- Checkmarx Documentation
- Checkmarx SAST
- SAST Release Notes
- Engine Pack Versions and Delivery Model
- Engine Pack Version 9.6.7
- Queries Severity Revision
Queries Severity Revision
This page lists the queries that will have their severity updated as part of adding Critical as a new severity level:
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Apex_Force_com_Code_Quality | Async_Future_Method_Inside_Loops | Low | Information | 0 |
Apex_Force_com_Code_Quality | DML_Statements_Inside_Loops | Low | Information | 0 |
Apex_Force_com_Code_Quality | Hardcoding_Ids | Low | Information | 0 |
Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_New | Low | Information | 0 |
Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_Old | Low | Information | 0 |
Apex_Force_com_Code_Quality | Hardcoding_References_To_Static_Resources | Low | Information | 0 |
Apex_Force_com_Code_Quality | Multiple_Forms_In_Visualforce_Page | Low | Information | 0 |
Apex_Force_com_Code_Quality | Multiple_Trigger_On_same_sObject | Low | Information | 0 |
Apex_Force_com_Code_Quality | Queries_With_No_Where_Or_Limit_Clause | Low | Information | 0 |
Apex_Force_com_Code_Quality | SOSL_SOQL_Statments_Inside_Loops | Low | Information | 0 |
Apex_Force_com_Code_Quality | Use_of_Hard_Coded_Cryptographic_Key | Low | Medium | 321 |
Apex_Force_com_Critical_Security_Risk | Resource_Injection | High | Medium | 99 |
Apex_Force_com_Critical_Security_Risk | Stored_XSS | High | Critical | 79 |
Apex_Low_Visibility | Privacy_Violation | Low | Medium | 359 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
ASP_High_Risk | Code_Injection | High | Critical | 94 |
ASP_High_Risk | Command_Injection | High | Critical | 77 |
ASP_High_Risk | Resource_Injection | High | Medium | 99 |
ASP_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
ASP_High_Risk | SQL_Injection | High | Critical | 89 |
ASP_High_Risk | Stored_XSS | High | Critical | 79 |
ASP_High_Risk | XPath_Injection | High | Medium | 643 |
ASP_Low_Visibility | Hardcoded_password_in_Connection_String | Low | Medium | 547 |
ASP_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
ASP_Low_Visibility | Open_Redirect | Low | Medium | 601 |
ASP_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
ASP_Medium_Threat | Path_Traversal | Medium | High | 22 |
ASP_Medium_Threat | Stored_Code_Injection | Medium | Critical | 94 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Cobol_High_Risk | Command_Injection | High | Critical | 77 |
Cobol_High_Risk | Resource_Injection | High | Medium | 99 |
Cobol_High_Risk | Sql_Injection | High | Critical | 89 |
Cobol_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Cobol_Medium_Threat | Path_Traversal | Medium | High | 22 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
CPP_Buffer_Overflow | Buffer_Improper_Index_Access | High | Critical | 129 |
CPP_Buffer_Overflow | Buffer_Overflow_AddressOfLocalVarReturned | Medium | High | 562 |
CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy2 | Medium | High | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_cin | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_cpycat | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_fgets | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_Indexes | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_IndexFromInput | High | Critical | 787 |
CPP_Buffer_Overflow | Buffer_Overflow_LongString | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_LowBound | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_OutOfBound | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_scanf | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_sizeof | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_StrcpyStrcat | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_unbounded | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_Unbounded_Buffer | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_Unbounded_Format | High | Critical | 120 |
CPP_Buffer_Overflow | Buffer_Overflow_Wrong_Buffer_Size | High | Critical | 131 |
CPP_Buffer_Overflow | Open_SSL_HeartBleed | High | Critical | 120 |
CPP_High_Risk | CGI_Stored_XSS | High | Critical | 79 |
CPP_High_Risk | Command_Injection | High | Critical | 77 |
CPP_High_Risk | Resource_Injection | High | Medium | 99 |
CPP_High_Risk | SQL_Injection | High | Critical | 89 |
CPP_Insecure_Credential_Storage | Comparison_Timing_Attack | Medium | High | 208 |
CPP_Low_Visibility | Exposure_of_System_Data_to_Unauthorized_Control_Sphere | Low | Medium | 497 |
CPP_Low_Visibility | Improper_Resource_Access_Authorization | Low | Medium | 285 |
CPP_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
CPP_Low_Visibility | Privacy_Violation | Low | Medium | 359 |
CPP_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
CPP_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
CPP_Medium_Threat | Cleartext_Transmission_Of_Sensitive_Information | Medium | High | 319 |
CPP_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | High | 494 |
