out-of-range Shift out of range
CWE-704 JavaScript/TypeScript js/invalid-prototype-value Invalid prototype value
CWE-704 JavaScript/TypeScript js/property-assignment-on-primitive Assignment to property of primitive value
CWE-704 JavaScript/TypeScript js/type-confusion-through-parameter-tampering Type confusion through parameter tampering
CWE-705 JavaScript/TypeScript js/exit-from-finally Jump from finally
CWE-705 JavaScript/TypeScript js/server-crash Server crash
CWE-706 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-706 JavaScript/TypeScript js/zipslip Arbitrary file access during archive extraction ("Zip Slip")
CWE-706 JavaScript/TypeScript js/case-sensitive-middleware-path Case-sensitive middleware path
CWE-706 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-706 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-707 JavaScript/TypeScript js/angular/disabling-sce Disabling SCE
CWE-707 JavaScript/TypeScript js/disabling-electron-websecurity Disabling Electron webSecurity
CWE-707 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-707 JavaScript/TypeScript js/identity-replacement Replacement of a substring with itself
CWE-707 JavaScript/TypeScript js/path-injection Uncontrolled data used in path expression
CWE-707 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-707 JavaScript/TypeScript js/command-line-injection Uncontrolled command line
CWE-707 JavaScript/TypeScript js/indirect-command-line-injection Indirect uncontrolled command line
CWE-707 JavaScript/TypeScript js/second-order-command-line-injection Second order command injection
CWE-707 JavaScript/TypeScript js/shell-command-injection-from-environment Shell command built from environment values
CWE-707 JavaScript/TypeScript js/shell-command-constructed-from-input Unsafe shell command constructed from library input
CWE-707 JavaScript/TypeScript js/unnecessary-use-of-cat Unnecessary use of cat process
CWE-707 JavaScript/TypeScript js/xss-through-exception Exception text reinterpreted as HTML
CWE-707 JavaScript/TypeScript js/reflected-xss Reflected cross-site scripting
CWE-707 JavaScript/TypeScript js/stored-xss Stored cross-site scripting
CWE-707 JavaScript/TypeScript js/html-constructed-from-input Unsafe HTML constructed from library input
CWE-707 JavaScript/TypeScript js/unsafe-jquery-plugin Unsafe jQuery plugin
CWE-707 JavaScript/TypeScript js/xss Client-side cross-site scripting
CWE-707 JavaScript/TypeScript js/xss-through-dom DOM text reinterpreted as HTML
CWE-707 JavaScript/TypeScript js/sql-injection Database query built from user-controlled sources
CWE-707 JavaScript/TypeScript js/code-injection Code injection
CWE-707 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-707 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-707 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-707 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-707 JavaScript/TypeScript js/bad-tag-filter Bad HTML filtering regexp
CWE-707 JavaScript/TypeScript js/double-escaping Double escaping or unescaping
CWE-707 JavaScript/TypeScript js/incomplete-html-attribute-sanitization Incomplete HTML attribute sanitization
CWE-707 JavaScript/TypeScript js/incomplete-multi-character-sanitization Incomplete multi-character sanitization
CWE-707 JavaScript/TypeScript js/incomplete-sanitization Incomplete string escaping or encoding
CWE-707 JavaScript/TypeScript js/unsafe-html-expansion Unsafe expansion of self-closing HTML tag
CWE-707 JavaScript/TypeScript js/log-injection Log injection
CWE-707 JavaScript/TypeScript js/tainted-format-string Use of externally-controlled format string
CWE-707 JavaScript/TypeScript js/client-side-unvalidated-url-redirection Client-side URL redirect
CWE-707 JavaScript/TypeScript js/xpath-injection XPath injection
CWE-707 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-707 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-707 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-707 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-707 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-707 JavaScript/TypeScript js/env-key-and-value-injection User controlled arbitrary environment variable injection
CWE-707 JavaScript/TypeScript js/env-value-injection User controlled environment variable value injection
