Vulnerabilities
Compliance
| Vulnerability Name | Compliance | Severity |
|---|---|---|
| AngularJS library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Application error message | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.26", "owasp10"=>"A5", "pci"=>"6.5.5"} |
medium
|
| ASP.NET debugging enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} |
low
|
| ASP.NET tracing enabled | {"ISO 27001"=>"A.5.33, A.5.34, A.8.4, A.8.9, A.8.12", "owasp10"=>"A5", "pci"=>"6.5.5"} |
high
|
| ASP.NET ViewState without MAC | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Axios library with known vulnerabilities library with known vulnerabilities library with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Axios library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Backbone library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Bootstrap library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Browser content sniffing allowed | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Browser XSS protection disabled | {"owasp10"=>"A5"} |
low
|
| Certificate with insufficient key size or usage, or insecure signature algorithm | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Certificate without revocation information | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Chart.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| CKEditor library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Cookie with SameSite attribute set to None | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24, A.8.26", "owasp10"=>"A2, A7", "pci"=>"4.1, 6.5.4, 6.5.10"} |
low
|
| Cookie without HttpOnly flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A7", "pci"=>"6.5.10"} |
low
|
| Cross Origin Resource Sharing: Arbitrary Origin Trusted | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} |
low
|
| Deprecated TLS protocol version 1.0 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Deprecated TLS protocol version 1.1 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Directory Listing | {"ISO 27001"=>"A.8.4, A.8.9", "owasp10"=>"A1, A5"} |
low
|
| Dojo library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| DOMPurify library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Drupal version with known vulnerabilities | {} |
high
|
| DWR library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| easyXDM library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Ember library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Expired TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
medium
|
| Flowplayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Full path disclosure | {"ISO 27001"=>"A.8.4, A.8.9", "pci"=>"6.5.5"} |
low
|
| GraphQL Introspection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| GraphQL Misconfiguration | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Handlebars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Heartbleed | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A6"} |
high
|
| Hidden file found | {"ISO 27001"=>"A.8.4, A.8.9, A.8.15, A.8.26", "owasp10"=>"A1, A5"} |
low
|
| HSTS header does not protect subdomains | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} |
low
|
| HSTS header not enforced | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} |
low
|
| HSTS header set in HTTP | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} |
low
|
| HSTS header with low duration and no subdomain protection | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} |
low
|
| HSTS header with low duration | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2, A5", "pci"=>"4.1, 6.5.4"} |
low
|
| HTTP TRACE method enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Inclusion of cryptocurrency mining script | {"owasp10"=>"A8"} |
high
|
| Insecure browser XSS protection enabled | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Insecure Content Security Policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Insecure crossdomain.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9, A.8.26", "owasp10"=>"A5"} |
low
|
| Insecure PHP Object deserialization | {"ISO 27001"=>"A.8.26", "owasp10"=>"A8"} |
high
|
| Insecure referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} |
low
|
| Insecure Silverlight clientaccesspolicy.xml policy | {"ISO 27001"=>"A.8.2, A.8.3, A.8.9", "owasp10"=>"A5"} |
high
|
| Insecure SSL protocol version 2 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
medium
|
| Insecure SSL protocol version 3 supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
medium
|
| Invalid referrer policy | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} |
low
|
| Joomla! version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
high
|
| jPlayer library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| JQuery library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| JQuery Migrate library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| JQuery Mobile library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| jQuery UI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| JSZip library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| JWT accepting none algorithm | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} |
high
|
| JWT algorithm confusion | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} |
high
|
| JWT signature is not being verified | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} |
high
|
| Knockout library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Log file disclosure | {"ISO 27001"=>"A.8.9, A.8.15", "owasp10"=>"A5"} |
low
|
| Log4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Missing clickjacking protection | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Missing Content Security Policy header | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5"} |
low
|
| Missing cross-site request forgery protection | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A7", "pci"=>"6.5.9, 6.5.10"} |
low
|
| Mixed content | {"ISO 27001"=>"A.5.14, A.8.24, A.8.26", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Moment.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| MongoDB Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Mustache library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Next.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Open redirection | {"ISO 27001"=>"A.8.26"} |
low
|
| OS command injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Path traversal | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A1", "pci"=>"6.5.8"} |
high
|
| PHP code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Plupload library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Potential DoS on TLS Client Renegotiation | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| prettyPhoto library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6"} |
low
|
| Private IP addresses disclosed | {"ISO 27001"=>"A.5.33, A.8.4, A.8.9, A.8.12", "owasp10"=>"A1, A5"} |
low
|
| Prototype library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Python code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| React library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Referrer policy not defined | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2, A5"} |
low
|
| Reflected cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} |
high
|
| Remote File Inclusion | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "pci"=>"6.5.1"} |
high
|
| Ruby code injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "pci"=>"6.5.1"} |
high
|
| Secure Renegotiation is not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Secure TLS protocol version 1.2 not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Server Cipher Order not configured | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
high
|
| Server-side JavaScript injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Server-side request forgery | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.4, A.8.12, A.8.26", "owasp10"=>"A10", "pci"=>"6.5.1"} |
high
|
| Server-side template injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| Session Token in URL | {"ISO 27001"=>"A.8.2, A.8.3, A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} |
medium
|
| Sessvars library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Spring Cloud SPEL Code Injection (CVE-2022-22963) | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} |
high
|
| Spring4Shell | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.9, A.8.12"} |
high
|
| SQL Injection | {"ISO 27001"=>"A.5.33, A.5.34, A.8.3, A.8.12, A.8.26", "owasp10"=>"A3", "pci"=>"6.5.1"} |
high
|
| SSL cookie without Secure flag | {"ISO 27001"=>"A.8.26", "owasp10"=>"A2, A7", "pci"=>"6.5.10"} |
low
|
| Stored cross-site scripting | {"ISO 27001"=>"A.8.26", "owasp10"=>"A3", "pci"=>"6.5.7"} |
high
|
| Svelte library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| SWFObject library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| TinyMCE library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5", "pci"=>"6.2"} |
low
|
| TLS certificate about to expire | {"ISO 27001"=>"A.8.9", "owasp10"=>"A2"} |
low
|
| TLS Downgrade attack prevention not supported | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
low
|
| Underscore.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Unencrypted communications | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
high
|
| Untrusted TLS certificate | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
medium
|
| Using jwk parameter to verify JWTs | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} |
high
|
| Vue.js library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
| Weak cipher suites enabled | {"ISO 27001"=>"A.5.14, A.8.9, A.8.24", "owasp10"=>"A2", "pci"=>"4.1, 6.5.4"} |
medium
|
| Weak JWT HMAC secret | {"ISO 27001"=>"A.8.2, A.8.3, A.8.5, A.8.24, A.8.26", "owasp10"=>"A8"} |
high
|
| WordPress plugin with known vulnerabilities | {"owasp10"=>"A5, A6", "pci"=>"6.2"} |
high
|
| WordPress version with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
high
|
| XML external entity injection | {"ISO 27001"=>"A.8.9, A.8.26", "owasp10"=>"A5"} |
high
|
| YUI library with known vulnerabilities | {"ISO 27001"=>"A.8.9", "owasp10"=>"A5, A6", "pci"=>"6.2"} |
low
|