CPP_Medium_Threat | Improperly_Locked_Memory | Medium | Low | 591 |
CPP_Medium_Threat | Path_Traversal | Medium | High | 22 |
CPP_Medium_Threat | Use_After_Free | Medium | High | 416 |
CPP_Stored_Vulnerabilities | Second_Order_SQL_Injection | Medium | Critical | 89 |
CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_boundcpy | Medium | Critical | 120 |
CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_cpycat | Medium | Critical | 120 |
CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fgets | Medium | Critical | 120 |
CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fscanf | Medium | Critical | 120 |
CPP_Stored_Vulnerabilities | Stored_Command_Injection | Medium | Critical | 77 |
CPP_Stored_Vulnerabilities | Stored_Connection_String_Injection | Medium | High | 99 |
CPP_Stored_Vulnerabilities | Stored_DoS_by_Sleep | Low | Medium | 730 |
CPP_Stored_Vulnerabilities | Stored_Environment_Injection | Low | Medium | 15 |
CPP_Stored_Vulnerabilities | Stored_Format_String_Attack | Medium | High | 134 |
CPP_Stored_Vulnerabilities | Stored_LDAP_Injection | Medium | High | 90 |
CPP_Stored_Vulnerabilities | Stored_Parameter_Tampering | Low | Medium | 472 |
CPP_Stored_Vulnerabilities | Stored_Path_Traversal | Medium | High | 22 |
CPP_Weak_Cryptography | Weak_Randomness_Biased_Random_Sample | Medium | Low | 330 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
CSharp_High_Risk | Code_Injection | High | Critical | 94 |
CSharp_High_Risk | Command_Injection | High | Critical | 77 |
CSharp_High_Risk | Resource_Injection | High | Medium | 99 |
CSharp_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
CSharp_High_Risk | SQL_Injection | High | Critical | 89 |
CSharp_High_Risk | Stored_XSS | High | Critical | 79 |
CSharp_High_Risk | XPath_Injection | High | Medium | 643 |
CSharp_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
CSharp_Low_Visibility | Impersonation_Issue | Low | Medium | 520 |
CSharp_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
CSharp_Low_Visibility | JWT_Use_Of_Hardcoded_Secret | Low | Medium | 798 |
CSharp_Low_Visibility | Missing_Function_Level_Authorization | Low | Medium | 862 |
CSharp_Low_Visibility | Open_Redirect | Low | Medium | 601 |
CSharp_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
CSharp_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
CSharp_Low_Visibility | Stored_Code_Injection | Low | Critical | 94 |
CSharp_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
CSharp_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
CSharp_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
CSharp_Medium_Threat | Buffer_Overflow | Medium | High | 120 |
CSharp_Medium_Threat | CGI_XSS | Medium | High | 79 |
CSharp_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | High | 611 |
CSharp_Medium_Threat | Integer_Overflow | Medium | Low | 190 |
CSharp_Medium_Threat | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
CSharp_Medium_Threat | JWT_No_Expiration_Time_Validation | Medium | Low | 613 |
CSharp_Medium_Threat | Path_Traversal | Medium | High | 22 |
CSharp_Medium_Threat | Persistent_Connection_String | Medium | Low | 257 |
CSharp_Medium_Threat | Race_Condition_within_a_Thread | Medium | Low | 366 |
CSharp_Medium_Threat | SSRF | Medium | High | 74 |
CSharp_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
CSharp_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
CSharp_Medium_Threat | Stored_Path_Traversal | Medium | High | 22 |
CSharp_Windows_Phone | Client_Side_Injection | High | Medium | 89 |
CSharp_Windows_Phone | Failure_to_Implement_Least_Privilege | Low | Information | 250 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Dart_Mobile_Best_Coding_Practice | WebView_Cache_Information_Leak | Information | Medium | 0 |
Dart_Mobile_High_Risk | Sensitive_Information_Through_URL_Scheme | High | Medium | 319 |
Dart_Mobile_Low_Visibility | Autocorrection_Keystroke_Logging | Low | Medium | 359 |
Dart_Mobile_Low_Visibility | Hardcoded_Password_In_Gradle | Low | Medium | 259 |
Dart_Mobile_Low_Visibility | Implicit_Intent_With_Read_Write_Permissions | Low | Medium | 668 |
Dart_Mobile_Low_Visibility | Insecure_HTTP_Connections_Enabled | Low | Medium | 319 |
Dart_Mobile_Low_Visibility | Missing_Certificate_Pinning | Low | Information | 295 |
Dart_Mobile_Low_Visibility | Use_Of_Implicit_Intent_For_Sensitive_Communication | Low | Medium | 927 |
Dart_Mobile_Low_Visibility | Use_of_Non_Cryptographic_Random | Low | Information | 330 |
Dart_Mobile_Medium_Threat | Absolute_Path_Traversal | Medium | High | 36 |
Dart_Mobile_Medium_Threat | Path_Traversal | Medium | Low | 22 |
Dart_Mobile_Medium_Threat | Use_of_Hardcoded_Cryptographic_Key_in_Client | Medium | High | 321 |
Dart_Mobile_Medium_Threat | WebView_JavaScript_Injection_from_URL_Scheme | Medium | High | 79 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Go_AWS_Lambda | DynamoDB_NoSQL_Injection | High | Critical | 74 |
Go_AWS_Lambda | Hardcoded_AWS_Credentials | Low | Medium | 798 |
