Skip to content

Vulnerability Class Index

Luigi Colluto edited this page Jul 14, 2026 · 1 revision

Vulnerability Class Index

A curated, persistent reference of the vulnerability classes most likely to hide real bugs in each kind of software. It lives in argo/data/vuln_index.yaml and is injected into the recon stage as reference β€” "use the relevant ones, do not limit yourself to them" β€” and surfaced in the web UI's Vuln index page. It complements, never replaces the model's own dynamic discovery.

Once recon has classified the target's archetype, the matching section below is what gets folded into the generated audit prompts as an "also consider these" checklist. Each entry is a {CWE, class, where it tends to hide} triple. It is 9 archetype groups, 64 entries β€” reproduced here so contributors can see and improve the exact reference without reading the YAML.

This is advisory context, not an allowlist. A finding outside these classes is just as valid β€” the index exists to raise recall on the expected classes for weaker models and to keep coverage consistent across runs, not to cap what the audit looks for.

web_api_cms β€” web apps, HTTP/GraphQL APIs, CMSes

CWE Class Where it hides
CWE-89 SQL / NoSQL injection unparameterized queries, ORM raw fragments, search/filter passthrough
CWE-79 XSS (stored / reflected / DOM) template auto-escaping bypass, rich-text/markdown sanitizer gaps
CWE-639 IDOR / BOLA object access by client-supplied id without an ownership check
CWE-862 Missing function-level authz state-changing endpoints lacking a policy/role check
CWE-918 SSRF user-controlled URL reaching an outbound HTTP client / metadata
CWE-915 Mass assignment binding request bodies straight onto models (privilege fields)
CWE-22 Path traversal / file access user input in file paths, upload handlers, template includes
CWE-502 Insecure deserialization native serializers on untrusted input
CWE-384 Auth / session flaws reset/invite tokens, fixation, SameSite/cookie prefix, JWT alg

plugin_extension β€” plugins, extensions, mods

CWE Class Where it hides
CWE-94 Placeholder / format-string injection user text re-entering the host placeholder/template engine
CWE-77 Command dispatch to host config/user-driven commands run as console/host with privilege
CWE-862 Permission-node / capability bypass missing or inverted host permission checks; offline-mode identity
CWE-502 Unsafe config/YAML deserialization non-safe SnakeYAML/pickle constructors on any non-trusted document
CWE-306 Unauthenticated cross-instance protocol hand-rolled socket/IPC with weak/no auth, plaintext, no integrity
CWE-1333 ReDoS in config-compiled regex blacklist/anti-spam/url filters run on user input
CWE-494 Runtime download supply chain fetching jars/plugins validated by weak hash / no signature
CWE-200 Secret leak via debug/diagnostics status dumps exposing tokens/keys not masked

library_sdk β€” libraries, SDKs, frameworks

CWE Class Where it hides
CWE-1188 Insecure default a footgun default (verification off, permissive parser) a caller inherits
CWE-502 Deserialization / parsing parsers that instantiate types or recurse on hostile input
CWE-1333 ReDoS / algorithmic complexity regexes and parsers with super-linear worst case on attacker input
CWE-787 Memory safety (native libs) OOB read/write, integer over/underflow, UAF/double-free on attacker-controlled length/offset/count
CWE-327 Crypto misuse weak primitives, static IV/nonce, non-constant-time comparison
CWE-326 Weak/short MAC or key truncated auth tags, short/hardcoded/zero-default keys, MAC not covering all bytes, weak KDF
CWE-294 Missing replay/freshness authenticated messages with no counter/nonce/timestamp; sender-elected integrity that fails open
CWE-89 Injection passthrough helpers that build queries/commands/paths from caller data unsanitized
CWE-400 Resource exhaustion unbounded allocation/recursion from a size/count field

