CWE coverage for Ruby¶
An overview of CWE coverage for Ruby in the latest release of CodeQL.
Overview¶
| CWE | Language | Query id | Query name |
|---|---|---|---|
| CWE-20 | Ruby | rb/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
| CWE-20 | Ruby | rb/incomplete-url-substring-sanitization | Incomplete URL substring sanitization |
| CWE-20 | Ruby | rb/regex/badly-anchored-regexp | Badly anchored regular expression |
| CWE-20 | Ruby | rb/regex/missing-regexp-anchor | Missing regular expression anchor |
| CWE-20 | Ruby | rb/overly-large-range | Overly permissive regular expression range |
| CWE-20 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-20 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-20 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-22 | Ruby | rb/zip-slip | Arbitrary file access during archive extraction ("Zip Slip") |
| CWE-22 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-23 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-36 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-73 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-73 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-73 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-73 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-74 | Ruby | rb/ldap-injection | LDAP Injection |
| CWE-74 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-74 | Ruby | rb/xpath-injection | XPath query built from user-controlled sources |
| CWE-74 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-74 | Ruby | rb/command-line-injection | Uncontrolled command line |
| CWE-74 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-74 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-74 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-74 | Ruby | rb/reflected-xss | Reflected server-side cross-site scripting |
| CWE-74 | Ruby | rb/stored-xss | Stored cross-site scripting |
| CWE-74 | Ruby | rb/html-constructed-from-input | Unsafe HTML constructed from library input |
| CWE-74 | Ruby | rb/sql-injection | SQL query built from user-controlled sources |
| CWE-74 | Ruby | rb/code-injection | Code injection |
| CWE-74 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-74 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-74 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-74 | Ruby | rb/tainted-format-string | Use of externally-controlled format string |
| CWE-77 | Ruby | rb/command-line-injection | Uncontrolled command line |
| CWE-77 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-77 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-77 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-78 | Ruby | rb/command-line-injection | Uncontrolled command line |
| CWE-78 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-78 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-78 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-79 | Ruby | rb/reflected-xss | Reflected server-side cross-site scripting |
| CWE-79 | Ruby | rb/stored-xss | Stored cross-site scripting |
| CWE-79 | Ruby | rb/html-constructed-from-input | Unsafe HTML constructed from library input |
| CWE-79 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-79 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-79 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-80 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-80 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-88 | Ruby | rb/command-line-injection | Uncontrolled command line |
| CWE-88 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-88 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-88 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-89 | Ruby | rb/sql-injection | SQL query built from user-controlled sources |
| CWE-90 | Ruby | rb/ldap-injection | LDAP Injection |
| CWE-91 | Ruby | rb/xpath-injection | XPath query built from user-controlled sources |
| CWE-94 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-94 | Ruby | rb/code-injection | Code injection |
| CWE-94 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-95 | Ruby | rb/code-injection | Code injection |
| CWE-99 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-116 | Ruby | rb/reflected-xss | Reflected server-side cross-site scripting |
| CWE-116 | Ruby | rb/stored-xss | Stored cross-site scripting |
| CWE-116 | Ruby | rb/html-constructed-from-input | Unsafe HTML constructed from library input |
| CWE-116 | Ruby | rb/code-injection | Code injection |
| CWE-116 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-116 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-116 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-116 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-116 | Ruby | rb/log-injection | Log injection |
| CWE-117 | Ruby | rb/log-injection | Log injection |
| CWE-134 | Ruby | rb/tainted-format-string | Use of externally-controlled format string |
| CWE-172 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-176 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-179 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-180 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-185 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-186 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-200 | Ruby | rb/unsafe-hmac-comparison | Unsafe HMAC Comparison |
| CWE-200 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-200 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-200 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-200 | Ruby | rb/sensitive-get-query | Sensitive data read from GET request |