Go_AWS_Lambda | Unrestricted_Read_S3 | Low | Medium | 639 |
Go_AWS_Lambda | Unrestricted_Write_S3 | Low | Medium | 639 |
Go_High_Risk | Command_Injection | High | Critical | 77 |
Go_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Go_High_Risk | SQL_Injection | High | Critical | 89 |
Go_High_Risk | Stored_Command_Injection | High | Critical | 77 |
Go_High_Risk | Stored_XSS_All_Clients | High | Critical | 79 |
Go_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
Go_Low_Visibility | Empty_Password_In_Connection_String | Low | Medium | 521 |
Go_Low_Visibility | Open_Redirect | Low | Medium | 601 |
Go_Low_Visibility | Plain_Text_Transport_Layer_in_Server | Low | High | 319 |
Go_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
Go_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Go_Low_Visibility | Use_of_Hardcoded_Password | Low | Medium | 259 |
Go_Low_Visibility | Use_Of_Unsafe_Package | Low | Medium | 242 |
Go_Medium_Threat | Cleartext_Transmission_Of_Sensitive_Information | Medium | High | 319 |
Go_Medium_Threat | Divide_By_Zero | Medium | Low | 369 |
Go_Medium_Threat | Integer_Overflow | Medium | Low | 190 |
Go_Medium_Threat | Race_Condition_Concurrent_Instances | Medium | Low | 366 |
Go_Medium_Threat | Reflected_Absolute_Path_Traversal | Medium | High | 36 |
Go_Medium_Threat | Reflected_Relative_Path_Traversal | Medium | High | 23 |
Go_Medium_Threat | SSRF | Medium | High | 918 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Groovy_High_Risk | Code_Injection | High | Critical | 94 |
Groovy_High_Risk | Command_Injection | High | Critical | 77 |
Groovy_High_Risk | Resource_Injection | High | Medium | 99 |
Groovy_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Groovy_High_Risk | SQL_Injection | High | Critical | 89 |
Groovy_High_Risk | Stored_XSS | High | Critical | 79 |
Groovy_High_Risk | XPath_Injection | High | Medium | 643 |
Groovy_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | Medium | 566 |
Groovy_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | Medium | 15 |
Groovy_Low_Visibility | Empty_Password_In_Connection_String | Low | Medium | 521 |
Groovy_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | High | 89 |
Groovy_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
Groovy_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | Medium | 329 |
Groovy_Low_Visibility | Open_Redirect | Low | Medium | 601 |
Groovy_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
Groovy_Low_Visibility | Reversible_One_Way_Hash | Low | Medium | 328 |
Groovy_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | Medium | 614 |
Groovy_Low_Visibility | Uncontrolled_Memory_Allocation | Low | Medium | 789 |
Groovy_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Groovy_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Groovy_Low_Visibility | Using_Referer_Field_for_Authentication | Low | Medium | 293 |
Groovy_Medium_Threat | Absolute_Path_Traversal | Medium | High | 36 |
Groovy_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | High | 79 |
Groovy_Medium_Threat | CGI_Stored_XSS | Medium | Critical | 79 |
Groovy_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | High | 319 |
Groovy_Medium_Threat | Dangerous_File_Inclusion | Medium | High | 829 |
Groovy_Medium_Threat | Input_Path_Not_Canonicalized | Medium | Information | 73 |
Groovy_Medium_Threat | Relative_Path_Traversal | Medium | High | 23 |
Groovy_Medium_Threat | Same_Seed_in_PRNG | Medium | Low | 336 |
Groovy_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Groovy_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Groovy_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | Low | 330 |
Groovy_Medium_Threat | Use_of_System_exit | Medium | Information | 382 |
Groovy_Stored | Stored_Code_Injection | Low | Critical | 94 |
Groovy_Stored | Stored_Open_Redirect | Low | Medium | 601 |
Groovy_Stored | Stored_XPath_Injection | Low | Medium | 643 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Java_Android | Side_Channel_Data_Leakage | High | Medium | 200 |
Java_Android | Use_of_WebView_AddJavascriptInterface | High | Low | 749 |
Java_Android | Allowed_Backup | Information | Low | 530 |
Java_Android | WebView_Cache_Information_Leak | Information | Medium | 524 |
Java_Android | Copy_Paste_Buffer_Caching | Low | Medium | 922 |
Java_Android | Failure_To_Implement_Least_Privilege | Low | Information | 250 |
Java_Android | Hardcoded_Password_In_Gradle | Low | Medium | 259 |
Java_Android | Implicit_Intent_With_Read_Write_Permissions | Low | Medium | 668 |
Java_Android | Insecure_HTTP_Connections_Enabled | Low | Medium | 319 |
Java_Android | Insufficient_Application_Layer_Protect | Low | Medium | 311 |
Java_Android | Missing_Certificate_Pinning | Low | Information | 295 |
Java_Android | Screen_Caching | Low | Medium | 524 |
Java_Android | Unsafe_Permission_Check | Medium | Low | 284 |
Java_AWS_Lambda | DynamoDB_NoSQL_Injection | High | Critical | 74 |
Java_AWS_Lambda | Hardcoded_AWS_Credentials | Low | Medium | 798 |
