| Vulnerability Name | Compliance | Severity |
|---|
| AngularJS library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Application error message | {"owasp10"=>"A5", "pci"=>"6.5.5"} | medium |
| ASP.NET debugging enabled | {"owasp10"=>"A5", "pci"=>"6.5.5"} | low |
| ASP.NET tracing enabled | {"owasp10"=>"A5", "pci"=>"6.5.5"} | high |
| ASP.NET ViewState without MAC | {"owasp10"=>"A5"} | low |
| Backbone library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Bootstrap library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Browser content sniffing allowed | {"owasp10"=>"A5"} | low |
| Browser XSS protection disabled | {"owasp10"=>"A5"} | low |
| Certificate with insufficient key size or usage, or insecure signature algorithm | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Certificate without revocation information | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| CKEditor library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Cookie without HttpOnly flag | {"owasp10"=>"A7", "pci"=>"6.5.10"} | low |
| Cross Origin Resource Sharing: Arbitrary Origin Trusted | {"owasp10"=>"A1", "pci"=>"6.5.8"} | low |
| Deprecated TLS protocol version 1.0 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Deprecated TLS protocol version 1.1 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Directory Listing | {"owasp10"=>"A1"} | low |
| Dojo library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| DOMPurify library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| DWR library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| easyXDM library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Ember library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Expired TLS certificate | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Flowplayer library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Full path disclosure | {"pci"=>"6.5.5"} | low |
| GraphQL Introspection enabled | {"owasp10"=>"A5"} | low |
| Handlebars library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Heartbleed | {"owasp10"=>"A6"} | high |
| HSTS header does not protect subdomains | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header not enforced | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header set in HTTP | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header with low duration and no subdomain protection | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HSTS header with low duration | {"owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
| HTTP TRACE method enabled | {"owasp10"=>"A5"} | low |
| Inclusion of cryptocurrency mining script | {} | high |
| Insecure Content Security Policy | {"owasp10"=>"A5"} | low |
| Insecure crossdomain.xml policy | {"owasp10"=>"A5"} | low |
| Insecure PHP Object deserialization | {"owasp10"=>"A8"} | high |
| Insecure referrer policy | {"owasp10"=>"A2, A5"} | low |
| Insecure Silverlight clientaccesspolicy.xml policy | {"owasp10"=>"A5"} | high |
| Insecure SSL protocol version 2 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Insecure SSL protocol version 3 supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Invalid referrer policy | {"owasp10"=>"A2, A5"} | low |
| Joomla! version with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| jPlayer library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery Migrate library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| JQuery Mobile library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| jQuery UI library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Knockout library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Log file disclosure | {"owasp10"=>"A5"} | low |
| Log4Shell | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Missing clickjacking protection | {"owasp10"=>"A5"} | low |
| Missing Content Security Policy header | {"owasp10"=>"A5"} | low |
| Missing cross-site request forgery protection | {"owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"} | low |
| Missing redirect to HTTPS | {} | low |
| Mixed content | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Moment.js library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Mustache library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Open redirection | {} | low |
| OS command injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Path traversal | {"owasp10"=>"A1", "pci"=>"6.5.8"} | high |
| PHP code injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Plupload library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Potential DoS on TLS Client Renegotiation | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| prettyPhoto library with known vulnerabilities | {"owasp10"=>"A5, A6"} | low |
| Private IP addresses disclosed | {} | low |
| Prototype library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| React library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Referrer policy not defined | {"owasp10"=>"A2, A5"} | low |
| Reflected cross-site scripting | {"owasp10"=>"A3", "pci"=>"6.5.7"} | high |
| Remote File Inclusion | {} | high |
| Secure Renegotiation is not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Secure TLS protocol version 1.2 not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Server Cipher Order not configured | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
| Server-side JavaScript injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Server-side template injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| Session Token in URL | {"owasp10"=>"A2, A7", "pci"=>"6.5.10"} | medium |
| Sessvars library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Spring Cloud SPEL Code Injection (CVE-2022-22963) | {} | high |
| Spring4Shell | {} | high |
| SQL Injection | {"owasp10"=>"A3", "pci"=>"6.5.1"} | high |
| SSL cookie without Secure flag | {"owasp10"=>"A2, A7", "pci"=>"6.5.10"} | low |
| Stored cross-site scripting | {"owasp10"=>"A3", "pci"=>"6.5.7"} | high |
| SWFObject library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| TinyMCE library with known vulnerabilities | {"owasp10"=>"A5", "pci"=>"6.2"} | low |
| TLS certificate about to expire | {"owasp10"=>"A2"} | low |
| TLS Downgrade attack prevention not supported | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
| Unencrypted communications | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
| Untrusted TLS certificate | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| Vue.js library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
| Weak cipher suites enabled | {"owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
| WordPress plugin with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| WordPress version with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
| XML external entity injection | {"owasp10"=>"A5"} | high |
| YUI library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
