+
+| MITRE |
+01 Introduction |
+Prominent CVEs |
+
+
+
+| CWE-501 |
+pyscg-0040: Trust Boundary Violation |
+CVE-2023-28597, CVSSv3.0: 7.5,
EPSS: 00.11 (05.11.2024) |
+
+
+| CWE-798 | pyscg-0041: Use of hardcoded credentials | |
+| CWE-783 | pyscg-0042: Operator Precedence Logic Error | |
+| CWE-472 | pyscg-0055: External Control of Assumed-Immutable Web Parameter | |
+
+
+| MITRE |
+02 Encoding and Strings |
+Prominent CVEs |
+
+| CWE-175 | pyscg-0043: Improper Handling of Mixed Encoding | |
+
+
+| CWE-180 |
+pyscg-0044: Incorrect behavior order: Validate before Canonicalize |
+CVE-2022-26136,
CVSSv3.1: 9.8,
EPSS: 00.28 (31.12.20255) |
+
+
+| CWE-182 | pyscg-0045: Enforce control over encoding such as UTF-8 |
+
+| CWE-838 | pyscg-0046: Inappropriate Encoding for Output Context | |
+
+
+| MITRE |
+03 Numbers |
+Prominent CVEs |
+
+
+| CWE-1339 | pyscg-0001: Avoid floating-point and use integers or the decimal module to ensure precision in applications that require high accuracy, such as in financial or banking computations | |
+| CWE-191 | pyscg-0002: Ensure that integer overflow is properly handled in order to avoid unexpected behavior. | |
+| CWE-1335 | pyscg-0053: Incorrect Bitwise Shift of Intege | |
+| CWE-1335 | pyscg-0003: Promote readability and compatibility by using mathematical written code with arithmetic operations instead of bit-wise operations | |
+| CWE-197 | pyscg-0004: Ensure to have predictable outcomes in loops by using int instead of float variables as a counter | |
+| CWE-197 | pyscg-0005: Make conscious design decisions on how conversions are rounded | |
+| CWE-681 | pyscg-0006: String representations of floating-point numbers must not be compared or inspected outside of specialized modules such as decimal or math | |
+| CWE-681 | pyscg-0007: Avoid using floating-point literals. | |
+
+
+| MITRE |
+04 Neutralization |
+Prominent CVEs |
+
+
+| CWE-184 | pyscg-0184: Use 'allow lists' to avoid continuesly updates to 'deny lists'. | |
+
+
+ | CWE-134 |
+ pyscg-0008: Use of Externally-Controlled Format String |
+ CVE-2022-27177,
CVSSv3.1: >9.8,
EPSS: 00.37 (01.12.2023) |
+
+
+
+ | CWE-78 |
+ pyscg-0009: Improper Neutralization of Special Elements Used in an OS Command (OS Command Injection) |
+ CVE-2024-43804,
CVSSv3.1: 8.8,
EPSS: 00.06 (08.11.2024) |
+
+
+
+ | CWE-89 |
+ pyscg-0010: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
+ CVE-2019-8600, CVSSv3.1: 9.8,
EPSS: 01.43 (18.02.2024) |
+
+
+
+| CWE-843 |
+pyscg-0011: Access of Resource Using Incompatible Type ('Type Confusion') |
+CVE-2021-29513, CVSSv3.1: 7.8,
EPSS: 00.02 (13.05.2025)
+ |
+
+
+
+ | CWE-409 |
+ pyscg-0012: Improper Handling of Highly Compressed Data (Data Amplification) |
+ CVE-2019-9674, CVSSv3.1: 7.5, EPSS 1.2%(10.09.2025) |
+
+
+
+ | CWE-426 |
+ pyscg-0013: Untrusted Search Path |
+ CVE-2015-1326,
CVSSv3.0: 8.8,
EPSS: 00.20 (23.11.2023) |
+
+
+
+| MITRE |
+05 Exception handling |
+Prominent CVEs |
+
+
+| CWE-397 | pyscg-0014: Declaration of Throws for Generic Exception | |
+| CWE-755 | pyscg-0015: Improper Handling of Exceptional Conditions | CVE-2024-39560,CVSSv3.1: 6.5,
EPSS: 0.04 (01.11.2024) |
+| CWE-390 | pyscg-0016: Detection of Error Condition without Action | |
+| CWE-230 | pyscg-0017: Improper Handling of Missing Values | |
+| CWE-754 | pyscg-0018: Improper Check for Unusual or Exceptional Conditions - float | |
+| CWE-460 | pyscg-0052: Improper Cleanup on Thrown Exception | |
+
+
+| MITRE |
+06 Logging |
+Prominent CVEs |
+
+
+
+| CWE-532 |
+ pyscg-0019: Insertion of Sensitive Information into Log File |
+ CVE-2023-45585,
CVSSv3.1: 9.8,
EPSS: 0.04 (01.11.2024) |
+
+| CWE-778 | pyscg-0020: Insufficient Logging | |
+| CWE-489 | pyscg-0021: Active Debug Code | CVE-2018-14649, CVSSv3.1: 9.8, EPSS: 69.64 (12.12.2023) |
+| CWE-117 | pyscg-0022: Improper Output Neutralization for Logs | |
+| CWE-209 | pyscg-0050: Generation of Error Message Containing Sensitive Information | |
+
+
+| MITRE |
+07 Serialization Deserialization |
+Prominent CVEs |
+
+
+| CWE-502 | pyscg-0023: Deserialization of Untrusted Data | CVE-2018-8021, CVSSv3.0: 9.8,
EPSS: 93.54 (05.11.2024) |
+
+ | 08 Concurrency | Prominent CVE |
|---|
+| CWE-400 | pyscg-0024: Uncontrolled Resource Consumption | |
+| CWE-410 | pyscg-0025: Insufficient Resource Pool | |
+| CWE-833 | pyscg-0026: Deadlock | |
+| CWE-362 | pyscg-0027: Concurrent Execution Using Shared Resource with Improper Synchronization (Race Condition) | |
+| CWE-584 | pyscg-0028: Return Inside Finally Block | |
+| CWE-665 | pyscg-0029: Improper Initialization | |
+| CWE-392 | pyscg-0030: Missing Report of Error Condition in a Threadpool | |
+| CWE-404 | pyscg-0051: Improper Resource Shutdown or Release | |
+| CWE-366 | pyscg-0054: Race Condition within a Thread | |
+
+
+| MITRE |
+09 Coding Standards |
+Prominent CVE |
+
+
+| CWE-1095 | pyscg-0031: Loop Condition Value Update within the Loop | |
+| CWE-1109 | pyscg-0032: Use of Same Variable for Multiple Purposes | |
+| CWE-595 | pyscg-0033: Comparison of Object References Instead of Object Contents | |
+| CWE-476 | pyscg-0034: NULL Pointer Dereference | |
+| CWE-459 | pyscg-0035: Incomplete Cleanup | |
+| CWE-252 | pyscg-0036: Unchecked Return Value | |
+| CWE-617 | pyscg-0037: Reachable Assertion | |
+
+
+| MITRE |
+10 Cryptography |
+Prominent CVE |
+
+
+| CWE-330 | pyscg-0038: Use of Insufficiently Random Values | CVE-2020-7548, CVSSv3.1: 9.8
EPSS: 0.22 (12.12.2024) |
+
## Biblography