Java_AWS_Lambda | Unrestricted_Delete_S3 | Low | Medium | 639 |
Java_AWS_Lambda | Unrestricted_Read_S3 | Low | Medium | 639 |
Java_AWS_Lambda | Unrestricted_Write_S3 | Low | Medium | 639 |
Java_GWT | GWT_DOM_XSS | Medium | High | 79 |
Java_High_Risk | Code_Injection | High | Critical | 94 |
Java_High_Risk | Command_Injection | High | Critical | 77 |
Java_High_Risk | Expression_Language_Injection_EL | High | Critical | 917 |
Java_High_Risk | Expression_Language_Injection_MVEL | High | Critical | 917 |
Java_High_Risk | Expression_Language_Injection_OGNL | High | Critical | 917 |
Java_High_Risk | Expression_Language_Injection_SPEL | High | Critical | 917 |
Java_High_Risk | JSF_Local_File_Inclusion | High | Critical | 98 |
Java_High_Risk | Mongo_NoSQL_Injection | High | Critical | 943 |
Java_High_Risk | Resource_Injection | High | Medium | 99 |
Java_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Java_High_Risk | SQL_Injection | High | Critical | 89 |
Java_High_Risk | Stored_XSS | High | Critical | 79 |
Java_High_Risk | Unsafe_JNDI_Lookup | High | Critical | 20 |
Java_High_Risk | XPath_Injection | High | Medium | 643 |
Java_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | Medium | 566 |
Java_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
Java_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | Medium | 15 |
Java_Low_Visibility | Empty_Password_In_Connection_String | Low | Medium | 521 |
Java_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | High | 89 |
Java_Low_Visibility | Information_Exposure_Through_Query_String | Low | Medium | 598 |
Java_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
Java_Low_Visibility | JWT_Use_Of_None_Algorithm | Low | High | 287 |
Java_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | Medium | 329 |
Java_Low_Visibility | Open_Redirect | Low | Medium | 601 |
Java_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
Java_Low_Visibility | Reflected_Environment_Injection | Low | Medium | 15 |
Java_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
Java_Low_Visibility | Reversible_One_Way_Hash | Low | Medium | 328 |
Java_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | Medium | 614 |
Java_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
Java_Low_Visibility | Stored_Environment_Injection | Low | Medium | 15 |
Java_Low_Visibility | Uncontrolled_Memory_Allocation | Low | Medium | 789 |
Java_Low_Visibility | Unrestricted_File_Upload | Low | Medium | 434 |
Java_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Java_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Java_Low_Visibility | Use_Of_Hardcoded_Password_In_Config | Low | Medium | 260 |
Java_Low_Visibility | Use_of_Non_Cryptographic_Random | Low | Information | 330 |
Java_Low_Visibility | Using_Referer_Field_for_Authentication | Low | Medium | 293 |
Java_Medium_Threat | Absolute_Path_Traversal | Medium | High | 36 |
Java_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | High | 79 |
Java_Medium_Threat | CGI_Stored_XSS | Medium | Critical | 79 |
Java_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | High | 319 |
Java_Medium_Threat | Dangerous_File_Inclusion | Medium | High | 829 |
Java_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | High | 494 |
Java_Medium_Threat | Improper_Restriction_of_Stored_XXE_Ref | Medium | High | 611 |
Java_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | High | 611 |
Java_Medium_Threat | Input_Path_Not_Canonicalized | Medium | Information | 73 |
Java_Medium_Threat | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
Java_Medium_Threat | JWT_No_Signature_Verification | Medium | High | 287 |
Java_Medium_Threat | Relative_Path_Traversal | Medium | High | 23 |
Java_Medium_Threat | Same_Seed_in_PRNG | Medium | Low | 336 |
Java_Medium_Threat | SSRF | Medium | High | 918 |
Java_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Java_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Java_Spring | Spring_View_SPEL_Injection | High | Critical | 917 |
Java_Spring | Spring_Missing_Object_Level_Authorization | Information | Medium | 862 |
Java_Spring | Spring_Missing_Function_Level_Authorization | Low | Medium | 862 |
Java_Spring | Spring_Use_of_Broken_or_Risky_Cryptographic_Primitive | Low | Medium | 327 |
Java_Spring | Spring_Use_Of_Hardcoded_Password | Low | Medium | 259 |
Java_Spring | Spring_Comparison_Timing_Attack | Medium | High | 208 |
Java_Spring | Spring_Missing_X_Frame_Options | Medium | Low | 1021 |
Java_Stored | Stored_Code_Injection | Low | Critical | 94 |
Java_Stored | Stored_Mongo_NoSQL_Injection | Low | Critical | 943 |
Java_Stored | Stored_Open_Redirect | Low | Medium | 601 |
Java_Stored | Stored_XPath_Injection | Low | Medium | 643 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
JavaScript_AWS_Lambda | DynamoDB_NoSQL_Injection | High | Critical | 74 |
JavaScript_AWS_Lambda | Race_Condition_Concurrent_Instances | Medium | Low | 366 |
JavaScript_AWS_Lambda | Unrestricted_Read_S3 | Low | Medium | 639 |
