Classification of PVS-Studio warnings according to CWE Top 25 Most Dangerous Software Weaknesses

CWE Top 25 Most Dangerous Software Weaknesses is a list of the most dangerous and common software weaknesses. These software weaknesses are dangerous because someone can easily find and exploit them. Attackers can use them to disrupt the application's operation, steal data or even completely take over a system. CWE Top 25 Most Dangerous Software Weaknesses is a significant community resource. It helps developers, testers, users, project managers, security researchers and teachers. They use this list to get an idea of the most common and dangerous security defects now.

Below is a table of correspondence between the CWE Top 25 Most Dangerous Software Weaknesses 2022 list and the PVS-Studio diagnostics, divided by programming languages.

#	CWE ID	Name	PVS-Studio Diagnostics
1	CWE‑787	Out-of-bounds Write	C++: V512, V557, V582, V645 C#: V3106 Java: V6025
2	CWE‑79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	C#: V5610
3	CWE‑89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	C#: V5608
4	CWE‑20	Improper Input Validation	C++: V739, V781, V1010, V1024, V5009
5	CWE‑125	Out-of-bounds Read	C++: V512, V557, V582 C#: V3106 Java: V6025
6	CWE‑78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	C++: V1010, V5009 C#: V5616
7	CWE‑416	Use After Free	C++: V623, V723, V758, V774, V1017
8	CWE‑22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	C#: V5609, V5628
9	CWE‑352	Cross-Site Request Forgery (CSRF)	Coming in the future.
10	CWE‑434	Unrestricted Upload of File with Dangerous Type	Coming in the future.
11	CWE‑476	NULL Pointer Dereference	C++: V522, V595, V664, V713, V1004 C#: V3027, V3042, V3080, V3095, V3100, V3125, V3145, V3146, V3148, V3149, V3152, V3153, V3168 Java: V6008, V6060, V6093
12	CWE‑502	Deserialization of Untrusted Data	C#: V5611
13	CWE‑190	Integer Overflow or Wraparound	C++: V629, V658, V673, V683, V1026, V1028, V1081, V1083, V1085, V5004, V5005, V5006, V5007, V5010, V5011 C#: V3113 Java: V6105
14	CWE‑287	Improper Authentication	Coming in the future.
15	CWE‑798	Use of Hard-coded Credentials	C++: V5013 C#: V5601 Java: V5305
16	CWE‑862	Missing Authorization	Coming in the future.
17	CWE‑77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	C#: V5616
18	CWE‑306	Missing Authentication for Critical Function	Coming in the future.
19	CWE‑119	Improper Restriction of Operations within the Bounds of a Memory Buffer	C++: V512, V557, V582, V769, V783, V1004, V1086
20	CWE‑276	Incorrect Default Permissions	Coming in the future.
21	CWE‑918	Server-Side Request Forgery (SSRF)	C#: V5618
22	CWE‑362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')	Coming in the future.
23	CWE‑400	Uncontrolled Resource Consumption	Coming in the future.
24	CWE‑611	Improper Restriction of XML External Entity Reference	C#: V5614
25	CWE‑94	Improper Control of Generation of Code ('Code Injection')	C++: V1076