| CWE-203 | Ruby | rb/unsafe-hmac-comparison | Unsafe HMAC Comparison |
| CWE-208 | Ruby | rb/unsafe-hmac-comparison | Unsafe HMAC Comparison |
| CWE-209 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-259 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-284 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-284 | Ruby | rb/improper-ldap-auth | Improper LDAP Authentication |
| CWE-284 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-284 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-284 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-284 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-285 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-285 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-287 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-287 | Ruby | rb/improper-ldap-auth | Improper LDAP Authentication |
| CWE-287 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-290 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-295 | Ruby | rb/request-without-cert-validation | Request without certificate validation |
| CWE-300 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-311 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-311 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-311 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-312 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-312 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-319 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-321 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-326 | Ruby | rb/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-327 | Ruby | rb/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
| CWE-327 | Ruby | rb/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-328 | Ruby | rb/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-330 | Ruby | rb/insecure-randomness | Insecure randomness |
| CWE-330 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-338 | Ruby | rb/insecure-randomness | Insecure randomness |
| CWE-344 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-345 | Ruby | rb/jwt-missing-verification | JWT missing secret or public key verification |
| CWE-345 | Ruby | rb/csrf-protection-disabled | CSRF protection weakened or disabled |
| CWE-345 | Ruby | rb/csrf-protection-not-enabled | CSRF protection not enabled |
| CWE-347 | Ruby | rb/jwt-missing-verification | JWT missing secret or public key verification |
| CWE-352 | Ruby | rb/csrf-protection-disabled | CSRF protection weakened or disabled |
| CWE-352 | Ruby | rb/csrf-protection-not-enabled | CSRF protection not enabled |
| CWE-359 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-359 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-398 | Ruby | rb/useless-assignment-to-local | Useless assignment to local variable |
| CWE-398 | Ruby | rb/unused-parameter | Unused parameter |
| CWE-400 | Ruby | rb/polynomial-redos | Polynomial regular expression used on uncontrolled data |
| CWE-400 | Ruby | rb/redos | Inefficient regular expression |
| CWE-400 | Ruby | rb/regexp-injection | Regular expression injection |
| CWE-405 | Ruby | rb/user-controlled-data-decompression | User-controlled file decompression |
| CWE-405 | Ruby | rb/user-controlled-file-decompression | User-controlled file decompression |
| CWE-405 | Ruby | rb/xxe | XML external entity expansion |
| CWE-409 | Ruby | rb/user-controlled-data-decompression | User-controlled file decompression |
| CWE-409 | Ruby | rb/user-controlled-file-decompression | User-controlled file decompression |
| CWE-409 | Ruby | rb/xxe | XML external entity expansion |
| CWE-434 | Ruby | rb/http-to-file-access | Network data written to file |
| CWE-441 | Ruby | rb/request-forgery | Server-side request forgery |
| CWE-494 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-497 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-502 | Ruby | rb/unsafe-unsafeyamldeserialization | Deserialization of user-controlled yaml data |
| CWE-502 | Ruby | rb/unsafe-deserialization | Deserialization of user-controlled data |
| CWE-506 | Ruby | rb/hardcoded-data-interpreted-as-code | Hard-coded data interpreted as code |
| CWE-532 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-532 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-538 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-538 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-552 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-552 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-563 | Ruby | rb/useless-assignment-to-local | Useless assignment to local variable |
| CWE-563 | Ruby | rb/unused-parameter | Unused parameter |
| CWE-592 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-598 | Ruby | rb/sensitive-get-query | Sensitive data read from GET request |
| CWE-601 | Ruby | rb/url-redirection | URL redirection from remote source |
| CWE-610 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-610 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-610 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-610 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-610 | Ruby | rb/url-redirection | URL redirection from remote source |
| CWE-610 | Ruby | rb/xxe | XML external entity expansion |
| CWE-610 | Ruby | rb/request-forgery | Server-side request forgery |
