PhantomYerra's rules carry exact CWE identifiers, so findings map directly to the MITRE CWE Top 25 Most Dangerous Software Weaknesses. The table below shows the highest-weighted entries.
| CWE | Weakness | Detected |
|---|---|---|
| CWE-787 | Out-of-bounds Write | Yes |
| CWE-79 | Cross-site Scripting | Yes |
| CWE-89 | SQL Injection | Yes |
| CWE-416 | Use After Free | Yes |
| CWE-78 | OS Command Injection | Yes |
| CWE-20 | Improper Input Validation | Yes |
| CWE-125 | Out-of-bounds Read | Yes |
| CWE-22 | Path Traversal | Yes |
| CWE-352 | Cross-Site Request Forgery | Yes |
| CWE-434 | Unrestricted File Upload | Yes |
| CWE-862 | Missing Authorization | Yes |
| CWE-476 | NULL Pointer Dereference | Yes |
| CWE-287 | Improper Authentication | Yes |
| CWE-190 | Integer Overflow | Yes |
| CWE-502 | Deserialization of Untrusted Data | Yes |
| CWE-77 | Command Injection | Yes |
| CWE-119 | Improper Memory Buffer Restriction | Yes |
| CWE-798 | Hard-coded Credentials | Yes |
| CWE-918 | Server-Side Request Forgery | Yes |
| CWE-306 | Missing Authentication | Yes |
Every PhantomYerra finding carries its CWE and the standard IDs it satisfies, so a one-click compliance report maps findings to CWE Top 25 automatically - alongside the EU Cyber Resilience Act and more.