JavaScript_AWS_Lambda | Unrestricted_Write_S3 | Low | Medium | 639 |
JavaScript_Cordova | Cordova_Code_Injection | Medium | High | 94 |
JavaScript_High_Risk | Client_Second_Order_Sql_Injection | High | Low | 89 |
JavaScript_High_Risk | Client_SQL_Injection | High | Low | 89 |
Javascript_Kony | Kony_Information_Leakage | High | Medium | 319 |
Javascript_Kony | Kony_Path_Injection | High | Low | 73 |
Javascript_Kony | Kony_Second_Order_SQL_Injection | High | Low | 89 |
Javascript_Kony | Kony_SQL_Injection | High | Low | 89 |
Javascript_Kony | Kony_Stored_XSS | High | Deprecate | 79 |
Javascript_Kony | Kony_Unsecure_Browser_Configuration | High | Low | 15 |
Javascript_Lightning | Lightning_Stored_XSS | High | Critical | 79 |
JavaScript_Low_Visibility | Client_Cookies_Inspection | Low | Medium | 315 |
JavaScript_Low_Visibility | Client_DOM_Open_Redirect | Low | Medium | 601 |
JavaScript_Low_Visibility | Client_Empty_Password | Low | Medium | 259 |
JavaScript_Low_Visibility | Client_HTML5_Easy_To_Guess_Database_Name | Low | Information | 330 |
JavaScript_Low_Visibility | Client_Negative_Content_Length | Low | Information | 398 |
JavaScript_Low_Visibility | Client_Password_In_Comment | Low | Medium | 615 |
JavaScript_Low_Visibility | Client_Weak_Cryptographic_Hash | Low | Medium | 310 |
JavaScript_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
JavaScript_Low_Visibility | Not_Using_a_Random_IV | Low | Medium | 329 |
JavaScript_Medium_Threat | Client_DoS_By_Sleep | Medium | Low | 730 |
JavaScript_Medium_Threat | Client_HTML5_Information_Exposure | Medium | Low | 200 |
JavaScript_Medium_Threat | Client_ReDoS_From_Regex_Injection | Medium | Low | 400 |
JavaScript_Medium_Threat | Client_ReDoS_In_Match | Medium | Low | 400 |
JavaScript_Medium_Threat | Client_ReDos_In_RegExp | Medium | Low | 400 |
JavaScript_Medium_Threat | Client_ReDoS_In_Replace | Medium | Low | 400 |
JavaScript_Medium_Threat | Client_Sandbox_Allows_Scripts_With_Same_Origin | Medium | Low | 829 |
JavaScript_Medium_Threat | Client_Untrusted_Activex | Medium | Information | 618 |
JavaScript_Medium_Threat | CSV_Injection | Medium | Low | 74 |
JavaScript_Medium_Threat | XML_External_Entities_XXE | Medium | High | 611 |
JavaScript_ReactNative | Clipboard_Information_Leakage | Low | Medium | 200 |
JavaScript_ReactNative | Unencrypted_Sensitive_Data_Storage | Medium | Low | 922 |
JavaScript_SAPUI5 | SAPUI5_Use_Of_Hardcoded_URL | Medium | Low | 200 |
JavaScript_Server_Side_Vulnerabilities | Absolute_Path_Traversal | Medium | High | 36 |
JavaScript_Server_Side_Vulnerabilities | Code_Injection | High | Critical | 94 |
JavaScript_Server_Side_Vulnerabilities | Command_Injection | High | Critical | 77 |
JavaScript_Server_Side_Vulnerabilities | Insecure_Storage_of_Sensitive_Data | High | Medium | 933 |
JavaScript_Server_Side_Vulnerabilities | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
JavaScript_Server_Side_Vulnerabilities | JWT_No_Expiration_Time_Validation | Medium | Low | 613 |
JavaScript_Server_Side_Vulnerabilities | JWT_Use_Of_None_Algorithm | Low | High | 287 |
JavaScript_Server_Side_Vulnerabilities | MongoDB_NoSQL_Injection | High | Critical | 89 |
JavaScript_Server_Side_Vulnerabilities | Open_Redirect | Low | Medium | 601 |
JavaScript_Server_Side_Vulnerabilities | Password_Weak_Encryption | Low | Medium | 261 |
JavaScript_Server_Side_Vulnerabilities | Poor_Database_Access_Control | Low | Medium | 285 |
JavaScript_Server_Side_Vulnerabilities | Relative_Path_Traversal | Medium | High | 23 |
JavaScript_Server_Side_Vulnerabilities | Second_Order_SQL_Injection | High | Critical | 89 |
JavaScript_Server_Side_Vulnerabilities | Sensitive_Information_Over_HTTP | Medium | High | 319 |
JavaScript_Server_Side_Vulnerabilities | SQL_Injection | High | Critical | 89 |
JavaScript_Server_Side_Vulnerabilities | SSRF | Medium | High | 918 |
JavaScript_Server_Side_Vulnerabilities | Stored_Code_Injection | Medium | Critical | 94 |
JavaScript_Server_Side_Vulnerabilities | Stored_Path_Traversal | Medium | High | 22 |
JavaScript_Server_Side_Vulnerabilities | Stored_XSS | High | Critical | 79 |
JavaScript_Server_Side_Vulnerabilities | Unprotected_Cookie | Low | Medium | 614 |
JavaScript_Server_Side_Vulnerabilities | Unrestricted_File_Upload | Low | Medium | 434 |
JavaScript_Server_Side_Vulnerabilities | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
JavaScript_Server_Side_Vulnerabilities | Use_Of_Hardcoded_Password | Low | Medium | 259 |
JavaScript_Server_Side_Vulnerabilities | Use_Of_HTTP_Sensitive_Data_Exposure | Low | Medium | 319 |
JavaScript_Server_Side_Vulnerabilities | Use_of_Insufficiently_Random_Values | Medium | Low | 330 |
JavaScript_XS | XS_Code_Injection | High | Critical | 94 |
JavaScript_XS | XS_Second_Order_SQL_Injection | High | Critical | 89 |
JavaScript_XS | XS_SQL_Injection | High | Critical | 89 |
JavaScript_XS | XS_Stored_Code_Injection | High | Critical | 94 |
JavaScript_XS | XS_Stored_XSS | High | Critical | 79 |
