| 200000-1 |
SQL Injection - Single Quote (before) |
alpha |
High |
Tool |
| 200000-2 |
SQL Injection - Double Quote (before) |
alpha |
High |
Tool |
| 200000-3 |
SQL Injection - Single Quote (after) |
alpha |
High |
Tool |
| 200000-4 |
SQL Injection - Double Quote (after) |
alpha |
High |
Tool |
| 200001 |
OS Command Injection - Unix cat /etc/passwd (pipe) |
alpha |
High |
Tool |
| 200002-1 |
XSS - Unfiltered <script> tag |
alpha |
High |
Tool |
| 200002-2 |
XSS - Script tag after noscript tag |
alpha |
High |
Tool |
| 200002-3 |
XSS - Svg tag with animation event |
alpha |
High |
Tool |
| 200002-4 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-5 |
XSS - Img onerror |
alpha |
High |
Tool |
| 200002-6 |
XSS - attribute context img onerror |
alpha |
High |
Tool |
| 200002-7 |
XSS - SVG onload polyglot |
alpha |
High |
Tool |
| 200002-8 |
XSS - JS string break-out |
alpha |
High |
Tool |
| 200002-9 |
XSS - JS template literal break-out |
alpha |
High |
Tool |
| 200002-10 |
XSS - JS expression replacement |
alpha |
High |
Tool |
| 200002-11 |
XSS - JS single-quoted string break-out |
alpha |
High |
Tool |
| 200002-12 |
XSS - JS slash/regex literal break-out |
alpha |
High |
Tool |
| 200002-13 |
XSS - JS block comment break-out |
alpha |
High |
Tool |
| 200002-14 |
XSS - double-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-15 |
XSS - single-quoted attribute event injection |
alpha |
High |
Tool |
| 200002-16 |
XSS - unquoted attribute event injection |
alpha |
High |
Tool |
| 200002-17 |
XSS - attribute-name event injection |
alpha |
High |
Tool |
| 200002-18 |
XSS - tag-name SVG onload injection |
alpha |
High |
Tool |
| 200003-1 |
JWT Probe (Authorization + JWT cookies removed) |
alpha |
High |
Tool |
| 200003-2 |
JWT Probe (Authorization header removed) |
alpha |
High |
Tool |
| 200003-3 |
JWT Probe (JWT cookies removed) |
alpha |
High |
Tool |
| 200003-4 |
JWT None Algorithm (Cookie) |
alpha |
High |
Tool |
| 200003-5 |
JWT None Algorithm (Form body param) |
alpha |
High |
Tool |
| 200003-6 |
JWT None Algorithm (Authorization header) |
alpha |
High |
Tool |
| 200003-7 |
JWT None Algorithm (JSON body) |
alpha |
High |
Tool |
| 200004-1 |
Exposure of Git repository |
alpha |
Medium |
Tool |
| 200004-2 |
Exposure of SVN repository |
alpha |
Medium |
Tool |
| 200004-3 |
Exposure of Mercurial repository |
alpha |
Medium |
Tool |
| 200005-1 |
Missing Content-Security-Policy header |
alpha |
Low |
Tool |
| 200005-2 |
CSP allows inline/eval or wildcards in script/style |
alpha |
Low |
Tool |
| 200005-3 |
CSP 'frame-ancestors' missing or overly broad |
alpha |
Low |
Tool |
| 200005-4 |
CSP Report-Only present without enforcing CSP |
alpha |
Low |
Tool |
| 200005-5 |
Missing Strict-Transport-Security header (on HTTPS) |
alpha |
Low |
Tool |
| 200005-6 |
Strict-Transport-Security sent over HTTP (ineffective) |
alpha |
Low |
Tool |
| 200005-7 |
HSTS max-age too low or missing includeSubDomains |
alpha |
Low |
Tool |
| 200005-8 |
X-Powered-By header or equivalent present |
alpha |
Low |
Tool |
| 200005-9 |
Server banner discloses software/version |
alpha |
Low |
Tool |
| 200005-10 |
Missing or invalid X-Content-Type-Options |
alpha |
Low |
Tool |
| 200005-11 |
X-XSS-Protection header is a legacy directive |
alpha |
Low |
Tool |
| 200005-12 |
Expect-CT is deprecated |
alpha |
Low |
Tool |
| 200005-13 |
COOP set without COEP/CORP (incomplete cross-origin isolation) |
alpha |
Low |
Tool |
| 200005-14 |
COEP present but value is not 'require-corp' or 'credentialless' |
alpha |
Low |
Tool |
| 200005-15 |
Deprecated Feature-Policy or unknown/overly-permissive Permissions-Policy |
alpha |
Low |
Tool |
| 200005-16 |
Missing or weak Referrer-Policy |
alpha |
Low |
Tool |
| 200005-17 |
Clear-Site-Data present but missing executionContexts |
