Bug Taxonomy

Vulnerabilities that enable unauthorized access, data exfiltration, privilege abuse, or remote code execution.

Breaks or drifts in schemas, types, and API contracts between components/services causing integration failures.

Incorrect branching, conditions, or arithmetic that produce wrong outcomes or hit impossible paths.

Violations of domain invariants or data integrity (e.g., duplicates, mismatched aggregates, migration drift).

Timing/order issues across threads/tasks/events (races, TOCTOU, double-exec, stale cache).

Missing or incorrect validation/handling that lets bad inputs or exceptions cascade into failures.

Improper allocation/lifetime of memory, handles, or descriptors leading to leaks or corruption.

Inefficiencies on critical paths (blocking work, pathological regexes, sync work in async flows).