JavaScript_XS | XS_Unencrypted_Data_Transfer | Low | Medium | 319 |
JavaScript_XS | XS_Use_Of_Hardcoded_URL | Medium | Low | 798 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Kotlin_Android | Allowed_Backup | Information | Low | 530 |
Kotlin_Android | Copy_Paste_Buffer_Caching | Low | Medium | 922 |
Kotlin_Android | Failure_to_Implement_Least_Privilege | Low | Information | 250 |
Kotlin_Android | Hardcoded_Password_In_Gradle | Low | Medium | 259 |
Kotlin_Android | Implicit_Intent_With_Read_Write_Permissions | Low | Medium | 668 |
Kotlin_Android | Insecure_Data_Storage_Usage | Medium | Low | 312 |
Kotlin_Android | Insecure_HTTP_Connections_Enabled | Low | Medium | 319 |
Kotlin_Android | Screen_Caching | Low | Medium | 524 |
Kotlin_Android | Unsafe_Permission_Check | Medium | Low | 284 |
Kotlin_Android | Use_of_WebView_AddJavascriptInterface | High | Low | 749 |
Kotlin_Android | WebView_Cache_Information_Leak | Information | Medium | 524 |
Kotlin_High_Risk | Code_Injection | High | Critical | 94 |
Kotlin_High_Risk | Command_Injection | High | Critical | 77 |
Kotlin_High_Risk | Expression_Language_Injection_MVEL | High | Critical | 917 |
Kotlin_High_Risk | Expression_Language_Injection_SPEL | High | Critical | 917 |
Kotlin_High_Risk | Resource_Injection | High | Medium | 99 |
Kotlin_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Kotlin_High_Risk | SQL_Injection | High | Critical | 89 |
Kotlin_High_Risk | Stored_XSS | High | Critical | 79 |
Kotlin_High_Risk | XPath_Injection | High | Medium | 643 |
Kotlin_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
Kotlin_Low_Visibility | JWT_Use_Of_None_Algorithm | Low | High | 287 |
Kotlin_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
Kotlin_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
Kotlin_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Kotlin_Low_Visibility | Use_of_Hardcoded_Password | Low | Medium | 259 |
Kotlin_Low_Visibility | Use_of_Non_Cryptographic_Random | Low | Information | 330 |
Kotlin_Low_Visibility | Use_of_Unsafe_JNI | Low | Medium | 111 |
Kotlin_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | High | 319 |
Kotlin_Medium_Threat | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
Kotlin_Medium_Threat | JWT_No_Signature_Verification | Medium | High | 287 |
Kotlin_Medium_Threat | Same_Seed_in_PRNG | Medium | Low | 336 |
Kotlin_Medium_Threat | SSRF | Medium | High | 918 |
Kotlin_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Kotlin_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Kotlin_Spring | Spring_View_Manipulation | High | Critical | 917 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Lua_High_Risk | Arbitrary_File_Write | High | Critical | 669 |
Lua_High_Risk | Code_Injection | High | Critical | 74 |
Lua_High_Risk | Command_Injection | High | Critical | 77 |
Lua_High_Risk | Insufficiently_Secure_Password_Storage_Algorithm_Parameters | High | Medium | 522 |
Lua_High_Risk | Resource_Injection | High | Medium | 99 |
Lua_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Lua_High_Risk | SQL_Injection | High | Critical | 89 |
Lua_High_Risk | Stored_Code_Injection | High | Critical | 74 |
Lua_High_Risk | Stored_Command_Injection | High | Critical | 77 |
Lua_High_Risk | Stored_XSS | High | Critical | 79 |
Lua_Low_Visibility | Command_Argument_Injection | Low | Medium | 78 |
Lua_Low_Visibility | Empty_password_in_Connection_String | Low | Medium | 521 |
Lua_Low_Visibility | Hardcoded_AWS_Credentials | Low | Medium | 798 |
Lua_Low_Visibility | Missing_HSTS_Header | Low | Medium | 346 |
Lua_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
Lua_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
Lua_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 78 |
Lua_Low_Visibility | Unrestricted_Read_S3 | Low | Medium | 639 |
Lua_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Lua_Low_Visibility | Use_Of_Hardcoded_Password_In_Config | Low | Medium | 260 |
Lua_Low_Visibility | Use_of_Non_Cryptographic_Random | Low | Information | 338 |
Lua_Low_Visibility | Using_Referer_Field_for_Authentication | Low | Medium | 287 |
Lua_Medium_Threat | Absolute_Path_Traversal | Medium | High | 36 |
Lua_Medium_Threat | JWT_Lack_of_Expiration_Time | Medium | Low | 613 |
Lua_Medium_Threat | Race_Condition | Medium | Low | 366 |
Lua_Medium_Threat | Relative_Path_Traversal | Medium | High | 23 |
Lua_Medium_Threat | SSRF | Medium | High | 74 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Apple_Secure_Coding_Guide | Buffer_Size_Literal_Condition | Low | Information | 118 |
Apple_Secure_Coding_Guide | Improper_Implementation_of_NSSecureCoding | High | Medium | 502 |
Apple_Secure_Coding_Guide | NSPredicate_Injection | High | Medium | 134 |
Apple_Secure_Coding_Guide | Path_Manipulation | Medium | Low | 73 |
Apple_Secure_Coding_Guide | Signed_Memory_Arithmetic | High | Low | 190 |
Apple_Secure_Coding_Guide | Unchecked_CString_Convertion | Low | Information | 252 |