alpha |
Low |
Tool |
| 200005-18 |
Clear-Site-Data uses wildcard * |
alpha |
Low |
Tool |
| 200005-19 |
CORS allows any origin with credentials |
alpha |
Low |
Tool |
| 200005-20 |
Sensitive cookies missing security flags |
alpha |
Low |
Tool |
| 200005-21 |
Potentially authenticated content lacks no-store |
alpha |
Low |
Tool |
| 200005-22 |
Public-Key-Pins is deprecated |
alpha |
Low |
Tool |
| 200005-23 |
COOP present but value is not 'same-origin' |
alpha |
Low |
Tool |
| 200006-1 |
Credit Card Number |
alpha |
Low |
Tool |
| 200006-2 |
Social Security Number |
alpha |
Low |
Tool |
| 200007 |
SPA hash DOM XSS |
alpha |
High |
Tool |
| 200008 |
ws:// from HTTPS context |
alpha |
Low |
Tool |
| 200009-1 |
JavaScript includes sourceMappingURL |
alpha |
Low |
Tool |
| 200009-2 |
HTML references .map files |
alpha |
Low |
Tool |
| 200009-3 |
Webpack dev-server / hot reload artifacts |
alpha |
Low |
Tool |
| 200009-4 |
Next.js build metadata exposed |
alpha |
Low |
Tool |
| 200010-1 |
Node.js / Express stack trace |
alpha |
Medium |
Tool |
| 200010-2 |
Java stack trace |
alpha |
Medium |
Tool |
| 200010-3 |
.NET stack trace / YSOD |
alpha |
Medium |
Tool |
| 200010-4 |
Python traceback |
alpha |
Medium |
Tool |
| 200010-5 |
PHP fatal error / warning |
alpha |
Medium |
Tool |
| 200010-6 |
Internal file path disclosure |
alpha |
Medium |
Tool |
| 200011-1 |
Private key material exposed |
alpha |
Low |
Tool |
| 200011-2 |
AWS Access Key ID pattern |
alpha |
Low |
Tool |
| 200011-3 |
Slack token pattern |
alpha |
Low |
Tool |
| 200011-4 |
GitHub token pattern |
alpha |
Low |
Tool |
| 200011-5 |
Sentry DSN exposed |
alpha |
Low |
Tool |
| 200011-6 |
Firebase config exposed |
alpha |
Low |
Tool |
| 200011-7 |
Stripe publishable key exposed |
alpha |
Low |
Tool |
| 200011-8 |
Mapbox token exposed |
alpha |
Low |
Tool |
| 200011-9 |
Google API key pattern |
alpha |
Low |
Tool |
| 200012-1 |
Swagger UI detected |
alpha |
Informational |
Tool |
| 200012-2 |
OpenAPI spec detected |
alpha |
Informational |
Tool |
| 200012-3 |
API docs endpoint observed |
alpha |
Informational |
Tool |
| 200012-4 |
GraphQL endpoint observed |
alpha |
Informational |
Tool |
| 200012-5 |
GraphiQL / GraphQL Playground detected |
alpha |
Informational |
Tool |
| 200013-1 |
security.txt observed |
alpha |
Informational |
Tool |
| 200013-2 |
OIDC well-known configuration observed |
alpha |
Informational |
Tool |
| 200013-3 |
Android assetlinks.json observed |
alpha |
Informational |
Tool |
| 200013-4 |
Apple app-site-association observed |
alpha |
Informational |
Tool |
| 200014-1 |
access_token/id_token in URL |
alpha |
Medium |
Tool |
| 200014-2 |
JWT-like value in URL |
alpha |
Medium |
Tool |
| 200014-3 |
api_key/key in URL |
alpha |
Medium |
Tool |
| 200015-1 |
Open redirect candidate parameter |
alpha |
Informational |
Tool |
| 200015-2 |
SSRF / webhook URL candidate parameter |
alpha |
Informational |
Tool |
| 200015-3 |
File/path candidate parameter |
alpha |
Informational |
Tool |
| 200015-4 |
IDOR candidate parameter |
alpha |
Informational |
Tool |
| 200016-1 |
Internal IP address leaked in response |
alpha |
Low |
Tool |
| 200016-2 |
localhost/127.0.0.1 referenced in response |
alpha |
Low |
Tool |
| 200016-3 |
Environment hints (dev/staging/test) in response |
alpha |
Low |
Tool |
| 200016-4 |
Cloud metadata IP referenced |
alpha |
Low |
Tool |
| 200017-1 |
Dynamic ACAO without Vary: Origin |
alpha |
Low |
Tool |
| 200017-2 |
CORS allows broad methods |
alpha |
Low |
Tool |
| 200017-3 |
CORS allows broad headers |
alpha |
Low |
Tool |
| 200018 |
Cache-Control public/max-age with Set-Cookie |
alpha |
Low |
Tool |
| 200019-1 |
Admin/management path observed |
alpha |
Informational |
Tool |
| 200019-2 |
Debug/diagnostic path observed |
alpha |