firmware β€” firmware, embedded, protocol stacks

CWE Class Where it hides
CWE-787 Out-of-bounds write memcpy/array-index from attacker-controlled length/offset/count in a frame/packet parser
CWE-125 Out-of-bounds read reading header/length fields before validating the minimum frame size
CWE-190 Integer overflow / underflow signed/unsigned & width-truncation in length/offset math; size_t underflow on length - header
CWE-416 Use-after-free / double-free packet/buffer-pool lifecycle β€” free-then-use, double-ownership, refcount errors
CWE-306 Unauthenticated management surface reserved/management commands (reboot, memory peek/poke, route/clock set) with no auth
CWE-330 Predictable / weak randomness sequence numbers, nonces, tokens from rand()/clock seeds instead of a CSPRNG
CWE-770 Resource / connection exhaustion fixed connection pools, half-open state, shared static queues exhausted by unauthenticated frames
CWE-294 Protocol replay / weak integrity CRC-as-trust, missing replay window, truncated/uncovered MAC, sender-elected integrity that fails open

cli_desktop β€” CLI tools and desktop apps

CWE Class Where it hides
CWE-78 OS command / argument injection argv/env/config interpolated into a shell or exec
CWE-22 Path traversal / symlink user paths, archive extraction (zip-slip), temp-file races
CWE-269 Privilege / setuid issues dropping privileges incorrectly, world-writable install paths
CWE-494 Insecure update mechanism unsigned/over-HTTP updates, no integrity on downloaded code
CWE-312 Local secret storage credentials/tokens in plaintext config or logs
CWE-502 Local-file deserialization loading project/state files that can execute code

agent_llm_mcp β€” agents, LLM apps, MCP servers

CWE Class Where it hides
CWE-77 Prompt injection (direct/indirect) untrusted content steering tool use; data exfil via tool outputs
CWE-94 Unsafe tool invocation tool args derived from model/untrusted text reaching code-exec/shell
CWE-829 Untrusted tool-output feedback tool results re-entering context and being trusted as instructions
CWE-693 Sandbox / permission escape tools that can read/write/network beyond the intended boundary
CWE-200 Secret exposure to the model keys/PII placed in the prompt or reachable via a tool
CWE-918 SSRF via tools fetch/browse tools with attacker-influenced URLs

mobile β€” mobile apps

CWE Class Where it hides
CWE-312 Insecure local storage secrets/PII in shared prefs, plists, unencrypted DB
CWE-927 Exported component / IPC exported activities/services/receivers, intent redirection
CWE-939 Deeplink / URL-scheme hijack unvalidated deeplink params driving sensitive actions
CWE-749 WebView / JS bridge addJavascriptInterface exposure, file:// access, mixed content
CWE-295 Improper cert validation disabled pinning / trust-all managers

data_ml β€” data & ML pipelines

CWE Class Where it hides
CWE-502 Model / pickle deserialization loading model/checkpoint/notebook files that execute code
CWE-94 UDF / notebook code execution user-supplied transforms/expressions evaluated unsandboxed
CWE-89 Query / pipeline injection dynamic SQL/SparkSQL/templating in ETL steps
CWE-918 SSRF in data fetch ingesting from attacker-influenced URLs/paths
CWE-1395 Model/dataset supply chain untrusted weights/datasets pulled without integrity

general β€” applied to every target regardless of archetype

CWE Class Where it hides
CWE-200 Sensitive-data exposure secrets/PII via logs, errors, debug dumps, verbose responses
CWE-285 Improper authorization checks declared but not enforced on every path
CWE-20 Improper input validation missing length/type/allow-list before a sink
CWE-400 Resource exhaustion / DoS unbounded allocation/recursion/connection from an attacker-controlled size/count; census every untrusted-driven collection
CWE-248 Panic / abort DoS (memory-safe) unwrap/expect/unreachable/index/overflow/parse reachable from untrusted input; census every panic point
CWE-532 Secrets in logs / sinks passwords/tokens/keys/SASL written to logs, telemetry, errors, caches, crash reports
CWE-489 Leftover debug / test code backdoors, hard-coded credentials, debug endpoints
CWE-1104 Outdated / vulnerable deps pinned versions with known advisories (cross-referenced by the SCA stage)

How this connects to the rest of the pipeline

  • The coverage checklist and variant census turn several of these classes (resource exhaustion, panic census, memory-safety, insecure-defaults/fail-open) into deterministic, code-injected lenses that can't be dropped by the recon model's focus choices.
  • The CWE-1104 outdated-deps class is what the SCA stage automates β€” reading dependency manifests and flagging pinned versions with known advisories as a dependencies focus.
  • CWEs assigned here flow all the way to the dedup key and the benchmark's CWE-sliced precision/recall.

Related

Clone this wiki locally