CWE-707 JavaScript/TypeScript js/command-line-injection-more-sources Uncontrolled command line with additional heuristic sources
CWE-707 JavaScript/TypeScript js/xss-more-sources Client-side cross-site scripting with additional heuristic sources
CWE-707 JavaScript/TypeScript js/sql-injection-more-sources Database query built from user-controlled sources with additional heuristic sources
CWE-707 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-707 JavaScript/TypeScript js/log-injection-more-sources Log injection with additional heuristic sources
CWE-707 JavaScript/TypeScript js/tainted-format-string-more-sources Use of externally-controlled format string with additional heuristic sources
CWE-707 JavaScript/TypeScript js/xpath-injection-more-sources XPath injection with additional heuristic sources
CWE-707 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-710 JavaScript/TypeScript js/todo-comment TODO comment
CWE-710 JavaScript/TypeScript js/conflicting-html-attribute Conflicting HTML element attributes
CWE-710 JavaScript/TypeScript js/malformed-html-id Malformed id attribute
CWE-710 JavaScript/TypeScript js/eval-like-call Call to eval-like DOM function
CWE-710 JavaScript/TypeScript js/variable-initialization-conflict Conflicting variable initialization
CWE-710 JavaScript/TypeScript js/function-declaration-conflict Conflicting function declarations
CWE-710 JavaScript/TypeScript js/useless-assignment-to-global Useless assignment to global variable
CWE-710 JavaScript/TypeScript js/useless-assignment-to-local Useless assignment to local variable
CWE-710 JavaScript/TypeScript js/overwritten-property Overwritten property
CWE-710 JavaScript/TypeScript js/comparison-of-identical-expressions Comparison of identical values
CWE-710 JavaScript/TypeScript js/comparison-with-nan Comparison with NaN
CWE-710 JavaScript/TypeScript js/duplicate-condition Duplicate 'if' condition
CWE-710 JavaScript/TypeScript js/duplicate-property Duplicate property
CWE-710 JavaScript/TypeScript js/duplicate-switch-case Duplicate switch case
CWE-710 JavaScript/TypeScript js/useless-expression Expression has no effect
CWE-710 JavaScript/TypeScript js/comparison-between-incompatible-types Comparison between inconvertible types
CWE-710 JavaScript/TypeScript js/redundant-operation Identical operands
CWE-710 JavaScript/TypeScript js/redundant-assignment Self assignment
CWE-710 JavaScript/TypeScript js/call-to-non-callable Invocation of non-function
CWE-710 JavaScript/TypeScript js/property-access-on-non-object Property access on null or undefined
CWE-710 JavaScript/TypeScript js/unneeded-defensive-code Unneeded defensive code
CWE-710 JavaScript/TypeScript js/useless-type-test Useless type test
CWE-710 JavaScript/TypeScript js/conditional-comment Conditional comments
CWE-710 JavaScript/TypeScript js/eval-call Use of eval
CWE-710 JavaScript/TypeScript js/non-standard-language-feature Use of platform-specific language features
CWE-710 JavaScript/TypeScript js/for-in-comprehension Use of for-in comprehension blocks
CWE-710 JavaScript/TypeScript js/superfluous-trailing-arguments Superfluous trailing arguments
CWE-710 JavaScript/TypeScript js/yield-outside-generator Yield in non-generator function
CWE-710 JavaScript/TypeScript js/node/assignment-to-exports-variable Assignment to exports variable
CWE-710 JavaScript/TypeScript js/regex/unmatchable-caret Unmatchable caret in regular expression
CWE-710 JavaScript/TypeScript js/regex/unmatchable-dollar Unmatchable dollar in regular expression
CWE-710 JavaScript/TypeScript js/remote-property-injection Remote property injection
CWE-710 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-710 JavaScript/TypeScript js/hardcoded-data-interpreted-as-code Hard-coded data interpreted as code
CWE-710 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-710 JavaScript/TypeScript js/http-to-file-access Network data written to file
CWE-710 JavaScript/TypeScript js/useless-assignment-in-return Return statement assigns local variable
CWE-710 JavaScript/TypeScript js/unreachable-statement Unreachable statement
CWE-710 JavaScript/TypeScript js/trivial-conditional Useless conditional
CWE-710 JavaScript/TypeScript js/remote-property-injection-more-sources Remote property injection with additional heuristic sources
CWE-754 JavaScript/TypeScript js/unvalidated-dynamic-method-call Unvalidated dynamic method call
