CWE-2011 advisories

Improper Input Validation

What it is

Input is not validated for type, range or format before use, enabling downstream attacks.

How to fix it

Upgrade and add strict validation at the trust boundary.

How to avoid it

Validate and normalize all input against an explicit schema before it is used.

Known Improper Input Validation vulnerabilities

WEB3-ABRACADABRA-2025 — critical · Web3 · Arbitrum/Abracadabra Money (GmxV2 Cauldron / MIM) · exploited
CVE-2025-1974 — critical · Kubernetes/ingress-nginx (Ingress-NGINX Controller for Kubernetes)
WEB3-VOW-2024 — high · Web3 · Ethereum/Vow (Vowcurrency) USD rate setter
WEB3-UWULEND-2024 — critical · Web3 · Ethereum/UwU Lend · exploited
WEB3-INVERSE-2022 — critical · Web3 · Ethereum/Inverse Finance · exploited
WEB3-WORMHOLE-2022 — critical · Web3 · Solana/Wormhole · exploited
WEB3-QUBIT-2022 — critical · Web3 · BNB Chain/Qubit Finance (QBridge) · exploited
WEB3-PICKLE-2020 — critical · Web3 · Ethereum/Pickle Finance · exploited
WEB3-AKROPOLIS-2020 — critical · Web3 · Ethereum/Akropolis Delphi · exploited
WEB3-HARVEST-2020 — critical · Web3 · Ethereum/Harvest Finance · exploited
WEB3-BZX-2020 — critical · Web3 · Ethereum/bZx Protocol · exploited

Stateward flags Improper Input Validation in your own code and dependencies on every pull request.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.