| CWE-611 | Ruby | rb/xxe | XML external entity expansion |
| CWE-642 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-642 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-642 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-642 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-643 | Ruby | rb/xpath-injection | XPath query built from user-controlled sources |
| CWE-657 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-664 | Ruby | rb/user-controlled-data-decompression | User-controlled file decompression |
| CWE-664 | Ruby | rb/zip-slip | Arbitrary file access during archive extraction ("Zip Slip") |
| CWE-664 | Ruby | rb/unsafe-hmac-comparison | Unsafe HMAC Comparison |
| CWE-664 | Ruby | rb/unsafe-unsafeyamldeserialization | Deserialization of user-controlled yaml data |
| CWE-664 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-664 | Ruby | rb/user-controlled-file-decompression | User-controlled file decompression |
| CWE-664 | Ruby | rb/improper-ldap-auth | Improper LDAP Authentication |
| CWE-664 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-664 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-664 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-664 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-664 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-664 | Ruby | rb/code-injection | Code injection |
| CWE-664 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-664 | Ruby | rb/polynomial-redos | Polynomial regular expression used on uncontrolled data |
| CWE-664 | Ruby | rb/redos | Inefficient regular expression |
| CWE-664 | Ruby | rb/regexp-injection | Regular expression injection |
| CWE-664 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-664 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-664 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-664 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-664 | Ruby | rb/unsafe-deserialization | Deserialization of user-controlled data |
| CWE-664 | Ruby | rb/sensitive-get-query | Sensitive data read from GET request |
| CWE-664 | Ruby | rb/url-redirection | URL redirection from remote source |
| CWE-664 | Ruby | rb/xxe | XML external entity expansion |
| CWE-664 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-664 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-664 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-664 | Ruby | rb/insecure-download | Download of sensitive file through insecure connection |
| CWE-664 | Ruby | rb/http-to-file-access | Network data written to file |
| CWE-664 | Ruby | rb/insecure-mass-assignment | Insecure Mass Assignment |
| CWE-664 | Ruby | rb/request-forgery | Server-side request forgery |
| CWE-668 | Ruby | rb/zip-slip | Arbitrary file access during archive extraction ("Zip Slip") |
| CWE-668 | Ruby | rb/unsafe-hmac-comparison | Unsafe HMAC Comparison |
| CWE-668 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-668 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-668 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-668 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-668 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-668 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-668 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-668 | Ruby | rb/sensitive-get-query | Sensitive data read from GET request |
| CWE-668 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-668 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-669 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-669 | Ruby | rb/xxe | XML external entity expansion |
| CWE-669 | Ruby | rb/insecure-download | Download of sensitive file through insecure connection |
| CWE-669 | Ruby | rb/http-to-file-access | Network data written to file |
| CWE-671 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-674 | Ruby | rb/xxe | XML external entity expansion |
| CWE-691 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-691 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-691 | Ruby | rb/code-injection | Code injection |
| CWE-691 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-691 | Ruby | rb/xxe | XML external entity expansion |
| CWE-693 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-693 | Ruby | rb/jwt-missing-verification | JWT missing secret or public key verification |
| CWE-693 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-693 | Ruby | rb/improper-ldap-auth | Improper LDAP Authentication |
| CWE-693 | Ruby | rb/incomplete-hostname-regexp | Incomplete regular expression for hostnames |
| CWE-693 | Ruby | rb/incomplete-url-substring-sanitization | Incomplete URL substring sanitization |
| CWE-693 | Ruby | rb/regex/badly-anchored-regexp | Badly anchored regular expression |
| CWE-693 | Ruby | rb/regex/missing-regexp-anchor | Missing regular expression anchor |
| CWE-693 | Ruby | rb/overly-large-range | Overly permissive regular expression range |
| CWE-693 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-693 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-693 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-693 | Ruby | rb/request-without-cert-validation | Request without certificate validation |
| CWE-693 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-693 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-693 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-693 | Ruby | rb/weak-cryptographic-algorithm | Use of a broken or weak cryptographic algorithm |