CWE-755 JavaScript/TypeScript js/stack-trace-exposure Information exposure through a stack trace
CWE-758 JavaScript/TypeScript js/conflicting-html-attribute Conflicting HTML element attributes
CWE-758 JavaScript/TypeScript js/malformed-html-id Malformed id attribute
CWE-758 JavaScript/TypeScript js/conditional-comment Conditional comments
CWE-758 JavaScript/TypeScript js/non-standard-language-feature Use of platform-specific language features
CWE-758 JavaScript/TypeScript js/for-in-comprehension Use of for-in comprehension blocks
CWE-758 JavaScript/TypeScript js/yield-outside-generator Yield in non-generator function
CWE-770 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-770 JavaScript/TypeScript js/resource-exhaustion Resource exhaustion
CWE-770 JavaScript/TypeScript js/resource-exhaustion-more-sources Resource exhaustion with additional heuristic sources
CWE-776 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-776 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-783 JavaScript/TypeScript js/unclear-operator-precedence Unclear precedence of nested operators
CWE-783 JavaScript/TypeScript js/whitespace-contradicts-precedence Whitespace contradicts operator precedence
CWE-798 JavaScript/TypeScript js/hardcoded-credentials Hard-coded credentials
CWE-799 JavaScript/TypeScript js/missing-rate-limiting Missing rate limiting
CWE-807 JavaScript/TypeScript js/user-controlled-bypass User-controlled bypass of security check
CWE-807 JavaScript/TypeScript js/different-kinds-comparison-bypass Comparison of user-controlled data of different kinds
CWE-807 JavaScript/TypeScript js/user-controlled-bypass-more-sources User-controlled bypass of security check with additional heuristic sources
CWE-827 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-827 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-829 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-829 JavaScript/TypeScript js/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE-829 JavaScript/TypeScript js/xxe XML external entity expansion
CWE-829 JavaScript/TypeScript js/insecure-download Download of sensitive file through insecure connection
CWE-829 JavaScript/TypeScript js/functionality-from-untrusted-domain Untrusted domain used in script or other content
CWE-829 JavaScript/TypeScript js/functionality-from-untrusted-source Inclusion of functionality from an untrusted source
CWE-829 JavaScript/TypeScript js/xxe-more-sources XML external entity expansion with additional heuristic sources
CWE-830 JavaScript/TypeScript js/functionality-from-untrusted-domain Untrusted domain used in script or other content
CWE-830 JavaScript/TypeScript js/functionality-from-untrusted-source Inclusion of functionality from an untrusted source
CWE-834 JavaScript/TypeScript js/xml-bomb XML internal entity expansion
CWE-834 JavaScript/TypeScript js/loop-bound-injection Loop bound injection
CWE-834 JavaScript/TypeScript js/inconsistent-loop-direction Inconsistent direction of for loop
CWE-834 JavaScript/TypeScript js/xml-bomb-more-sources XML internal entity expansion with additional heuristic sources
CWE-835 JavaScript/TypeScript js/inconsistent-loop-direction Inconsistent direction of for loop
CWE-843 JavaScript/TypeScript js/type-confusion-through-parameter-tampering Type confusion through parameter tampering
CWE-862 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-862 JavaScript/TypeScript js/empty-password-in-configuration-file Empty password in configuration file
CWE-862 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-912 JavaScript/TypeScript js/hardcoded-data-interpreted-as-code Hard-coded data interpreted as code
CWE-912 JavaScript/TypeScript js/http-to-file-access Network data written to file
CWE-913 JavaScript/TypeScript js/enabling-electron-renderer-node-integration Enabling Node.js integration for Electron web content renderers
CWE-913 JavaScript/TypeScript js/template-object-injection Template Object Injection
CWE-913 JavaScript/TypeScript js/code-injection Code injection
CWE-913 JavaScript/TypeScript js/actions/command-injection Expression injection in Actions
CWE-913 JavaScript/TypeScript js/bad-code-sanitization Improper code sanitization
CWE-913 JavaScript/TypeScript js/unsafe-code-construction Unsafe code constructed from library input