ObjectiveC_High_Risk | App_Transport_Security_Bypass | High | Low | 319 |
ObjectiveC_High_Risk | Information_Exposure_Through_Extension | High | Medium | 200 |
ObjectiveC_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
ObjectiveC_High_Risk | SQL_Injection | High | Critical | 89 |
ObjectiveC_High_Risk | Stored_XSS | High | Critical | 79 |
ObjectiveC_High_Risk | Third_Party_Keyboards_On_Sensitive_Field | High | Medium | 829 |
ObjectiveC_Low_Visibility | Incorrect_Initialization | Low | Information | 456 |
ObjectiveC_Low_Visibility | Missing_Certificate_Pinning | Low | Information | 295 |
ObjectiveC_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
ObjectiveC_Low_Visibility | Plain_Text_Transport_Layer | Low | Medium | 311 |
ObjectiveC_Low_Visibility | Poor_Authorization_and_Authentication | Low | Medium | 287 |
ObjectiveC_Low_Visibility | Third_Party_Keyboard_Enabled | Low | Medium | 829 |
ObjectiveC_Low_Visibility | Unchecked_Return_Value | Low | Information | 252 |
ObjectiveC_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
ObjectiveC_Low_Visibility | Use_of_Hardcoded_Cryptographic_Key | Low | High | 321 |
ObjectiveC_Low_Visibility | Use_of_Hardcoded_Password | Low | Medium | 259 |
ObjectiveC_Medium_Threat | Format_String_Attack | Medium | High | 134 |
ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Input | Medium | High | 319 |
ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Output | Medium | High | 319 |
ObjectiveC_Medium_Threat | Path_Traversal | Medium | Low | 22 |
ObjectiveC_Medium_Threat | XML_External_Entity | Medium | Low | 611 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Perl_High_Risk | Code_Injection | High | Critical | 94 |
Perl_High_Risk | Command_Injection | High | Critical | 77 |
Perl_High_Risk | Resource_Injection | High | Medium | 99 |
Perl_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Perl_High_Risk | SQL_Injection | High | Critical | 89 |
Perl_High_Risk | Stored_XSS | High | Critical | 79 |
Perl_Low_Visibility | Unchecked_Return_Value | Low | Information | 252 |
Perl_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Perl_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | High | 611 |
Perl_Medium_Threat | Path_Traversal | Medium | High | 22 |
Perl_Medium_Threat | Stored_Code_Injection | Medium | Critical | 94 |
Perl_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Perl_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Perl_Medium_Threat | Stored_Path_Traversal | Medium | High | 22 |
Perl_Medium_Threat | Unprotected_Transport_of_Credentials | Medium | High | 523 |
Perl_Medium_Threat | Use_of_Two_Argument_Form_of_Open | Medium | Low | 77 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
PHP_High_Risk | Code_Injection | High | Critical | 94 |
PHP_High_Risk | Command_Injection | High | Critical | 77 |
PHP_High_Risk | Insufficiently_Secure_Password_Storage_Algorithm_Parameters | High | Medium | 522 |
PHP_High_Risk | MongoDB_NoSQL_Injection | High | Critical | 74 |
PHP_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
PHP_High_Risk | Server_Side_Template_Injection | High | Critical | 1336 |
PHP_High_Risk | SQL_Injection | High | Critical | 89 |
PHP_High_Risk | Stored_Absolute_Path_Traversal | High | Medium | 36 |
PHP_High_Risk | Stored_XSS | High | Critical | 79 |
PHP_High_Risk | XPath_Injection | High | Medium | 643 |
PHP_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
PHP_Low_Visibility | Comparison_Timing_Attack | Low | High | 208 |
PHP_Low_Visibility | Error_Messages_Misconfiguration | Low | Medium | 209 |
Php_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | Medium | 350 |
PHP_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
Php_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Php_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
PHP_Medium_Threat | Deserialization_of_Untrusted_Data | Medium | High | 502 |
PHP_Medium_Threat | Improper_Restriction_of_Stored_XXE_Ref | Medium | High | 611 |
PHP_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | High | 611 |
PHP_Medium_Threat | Inappropriate_Encoding_for_Output_Context | Medium | Low | 838 |
PHP_Medium_Threat | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
PHP_Medium_Threat | Path_Traversal | Medium | High | 22 |
PHP_Medium_Threat | Relative_Path_Traversal | Medium | High | 23 |
PHP_Medium_Threat | SSRF | Medium | High | 918 |
PHP_Medium_Threat | SSTI_Twig | Medium | Critical | 1336 |
PHP_Medium_Threat | Stored_Code_Injection | Medium | Critical | 94 |
PHP_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
PHP_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
PLSQL_High_Risk | Resource_Injection | High | Medium | 99 |
PLSQL_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
PLSQL_High_Risk | SQL_Injection | High | Critical | 89 |
PLSQL_High_Risk | Stored_XSS | High | Critical | 79 |
PLSQL_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | Medium | 566 |
PLSQL_Low_Visibility | Reversible_One_Way_Hash | Low | Medium | 328 |
