Vulnerabilities
Compliance
Vulnerability Name | Compliance | Severity |
---|---|---|
AngularJS library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Application error message | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.26", "owasp10"=>"A5", "pci"=>"6.5.5"} | medium |
ASP.NET debugging enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} | low |
ASP.NET tracing enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} | high |
ASP.NET ViewState without MAC | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Axios library with known vulnerabilities library with known vulnerabilities library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Axios library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Backbone library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Bootstrap library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Browser content sniffing allowed | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Browser XSS protection disabled | {"owasp10"=>"A5"} | low |
Certificate with insufficient key size or usage, or insecure signature algorithm | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Certificate without revocation information | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Chart.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
CKEditor library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Cookie with SameSite attribute set to None | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24, A.8.26", "owasp10"=>"A2, A7", "pci"=>"4.1, 6.5.4, 6.5.10"} | low |
Cookie without HttpOnly flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A7", "pci"=>"6.5.10"} | low |
Cross Origin Resource Sharing: Arbitrary Origin Trusted | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} | low |
Deprecated TLS protocol version 1.0 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Deprecated TLS protocol version 1.1 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Directory Listing | {"ISO 27001"=>"A.8.4, A.8.9", "owasp10"=>"A1, A5"} | low |
Dojo library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
DOMPurify library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Drupal version with known vulnerabilities | {} | high |
DWR library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
easyXDM library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Ember library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Expired TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Flowplayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Full path disclosure | {"ISO 27001"=>"A.8.4, A.8.9", "pci"=>"6.5.5"} | low |
GraphQL Introspection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
GraphQL Misconfiguration | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Handlebars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Heartbleed | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A6"} | high |
Hidden file found | {"ISO 27001"=>"A.8.4, A.8.9, A.8.15, A.8.26", "owasp10"=>"A1, A5"} | low |
HSTS header does not protect subdomains | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header not enforced | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header set in HTTP | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header with low duration and no subdomain protection | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HSTS header with low duration | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} | low |
HTTP TRACE method enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Inclusion of cryptocurrency mining script | {"owasp10"=>"A8"} | high |
Insecure browser XSS protection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Insecure Content Security Policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Insecure crossdomain.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9, A.8.26", "owasp10"=>"A5"} | low |
Insecure PHP Object deserialization | {"ISO 27001"=>"A.8.26", "owasp10"=>"A8"} | high |
Insecure referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
Insecure Silverlight clientaccesspolicy.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9", "owasp10"=>"A5"} | high |
Insecure SSL protocol version 2 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Insecure SSL protocol version 3 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Invalid referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
Joomla! version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
jPlayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery Migrate library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JQuery Mobile library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
jQuery UI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JSZip library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
JWT accepting none algorithm | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
JWT algorithm confusion | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
JWT signature is not being verified | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
Knockout library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Log file disclosure | {"ISO 27001"=>"A.8.9, A.8.15", "owasp10"=>"A5"} | low |
Log4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Missing clickjacking protection | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Missing Content Security Policy header | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} | low |
Missing cross-site request forgery protection | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"} | low |
Missing redirect to HTTPS | {} | low |
Mixed content | {"ISO 27001"=>"A.5.14, A.8.24, A.8.26", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Moment.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
MongoDB Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Mustache library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Next.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Open redirection | {"ISO 27001"=>"A.8.26"} | low |
OS command injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Path traversal | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} | high |
PHP code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Plupload library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Potential DoS on TLS Client Renegotiation | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
prettyPhoto library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6"} | low |
Private IP addresses disclosed | {"ISO 27001"=>"A.5.33, A.8.4, A.8.9, A.8.12", "owasp10"=>"A1, A5"} | low |
Prototype library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Python code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
React library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Referrer policy not defined | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} | low |
Reflected cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} | high |
Remote File Inclusion | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "pci"=>"6.5.1"} | high |
Ruby code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "pci"=>"6.5.1"} | high |
Secure Renegotiation is not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Secure TLS protocol version 1.2 not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Server Cipher Order not configured | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
Server-side JavaScript injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Server-side request forgery | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A10", "pci"=>"6.5.1"} | high |
Server-side template injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
Session Token in URL | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} | medium |
Sessvars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Spring Cloud SPEL Code Injection (CVE-2022-22963) | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} | high |
Spring4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} | high |
SQL Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} | high |
SSL cookie without Secure flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} | low |
Stored cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} | high |
Svelte library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
SWFObject library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
TinyMCE library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5", "pci"=>"6.2"} | low |
TLS certificate about to expire | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2"} | low |
TLS Downgrade attack prevention not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | low |
Underscore.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Unencrypted communications | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | high |
Untrusted TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Using jwk parameter to verify JWTs | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
Vue.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |
Weak cipher suites enabled | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} | medium |
Weak JWT HMAC secret | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} | high |
WordPress plugin with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
WordPress version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | high |
XML external entity injection | {"ISO 27001"=>"A.8.9, A.8.26", "owasp10"=>"A5"} | high |
YUI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} | low |