| CWE-693 | Ruby | rb/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-693 | Ruby | rb/csrf-protection-disabled | CSRF protection weakened or disabled |
| CWE-693 | Ruby | rb/csrf-protection-not-enabled | CSRF protection not enabled |
| CWE-693 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-693 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-693 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-696 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-697 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-703 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-706 | Ruby | rb/zip-slip | Arbitrary file access during archive extraction ("Zip Slip") |
| CWE-706 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-706 | Ruby | rb/xxe | XML external entity expansion |
| CWE-707 | Ruby | rb/unicode-bypass-validation | Bypass Logical Validation Using Unicode Characters |
| CWE-707 | Ruby | rb/ldap-injection | LDAP Injection |
| CWE-707 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-707 | Ruby | rb/xpath-injection | XPath query built from user-controlled sources |
| CWE-707 | Ruby | rb/path-injection | Uncontrolled data used in path expression |
| CWE-707 | Ruby | rb/command-line-injection | Uncontrolled command line |
| CWE-707 | Ruby | rb/kernel-open | Use of Kernel.open, IO.read or similar sinks with user-controlled input |
| CWE-707 | Ruby | rb/non-constant-kernel-open | Use of Kernel.open or IO.read or similar sinks with a non-constant value |
| CWE-707 | Ruby | rb/shell-command-constructed-from-input | Unsafe shell command constructed from library input |
| CWE-707 | Ruby | rb/reflected-xss | Reflected server-side cross-site scripting |
| CWE-707 | Ruby | rb/stored-xss | Stored cross-site scripting |
| CWE-707 | Ruby | rb/html-constructed-from-input | Unsafe HTML constructed from library input |
| CWE-707 | Ruby | rb/sql-injection | SQL query built from user-controlled sources |
| CWE-707 | Ruby | rb/code-injection | Code injection |
| CWE-707 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-707 | Ruby | rb/bad-tag-filter | Bad HTML filtering regexp |
| CWE-707 | Ruby | rb/incomplete-multi-character-sanitization | Incomplete multi-character sanitization |
| CWE-707 | Ruby | rb/incomplete-sanitization | Incomplete string escaping or encoding |
| CWE-707 | Ruby | rb/log-injection | Log injection |
| CWE-707 | Ruby | rb/tainted-format-string | Use of externally-controlled format string |
| CWE-710 | Ruby | rb/hardcoded-data-interpreted-as-code | Hard-coded data interpreted as code |
| CWE-710 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-710 | Ruby | rb/http-to-file-access | Network data written to file |
| CWE-710 | Ruby | rb/useless-assignment-to-local | Useless assignment to local variable |
| CWE-710 | Ruby | rb/unused-parameter | Unused parameter |
| CWE-732 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-732 | Ruby | rb/overly-permissive-file | Overly permissive file permissions |
| CWE-755 | Ruby | rb/stack-trace-exposure | Information exposure through an exception |
| CWE-776 | Ruby | rb/xxe | XML external entity expansion |
| CWE-798 | Ruby | rb/hardcoded-credentials | Hard-coded credentials |
| CWE-807 | Ruby | rb/user-controlled-bypass | User-controlled bypass of security check |
| CWE-827 | Ruby | rb/xxe | XML external entity expansion |
| CWE-829 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-829 | Ruby | rb/xxe | XML external entity expansion |
| CWE-829 | Ruby | rb/insecure-download | Download of sensitive file through insecure connection |
| CWE-834 | Ruby | rb/xxe | XML external entity expansion |
| CWE-912 | Ruby | rb/hardcoded-data-interpreted-as-code | Hard-coded data interpreted as code |
| CWE-912 | Ruby | rb/http-to-file-access | Network data written to file |
| CWE-913 | Ruby | rb/unsafe-unsafeyamldeserialization | Deserialization of user-controlled yaml data |
| CWE-913 | Ruby | rb/server-side-template-injection | Server-side template injection |
| CWE-913 | Ruby | rb/code-injection | Code injection |
| CWE-913 | Ruby | rb/unsafe-code-construction | Unsafe code constructed from library input |
| CWE-913 | Ruby | rb/unsafe-deserialization | Deserialization of user-controlled data |
| CWE-913 | Ruby | rb/insecure-mass-assignment | Insecure Mass Assignment |
| CWE-915 | Ruby | rb/insecure-mass-assignment | Insecure Mass Assignment |
| CWE-916 | Ruby | rb/weak-sensitive-data-hashing | Use of a broken or weak cryptographic hashing algorithm on sensitive data |
| CWE-918 | Ruby | rb/request-forgery | Server-side request forgery |
| CWE-922 | Ruby | rb/clear-text-logging-sensitive-data | Clear-text logging of sensitive information |
| CWE-922 | Ruby | rb/clear-text-storage-sensitive-data | Clear-text storage of sensitive information |
| CWE-923 | Ruby | rb/insecure-dependency | Dependency download using unencrypted communication channel |
| CWE-943 | Ruby | rb/ldap-injection | LDAP Injection |
| CWE-943 | Ruby | rb/xpath-injection | XPath query built from user-controlled sources |
| CWE-943 | Ruby | rb/sql-injection | SQL query built from user-controlled sources |
| CWE-1275 | Ruby | rb/weak-cookie-configuration | Weak cookie configuration |
| CWE-1333 | Ruby | rb/polynomial-redos | Polynomial regular expression used on uncontrolled data |
| CWE-1333 | Ruby | rb/redos | Inefficient regular expression |
| CWE-1333 | Ruby | rb/regexp-injection | Regular expression injection |