To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to CWE Top 25 Most Dangerous Software Weaknesses

CWE Top 25 Most Dangerous Software Weaknesses is a list of the most dangerous and common software weaknesses. These software weaknesses are dangerous because someone can easily find and exploit them. Attackers can use them to disrupt the application's operation, steal data or even completely take over a system. CWE Top 25 Most Dangerous Software Weaknesses is a significant community resource. It helps developers, testers, users, project managers, security researchers and teachers. They use this list to get an idea of the most common and dangerous security defects now.

Below is a table of correspondence between the CWE Top 25 Most Dangerous Software Weaknesses 2021 list and the PVS-Studio diagnostics, divided by programming languages.

#

CWE ID

Name

PVS-Studio Diagnostics

1

CWE‑787

Out-of-bounds Write

C++: V512, V557, V582, V645

C#: V3106

Java: V6025

2

CWE‑79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

C#: V5610

3

CWE‑125

Out-of-bounds Read

C++: V512, V557, V582

C#: V3106

Java: V6025

4

CWE‑20

Improper Input Validation

C++: V739, V781, V1010, V1024, V5009

5

CWE‑78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

C++: V1010, V5009

6

CWE‑89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

C#: V5608

7

CWE‑416

Use After Free

C++: V623, V723, V758, V774, V1017

8

CWE‑22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

C#: V5609

9

CWE‑352

Cross-Site Request Forgery (CSRF)

Coming in the future.

10

CWE‑434

Unrestricted Upload of File with Dangerous Type

Coming in the future.

11

CWE‑306

Missing Authentication for Critical Function

Coming in the future.

12

CWE‑190

Integer Overflow or Wraparound

C++: V629, V658, V673, V683, V1026, V1028, V5004, V5005, V5006, V5007, V5010, V5011

C#: V3113

Java: V6105

13

CWE‑502

Deserialization of Untrusted Data

C#: V5611

14

CWE‑287

Improper Authentication

Coming in the future.

15

CWE‑476

NULL Pointer Dereference

C++: V522, V595, V664, V713, V1004

C#: V3027, V3042, V3080, V3095, V3100, V3125, V3145, V3146, V3148, V3149, V3152, V3153, V3168

Java: V6008, V6060, V6093

16

CWE‑798

Use of Hard-coded Credentials

C++: V5013

C#: V5601

Java: V5305

17

CWE‑119

Improper Restriction of Operations within the Bounds of a Memory Buffer

C++: V512, V557, V582, V769, V783, V1004

18

CWE‑862

Missing Authorization

Coming in the future.

19

CWE‑276

Incorrect Default Permissions

Coming in the future.

20

CWE‑200

Exposure of Sensitive Information to an Unauthorized Actor

Coming in the future.

21

CWE‑522

Insufficiently Protected Credentials

Coming in the future.

22

CWE‑732

Incorrect Permission Assignment for Critical Resource

Coming in the future.

23

CWE‑611

Improper Restriction of XML External Entity Reference

C#: V5614

24

CWE‑918

Server-Side Request Forgery (SSRF)

Coming in the future.

25

CWE‑77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Coming in the future.

This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept