Forced Browsing | Access control | | ✅ | HIGH | API1:2023 |
Private data | Access control | ✅ | ✅ | HIGH | API3:2023 |
Private fields | Access control | ✅ | ✅ | HIGH | API1:2023 |
Tenant isolation | Access control | ✅ | ✅ | HIGH | API5:2023 |
Broken Object Level Authorization | Access control | ✅ | ✅ | MEDIUM | API1:2023 |
Public state-altering operation | Access control | ✅ | ✅ | MEDIUM | API5:2023 |
Sensitive endpoint bruteforce | Access control | ✅ | ✅ | MEDIUM | API3:2023 |
Authenticated route bypass | Access control | | ✅ | LOW | API2:2023 |
Springboot Actuator Restart Misconfiguration | Configuration | ✅ | ✅ | HIGH | API8:2023 |
Springboot Actuator Shutdown Misconfiguration | Configuration | ✅ | ✅ | HIGH | API8:2023 |
GraphQL Extension Disclosure | Configuration | ✅ | | MEDIUM | API8:2023 |
WAF Bypass | Configuration | ✅ | ✅ | MEDIUM | API8:2023 |
Automatic Persisted Queries | Configuration | ✅ | | LOW | API8:2023 |
Directory listing | Configuration | | ✅ | LOW | API1:2023 |
GraphQL IDE | Configuration | ✅ | | LOW | API7:2023 |
Proxy Disclosure | Configuration | | ✅ | LOW | API5:2023 |
Error type inconsistency | Configuration | ✅ | | INFO | API8:2023 |
Unhandled endpoint | Configuration | | ✅ | INFO | API2:2023 |
crashing page | Configuration | | ✅ | INFO | API8:2023 |
AWS Docker Config Exposure | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
AWStats Config Exposure | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
AWStats Exposure | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Airflow Config Exposure | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
AppVeyor Config Exposure | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Data leak | Information disclosure | ✅ | ✅ | HIGH | API1:2023 |
Exposed MySQL Config | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Exposed SQL Dumps | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Exposed settings.php | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Source code disclosure | Information disclosure | ✅ | | HIGH | API7:2023 |
Springboot Actuator Disclosure of Heap Dump | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Springboot Actuator Disclosure of Mappings | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Springboot Actuator Disclosure of Trace | Information disclosure | ✅ | ✅ | HIGH | API8:2023 |
Ansible Config Exposure | Information disclosure | ✅ | ✅ | MEDIUM | API8:2023 |
Azure Tenant ID Exposure | Information disclosure | ✅ | ✅ | MEDIUM | API8:2023 |
Field suggestion | Information disclosure | ✅ | | MEDIUM | API7:2023 |
Leaking authentication | Information disclosure | | ✅ | MEDIUM | API7:2023 |
Springboot Actuator Disclosure of Environment | Information disclosure | ✅ | ✅ | MEDIUM | API7:2023 |
Springboot Actuator Disclosure of Thread Dump | Information disclosure | ✅ | ✅ | MEDIUM | API8:2023 |
Stacktrace | Information disclosure | ✅ | ✅ | MEDIUM | API7:2023 |
Vulnerable Package | Information disclosure | ✅ | ✅ | MEDIUM | API8:2023 |
Debug mode | Information disclosure | ✅ | ✅ | LOW | API7:2023 |
Field Suggestion | Information disclosure | ✅ | ✅ | LOW | API3:2023 |
File disclosure | Information disclosure | | ✅ | LOW | API7:2023 |
Private IP | Information disclosure | | ✅ | LOW | API1:2023 |
Software Component Leak | Information disclosure | ✅ | ✅ | LOW | API8:2023 |
console error | Information disclosure | | ✅ | LOW | API8:2023 |
AWS Config Exposure | Information disclosure | ✅ | ✅ | INFO | API8:2023 |
Alibaba Canal Leak | Information disclosure | ✅ | ✅ | INFO | API8:2023 |
Appspec Exposure | Information disclosure | ✅ | ✅ | INFO | API8:2023 |
Introspection enabled | Information disclosure | ✅ | | INFO | API7:2023 |
Command Injection | Injection | ✅ | ✅ | HIGH | API10:2023 |
Deserialization Attack | Injection | | ✅ | HIGH | API10:2023 |
Directory traversal | Injection | | ✅ | HIGH | API10:2023 |
File inclusion | Injection | ✅ | | HIGH | API10:2023 |
Improper Input Validation Injection | Injection | ✅ | ✅ | HIGH | API10:2023 |
JWT Signature check | Injection | ✅ | ✅ | HIGH | API2:2023 |
JWT algorithm confusion | Injection | ✅ | ✅ | HIGH | API2:2023 |
JWT no algorithm | Injection | ✅ | ✅ | HIGH | API2:2023 |
LLM Excessive Agency | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM Insecure Output Handling | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM Insecure Plugin Design | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM JailBreak | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM Model Denial of Service | Injection | ✅ | ✅ | HIGH | API4:2023 |
LLM Model Theft | Injection | | | HIGH | API8:2023 |
LLM Overreliance | Injection | | | HIGH | API8:2023 |
LLM Prompt Injection | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM Sensitive Information Disclosure | Injection | ✅ | ✅ | HIGH | API8:2023 |
LLM Supply Chain Vulnerabilities | Injection | | | HIGH | API8:2023 |
LLM Training Data Poisoning | Injection | | | HIGH | API8:2023 |
Log4Shell | Injection | | ✅ | HIGH | API8:2023 |
Mass Assignment | Injection | | ✅ | HIGH | API1:2023 |
NoSQL Injection | Injection | ✅ | ✅ | HIGH | API9:2023 |
NoSQL Injection Stored | Injection | ✅ | | HIGH | API9:2023 |
SQL Injection | Injection | ✅ | ✅ | HIGH | API9:2023 |
SSTI (Server-Side Template Injection) | Injection | ✅ | ✅ | HIGH | API10:2023 |
Stored Improper Input Validation Injection | Injection | ✅ | | HIGH | API10:2023 |
XXE Injection | Injection | ✅ | ✅ | HIGH | API10:2023 |
CRLF Injection | Injection | ✅ | ✅ | MEDIUM | API10:2023 |
LLM Endpoint Detection | Injection | ✅ | ✅ | LOW | API8:2023 |
SSL Certificate | Protocol | ✅ | ✅ | HIGH | API2:2023 |
Server Error | Protocol | ✅ | ✅ | HIGH | API5:2023 |
TLS Configuration | Protocol | ✅ | ✅ | HIGH | API8:2023 |
TLS Configuration | Protocol | ✅ | ✅ | HIGH | API8:2023 |
TLS Configuration Ciphers | Protocol | ✅ | ✅ | HIGH | API8:2023 |
request smuggling | Protocol | ✅ | ✅ | HIGH | API8:2023 |
SSL enforced | Protocol | ✅ | ✅ | MEDIUM | API2:2023 |
TLS Configuration Server Defaults | Protocol | ✅ | ✅ | MEDIUM | API8:2023 |
TLS Configuration Server Preferences | Protocol | ✅ | ✅ | MEDIUM | API8:2023 |
TLS vulnerabilities | Protocol | ✅ | ✅ | MEDIUM | API8:2023 |
Access-Control-Allow-Origin Header | Protocol | ✅ | ✅ | LOW | API7:2023 |
CORS | Protocol | ✅ | | LOW | API7:2023 |
Cache Control Header | Protocol | ✅ | ✅ | LOW | API7:2023 |
Content Security Policy Header | Protocol | ✅ | ✅ | LOW | API7:2023 |
Content type | Protocol | ✅ | | LOW | API7:2023 |
Content-Type header | Protocol | ✅ | ✅ | LOW | API7:2023 |
Cookie Security | Protocol | ✅ | ✅ | LOW | API7:2023 |
Header leak | Protocol | ✅ | ✅ | LOW | API7:2023 |
Headers | Protocol | ✅ | ✅ | LOW | API2:2023 |
Strict Transport Security | Protocol | ✅ | ✅ | LOW | API7:2023 |
X-Content-Type-Options | Protocol | ✅ | ✅ | LOW | API7:2023 |
X-Frame-Options header | Protocol | ✅ | ✅ | LOW | API7:2023 |
Open redirection Forgery | Request forgery | ✅ | ✅ | HIGH | API3:2023 |
Partial SSRF | Request forgery | ✅ | ✅ | HIGH | API6:2023 |
Server Side Request Forgery | Request forgery | ✅ | ✅ | HIGH | API7:2023 |
GET based CSRF | Request forgery | ✅ | | MEDIUM | API2:2023 |
POST based CSRF | Request forgery | ✅ | | MEDIUM | API2:2023 |
SSRF Injection in headers | Request forgery | | ✅ | LOW | API10:2023 |
Resource limiting bypass | Resource limitation | ✅ | ✅ | HIGH | API4:2023 |
Depth limit | Resource limitation | ✅ | | MEDIUM | API4:2023 |
Directive overloading | Resource limitation | ✅ | | MEDIUM | API8:2023 |
Field limit | Resource limitation | ✅ | | MEDIUM | API4:2023 |
Large JSON input | Resource limitation | ✅ | | MEDIUM | API4:2023 |
Recursive Fragment | Resource limitation | ✅ | | MEDIUM | API8:2023 |
Alias limit | Resource limitation | ✅ | | LOW | API5:2023 |
Batch Limit | Resource limitation | ✅ | | LOW | API8:2023 |
Character limit | Resource limitation | ✅ | | LOW | API8:2023 |
Cyclic query | Resource limitation | ✅ | | LOW | API7:2023 |
Pagination missing | Resource limitation | ✅ | ✅ | LOW | API8:2023 |
Response size | Resource limitation | | ✅ | LOW | API7:2023 |
Unreachable server | Resource limitation | ✅ | ✅ | LOW | API8:2023 |
Width limit | Resource limitation | ✅ | | LOW | API4:2023 |
Cyclic Recursive Query | Resource limitation | ✅ | | INFO | API8:2023 |
Field Duplication | Resource limitation | ✅ | | INFO | API4:2023 |
Security timeout | Resource limitation | ✅ | ✅ | INFO | API7:2023 |
Mismatching persisted queries and schema | Schema | ✅ | | MEDIUM | API8:2023 |
Typing misconfiguration | Schema | ✅ | ✅ | MEDIUM | API10:2023 |
Zombie object | Schema | ✅ | | LOW | API9:2023 |
Duplicated object | Schema | ✅ | ✅ | INFO | API9:2023 |
GraphQL Response Format | Schema | ✅ | ✅ | INFO | API9:2023 |
Invalid Persisted Query | Schema | ✅ | | INFO | API9:2023 |
Invalid condition in allOf | Schema | | ✅ | INFO | API9:2023 |
Invalid parameters in path | Schema | | ✅ | INFO | API9:2023 |
Invalid references | Schema | | ✅ | INFO | API9:2023 |
Permissive JSON Input | Schema | ✅ | ✅ | INFO | API10:2023 |
Positive integer validation | Schema | ✅ | ✅ | INFO | API8:2023 |
Response type mismatch | Schema | ✅ | | INFO | API10:2023 |
Swagger rules | Schema | | ✅ | INFO | API9:2023 |
Undefined objects | Schema | ✅ | | INFO | API9:2023 |