{
    "20": "Improper Input Validation",
    "22": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
    "23": "Relative Path Traversal",
    "24": "Path Traversal: '..\/filedir'",
    "25": "Path Traversal: '\/..\/filedir'",
    "35": "Path Traversal: '...\/...\/\/'",
    "36": "Absolute Path Traversal",
    "73": "External Control of File Name or Path",
    "74": "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
    "75": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
    "77": "Improper Neutralization of Special Elements used in a Command ('Command Injection')",
    "78": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
    "79": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
    "80": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
    "85": "Doubled Character XSS Manipulations",
    "87": "Improper Neutralization of Alternate XSS Syntax",
    "88": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
    "89": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
    "90": "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')",
    "94": "Improper Control of Generation of Code ('Code Injection')",
    "95": "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
    "96": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')",
    "98": "Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion')",
    "113": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request\/Response Splitting')",
    "116": "Improper Encoding or Escaping of Output",
    "117": "Improper Output Neutralization for Logs",
    "158": "Improper Neutralization of Null Byte or NUL Character",
    "179": "Incorrect Behavior Order: Early Validation",
    "185": "Incorrect Regular Expression",
    "197": "Numeric Truncation Error",
    "200": "Exposure of Sensitive Information to an Unauthorized Actor",
    "201": "Insertion of Sensitive Information Into Sent Data",
    "202": "Exposure of Sensitive Information Through Data Queries",
    "203": "Observable Discrepancy",
    "204": "Observable Response Discrepancy",
    "208": "Observable Timing Discrepancy",
    "209": "Generation of Error Message Containing Sensitive Information",
    "215": "Insertion of Sensitive Information Into Debugging Code",
    "219": "Storage of File with Sensitive Data Under Web Root",
    "230": "Improper Handling of Missing Values",
    "233": "Improper Handling of Parameters",
    "256": "Plaintext Storage of a Password",
    "257": "Storing Passwords in a Recoverable Format",
    "259": "Use of Hard-coded Password",
    "261": "Weak Encoding for Password",
    "266": "Incorrect Privilege Assignment",
    "269": "Improper Privilege Management",
    "272": "Least Privilege Violation",
    "276": "Incorrect Default Permissions",
    "280": "Improper Handling of Insufficient Permissions or Privileges",
    "284": "Improper Access Control",
    "285": "Improper Authorization",
    "286": "Incorrect User Management",
    "287": "Improper Authentication",
    "288": "Authentication Bypass Using an Alternate Path or Channel",
    "289": "Authentication Bypass by Alternate Name",
    "290": "Authentication Bypass by Spoofing",
    "291": "Reliance on IP Address for Authentication",
    "303": "Incorrect Implementation of Authentication Algorithm",
    "304": "Missing Critical Step in Authentication",
    "305": "Authentication Bypass by Primary Weakness",
    "306": "Missing Authentication for Critical Function",
    "307": "Improper Restriction of Excessive Authentication Attempts",
    "312": "Cleartext Storage of Sensitive Information",
    "321": "Use of Hard-coded Cryptographic Key",
    "324": "Use of a Key Past its Expiration Date",
    "326": "Inadequate Encryption Strength",
    "327": "Use of a Broken or Risky Cryptographic Algorithm",
    "330": "Use of Insufficiently Random Values",
    "338": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
    "340": "Generation of Predictable Numbers or Identifiers",
    "345": "Insufficient Verification of Data Authenticity",
    "346": "Origin Validation Error",
    "347": "Improper Verification of Cryptographic Signature",
    "348": "Use of Less Trusted Source",
    "349": "Acceptance of Extraneous Untrusted Data With Trusted Data",
    "352": "Cross-Site Request Forgery (CSRF)",
    "353": "Missing Support for Integrity Check",
    "354": "Improper Validation of Integrity Check Value",
    "359": "Exposure of Private Personal Information to an Unauthorized Actor",
    "362": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