CWE-913 JavaScript/TypeScript js/unsafe-dynamic-method-access Unsafe dynamic method access
CWE-913 JavaScript/TypeScript js/unsafe-deserialization Deserialization of user-controlled data
CWE-913 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-913 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-913 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-913 JavaScript/TypeScript js/code-injection-dynamic-import Code injection from dynamically imported code
CWE-913 JavaScript/TypeScript js/actions/pull-request-target Checkout of untrusted code in trusted context
CWE-913 JavaScript/TypeScript js/code-injection-more-sources Code injection with additional heuristic sources
CWE-913 JavaScript/TypeScript js/unsafe-deserialization-more-sources Deserialization of user-controlled data with additional heuristic sources
CWE-913 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-915 JavaScript/TypeScript js/prototype-polluting-assignment Prototype-polluting assignment
CWE-915 JavaScript/TypeScript js/prototype-pollution-utility Prototype-polluting function
CWE-915 JavaScript/TypeScript js/prototype-pollution Prototype-polluting merge call
CWE-915 JavaScript/TypeScript js/prototype-polluting-assignment-more-sources Prototype-polluting assignment with additional heuristic sources
CWE-916 JavaScript/TypeScript js/insufficient-password-hash Use of password hash with insufficient computational effort
CWE-918 JavaScript/TypeScript js/client-side-request-forgery Client-side request forgery
CWE-918 JavaScript/TypeScript js/request-forgery Server-side request forgery
CWE-918 JavaScript/TypeScript javascript/ssrf Uncontrolled data used in network request
CWE-922 JavaScript/TypeScript js/actions/actions-artifact-leak Storage of sensitive information in GitHub Actions artifact
CWE-922 JavaScript/TypeScript js/build-artifact-leak Storage of sensitive information in build artifact
CWE-922 JavaScript/TypeScript js/clear-text-logging Clear-text logging of sensitive information
CWE-922 JavaScript/TypeScript js/clear-text-storage-of-sensitive-data Clear text storage of sensitive information
CWE-922 JavaScript/TypeScript js/password-in-configuration-file Password in configuration file
CWE-922 JavaScript/TypeScript js/clear-text-cookie Clear text transmission of sensitive cookie
CWE-923 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-923 JavaScript/TypeScript js/disabling-certificate-validation Disabling certificate validation
CWE-923 JavaScript/TypeScript js/insecure-dependency Dependency download using unencrypted communication channel
CWE-940 JavaScript/TypeScript js/missing-origin-check Missing origin verification in postMessage handler
CWE-942 JavaScript/TypeScript js/cors-misconfiguration-for-credentials CORS misconfiguration for credentials transfer
CWE-942 JavaScript/TypeScript js/cors-misconfiguration overly CORS configuration
CWE-942 JavaScript/TypeScript js/cors-misconfiguration-for-credentials-more-sources CORS misconfiguration for credentials transfer with additional heuristic sources
CWE-943 JavaScript/TypeScript js/sql-injection Database query built from user-controlled sources
CWE-943 JavaScript/TypeScript js/xpath-injection XPath injection
CWE-943 JavaScript/TypeScript js/env-key-and-value-injection User controlled arbitrary environment variable injection
CWE-943 JavaScript/TypeScript js/env-value-injection User controlled environment variable value injection
CWE-943 JavaScript/TypeScript js/sql-injection-more-sources Database query built from user-controlled sources with additional heuristic sources
CWE-943 JavaScript/TypeScript js/xpath-injection-more-sources XPath injection with additional heuristic sources
CWE-1004 JavaScript/TypeScript js/client-exposed-cookie Sensitive server cookie exposed to the client
CWE-1021 JavaScript/TypeScript js/insecure-helmet-configuration Insecure configuration of Helmet security middleware
CWE-1022 JavaScript/TypeScript js/unsafe-external-link Potentially unsafe external link
CWE-1176 JavaScript/TypeScript js/angular/double-compilation Double compilation
CWE-1275 JavaScript/TypeScript js/samesite-none-cookie Sensitive cookie without SameSite restrictions
CWE-1333 JavaScript/TypeScript js/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE-1333 JavaScript/TypeScript js/redos Inefficient regular expression
  • © GitHub, Inc.
  • Terms
  • Privacy