This query could lead to SQL injection

• error
• java
• security
• framework specific
• mobile
• injection
• Android
• SQL
• OWASP Top 10

This method is vulnerable to SQL injection. Consider writing the query instead of relying on builders.

• error
• java
• security
• framework specific
• mobile
• injection
• SQL
• Android
• OWASP Top 10

This query could lead to SQL injection

• error
• java
• security
• framework specific
• mobile
• injection
• Android
• SQL
• OWASP Top 10

SQL Injection: SQLiteQueryBuilder compileStatement - Compliant

• compliant
• java
• security
• framework specific
• mobile
• injection
• Android
• SQL
• Android security set
• OWASP Top 10

This operating mode has been deprecated

• warning
• java
• security
• framework specific
• mobile
• Android

When using this value other applications will have access to your application's data

• error
• java
• security
• framework specific
• mobile
• Android
• Android security set

First argument is a regular expression, matching with dot might have unintended behaviour.

• error
• java
• security
• Java basic

Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Web

Prevent suffix pattern matching by setting UseSuffixPatternMatching to false

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Web

The verify method has been overridden, and always returns true

• warning
• java
• security
• web
• TLS
• OWASP Top 10

Could lead to Data Exposure

• error
• java
• security
• web
• TLS
• OWASP Top 10

Could lead to Data Exposure

• warning
• java
• security
• web
• TLS
• OWASP Top 10

Prevent log injection by filtering untrusted input

• info
• java
• security
• OWASP Top 10
• framework specific
• logging
• Logger
• injection

Custom permissions should be based on those of the super class using super.getPermissions

• warning
• java
• security
• Java basic
• SEI CERT

Encryptors.delux() uses a 'stronger' password-based encryption

• warning
• java
• Spring
• security
• framework specific
• Spring Security

Using Random can lead to predictable randomness

• error
• java
• security
• SEI CERT

Use SSLSocket instead of Socket/ServerSocket

• warning
• java
• security
• web
• SEI CERT

Encryptors.stronger() is more secure than Encryptors.standard()

• warning
• java
• Spring
• security
• framework specific
• Spring Security

Ensure the zip entry is validated for nesting depth and size

• warning
• java
• security
• Java basic

Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

• error
• xml
• Apache Maven
• Log4j
• OWASP Top 10
• SLF4J
• basic protection set
• framework specific
• injection
• logging
• security

Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

• error
• java
• kotlin
• Log4j
• OWASP Top 10
• SLF4J
• basic protection set
• framework specific
• injection
• logging
• security

Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

• error
• xml
• Apache Maven
• Log4j
• OWASP Top 10
• SLF4J
• basic protection set
• framework specific
• injection
• logging
• security

Consider allowlist validation for URLs passed to this method

• error
• java
• security
• mobile
• framework specific
• Android

Enabling file access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set

Enabling file access in the webview could lead to misuse

• error
• java
• security
• framework specific
• Android
• mobile
• Android security set