Informational |
Tool |
| 200019-3 |
Spring Boot actuator endpoint observed |
alpha |
Informational |
Tool |
| 200019-4 |
Swagger/OpenAPI path observed |
alpha |
Informational |
Tool |
| 200019-5 |
GraphQL path observed |
alpha |
Informational |
Tool |
| 200019-6 |
Potential backup file observed |
alpha |
Informational |
Tool |
| 200019-7 |
Environment/config file observed |
alpha |
Informational |
Tool |
| 200019-8 |
Potential .git exposure path observed |
alpha |
Informational |
Tool |
| 200019-9 |
phpinfo endpoint observed |
alpha |
Informational |
Tool |
| 210000-1 |
DOM XSS via inline event handler |
alpha |
High |
Tool |
| 210000-2 |
DOM XSS via Element.innerHTML |
alpha |
High |
Tool |
| 210000-3 |
DOM XSS via Element.outerHTML |
alpha |
High |
Tool |
| 210000-4 |
DOM XSS via insertAdjacentHTML |
alpha |
High |
Tool |
| 210000-5 |
DOM XSS via document.write |
alpha |
High |
Tool |
| 210000-6 |
DOM XSS via DOM mutations |
alpha |
High |
Tool |
| 210001-1 |
Dynamic code execution via eval |
alpha |
High |
Tool |
| 210001-2 |
Dynamic code execution via Function constructor |
alpha |
High |
Tool |
| 210001-3 |
Dynamic code execution via Function.apply |
alpha |
High |
Tool |
| 210002-1 |
Open redirect via window.open |
alpha |
Low |
Tool |
| 210002-2 |
Open redirect via Navigation API |
alpha |
Low |
Tool |
| 210003-1 |
javascript: URL assigned to href |
alpha |
High |
Tool |
| 210003-2 |
javascript: URL navigated via location.href |
alpha |
High |
Tool |
| 210003-3 |
javascript: URL assigned to iframe.src |
alpha |
High |
Tool |
| 210003-4 |
data: URL assigned to script.src |
alpha |
High |
Tool |
| 210004-1 |
Route-controlled history.replaceState |
alpha |
Medium |
Tool |
| 210004-2 |
Route-controlled Navigation API transition |
alpha |
Medium |
Tool |
| 210005-1 |
Form action manipulated by tainted route or body input |
alpha |
Medium |
Tool |
| 210005-2 |
formAction manipulated by tainted route or body input |
alpha |
Medium |
Tool |
| 210006-1 |
javascript: URL assigned to form action |
alpha |
High |
Tool |
| 210006-2 |
javascript: URL assigned to formAction |
alpha |
High |
Tool |
| 210007-1 |
Response field rendered via innerHTML |
alpha |
High |
Tool |
| 210007-2 |
Response field rendered via document.write |
alpha |
High |
Tool |
| 210008 |
Prototype pollution influenced fetch() init |
alpha |
High |
Tool |
| 220000-1 |
Disallow innerHTML/outerHTML assignments |
alpha |
High |
Tool |
| 220000-2 |
Review uses of appendChild |
alpha |
High |
Tool |
| 220000-3 |
Disallow document.write()/writeln() |
alpha |
High |
Tool |
| 220000-4 |
Review DOMParser.parseFromString with dynamic HTML/XML |
alpha |
High |
Tool |
| 220000-5 |
template.innerHTML with dynamic content |
alpha |
High |
Tool |
| 220000-6 |
Inline event handler built from dynamic data |
alpha |
High |
Tool |
| 220000-7 |
Disallow insertAdjacentHTML() |
alpha |
High |
Tool |
| 220000-8 |
DOM-based XSS (taint flow) |
alpha |
High |
Tool |
| 220000-9 |
DOM XSS via innerHTML (Angular) |
alpha |
High |
Tool |
| 220001-1 |
Disallow direct document.cookie assignment (incl. bracket access) |
alpha |
Medium |
Tool |
| 220001-2 |
DOM-based Cookie Manipulation (taint flow) |
alpha |
Medium |
Tool |
| 220002-1 |
Disallow direct navigation primitives |
alpha |
Medium |
Tool |
| 220002-2 |
Same-origin URL mutations |
alpha |
Medium |
Tool |
| 220002-3 |
DOM-based Open Redirection (taint flow) |
alpha |
Medium |
Tool |
| 220003-1 |
Avoid string-based timers |
alpha |
High |
Tool |
| 220003-2 |
Avoid execScript dynamic execution |
alpha |
High |
Tool |
| 220003-3 |
Avoid eval with string literals |
alpha |
High |
Tool |
| 220003-4 |
Avoid Function constructor with strings |
alpha |
High |
Tool |
| 220003-5 |
DOM-based JavaScript Injection (taint flow) |
alpha |
High |
Tool |