    "400": "Uncontrolled Resource Consumption",
    "420": "Unprotected Alternate Channel",
    "424": "Improper Protection of Alternate Path",
    "434": "Unrestricted Upload of File with Dangerous Type",
    "436": "Interpretation Conflict",
    "441": "Unintended Proxy or Intermediary ('Confused Deputy')",
    "444": "Inconsistent Interpretation of HTTP Requests ('HTTP Request\/Response Smuggling')",
    "451": "User Interface (UI) Misrepresentation of Critical Information",
    "463": "Deletion of Data Structure Sentinel",
    "472": "External Control of Assumed-Immutable Web Parameter",
    "488": "Exposure of Data Element to Wrong Session",
    "494": "Download of Code Without Integrity Check",
    "497": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
    "502": "Deserialization of Untrusted Data",
    "506": "Embedded Malicious Code",
    "522": "Insufficiently Protected Credentials",
    "524": "Use of Cache Containing Sensitive Information",
    "530": "Exposure of Backup File to an Unauthorized Control Sphere",
    "532": "Insertion of Sensitive Information into Log File",
    "538": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
    "548": "Exposure of Information Through Directory Listing",
    "552": "Files or Directories Accessible to External Parties",
    "564": "SQL Injection: Hibernate",
    "565": "Reliance on Cookies without Validation and Integrity Checking",
    "601": "URL Redirection to Untrusted Site ('Open Redirect')",
    "602": "Client-Side Enforcement of Server-Side Security",
    "610": "Externally Controlled Reference to a Resource in Another Sphere",
    "611": "Improper Restriction of XML External Entity Reference",
    "613": "Insufficient Session Expiration",
    "614": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
    "620": "Unverified Password Change",
    "636": "Not Failing Securely ('Failing Open')",
    "639": "Authorization Bypass Through User-Controlled Key",
    "640": "Weak Password Recovery Mechanism for Forgotten Password",
    "672": "Operation on a Resource after Expiration or Release",
    "681": "Incorrect Conversion between Numeric Types",
    "692": "Incomplete Denylist to Cross-Site Scripting",
    "693": "Protection Mechanism Failure",
    "697": "Incorrect Comparison",
    "703": "Improper Check or Handling of Exceptional Conditions",
    "732": "Incorrect Permission Assignment for Critical Resource",
    "757": "Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')",
    "759": "Use of a One-Way Hash without a Salt",
    "776": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')",
    "784": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision",
    "798": "Use of Hard-coded Credentials",
    "799": "Improper Control of Interaction Frequency",
    "804": "Guessable CAPTCHA",
    "807": "Reliance on Untrusted Inputs in a Security Decision",
    "829": "Inclusion of Functionality from Untrusted Control Sphere",
    "843": "Access of Resource Using Incompatible Type ('Type Confusion')",
    "862": "Missing Authorization",
    "863": "Incorrect Authorization",
    "912": "Hidden Functionality",
    "915": "Improperly Controlled Modification of Dynamically-Determined Object Attributes",
    "916": "Use of Password Hash With Insufficient Computational Effort",
    "918": "Server-Side Request Forgery (SSRF)",
    "921": "Storage of Sensitive Data in a Mechanism without Access Control",
    "922": "Insecure Storage of Sensitive Information",
    "1021": "Improper Restriction of Rendered UI Layers or Frames",
    "1022": "Use of Web Link to Untrusted Target with window.opener Access",
    "1078": "Inappropriate Source Code Style or Formatting",
    "1188": "Initialization of a Resource with an Insecure Default",
    "1229": "Creation of Emergent Resource",
    "1230": "Exposure of Sensitive Information Through Metadata",
    "1236": "Improper Neutralization of Formula Elements in a CSV File",
    "1250": "Improper Preservation of Consistency Between Independent Representations of Shared State",
    "1284": "Improper Validation of Specified Quantity in Input",
    "1287": "Improper Validation of Specified Type of Input",
    "1321": "Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')",
    "1333": "Inefficient Regular Expression Complexity",
    "1336": "Improper Neutralization of Special Elements Used in a Template Engine",
    "1390": "Weak Authentication",
    "1395": "Dependency on Vulnerable Third-Party Component"
}