What are you receiving in the response that leads you to believe it doesn’t, or what issues are you seeing the UI that match this CWE that you can’t retrieve using the API?
Also, if I go, for example, on the first issue rule, and look at the bottom description we can see that it corresponds to CWE 459, so I’m expecting that the api above returns the correct data.
When I’m following this steps to any issue that has a CWE corresponding to VULNERABILITY type, the api returns the desired data.
e.g calling this api http://localhost:9000/api/issues/search?componentKeys=GradleProject&tags=cwe&types=VULNERABILITY&cwe=259, the response is the following:
References in a rule-description does not necessarily mean that the issue is tied to a CWE in the backend (which you can filter to under the Security Category facet). Only vulnerabilities store this information in a structured way.