PLSQL_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
PLSQL_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
PLSQL_Medium_Threat | Dangling_Database_Cursor | Medium | Low | 619 |
PLSQL_Medium_Threat | Default_Definer_Rights_in_Package_or_Object_Definition | Medium | Low | 265 |
PLSQL_Medium_Threat | Improper_Privilege_Management | Medium | Low | 269 |
PLSQL_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | Low | 330 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Python_AWS_Lambda | DynamoDB_NoSQL_Injection | High | Critical | 74 |
Python_AWS_Lambda | Hardcoded_AWS_Credentials | Low | Medium | 798 |
Python_AWS_Lambda | Race_Condition_Concurrent_Instances | Medium | Low | 366 |
Python_AWS_Lambda | Unrestricted_Delete_S3 | Medium | 639 | |
Python_AWS_Lambda | Unrestricted_Read_S3 | Low | Medium | 639 |
Python_AWS_Lambda | Unrestricted_Write_S3 | Low | Medium | 639 |
Python_Best_Coding_Practice | Use_of_Unknown_Fields | Information | 0 | |
Python_High_Risk | Code_Injection | High | Critical | 94 |
Python_High_Risk | Command_Injection | High | Critical | 77 |
Python_High_Risk | OS_Access_Violation | High | Medium | 77 |
Python_High_Risk | Resource_Injection | High | Medium | 99 |
Python_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Python_High_Risk | SQL_Injection | High | Critical | 89 |
Python_High_Risk | Stored_XSS | High | Critical | 79 |
Python_High_Risk | XPath_Injection | High | Medium | 643 |
Python_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
Python_Low_Visibility | Debug_Enabled | Low | High | 11 |
Python_Low_Visibility | Django_Improper_Resource_Access_Authorization | Low | Medium | 285 |
Python_Low_Visibility | Django_Missing_Function_Level_Authorization | Low | Medium | 862 |
Python_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
Python_Low_Visibility | Marshmallow_Dumping_Without_Validation | Low | 1173 | |
Python_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
Python_Low_Visibility | ReDoS_Injection | Low | Medium | 400 |
Python_Low_Visibility | Stored_Code_Injection | Low | Critical | 94 |
Python_Low_Visibility | Stored_Command_Argument_Injection | Low | Medium | 88 |
Python_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Python_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Python_Medium_Threat | Cookie_Poisoning | Medium | Low | 472 |
Python_Medium_Threat | Filtering_Sensitive_Logs | Medium | Low | 532 |
Python_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | High | 611 |
Python_Medium_Threat | Insecure_Randomness | Medium | Low | 330 |
Python_Medium_Threat | Path_Traversal | Medium | High | 22 |
Python_Medium_Threat | SSRF | Medium | High | 918 |
Python_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Python_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
RPG_High_Risk | Buffer_Overrun | High | Critical | 126 |
RPG_High_Risk | Control_Language_Injection | High | Critical | 77 |
RPG_High_Risk | SQL_Injection | High | Critical | 89 |
RPG_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
RPG_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Ruby_High_Risk | Code_Injection | High | Critical | 94 |
Ruby_High_Risk | Command_Injection | High | Critical | 77 |
Ruby_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Ruby_High_Risk | SQL_Injection | High | Critical | 89 |
Ruby_High_Risk | Stored_XSS | High | Critical | 79 |
Ruby_Low_Visibility | Connection_String_Injection | Low | High | 99 |
Ruby_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
Ruby_Low_Visibility | Interactive_Render_Path | Low | Medium | 73 |
Ruby_Low_Visibility | Open_Redirect | Low | Medium | 601 |
Ruby_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Ruby_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
Ruby_Medium_Threat | Dangerous_Send | Medium | High | 77 |
Ruby_Medium_Threat | Download_Arbitrary_File | Medium | High | 0 |
Ruby_Medium_Threat | Filtering_Sensitive_Logs | Medium | Low | 532 |
Ruby_Medium_Threat | Insecure_Randomness | Medium | Low | 330 |
Ruby_Medium_Threat | Insufficient_Format_Validation | Medium | Low | 625 |
Ruby_Medium_Threat | Nonvalidated_File_Upload | Medium | High | 434 |
Ruby_Medium_Threat | Path_Traversal | Medium | High | 22 |
Ruby_Medium_Threat | Stored_Code_Injection | Medium | Critical | 94 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Rust_Critical | Command_Injection | High | Critical | 77 |
Rust_Critical | Second_Order_SQL_Injection | High | Critical | 89 |
Rust_Critical | SQL_Injection | High | Critical | 89 |
Rust_Critical | Stored_Command_Injection | High | Critical | 77 |
Rust_Critical | Stored_XSS | High | Critical | 79 |
Rust_Critical | Arbitrary_File_Write | High | Critical | 669 |
Rust_Critical | DynamoDB_NoSQL_Injection | High | Critical | 74 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Scala_High_Risk | Code_Injection | High | Critical | 94 |
Scala_High_Risk | Command_Injection | High | Critical | 77 |
Scala_High_Risk | Expression_Language_Injection_MVEL | High | Critical | 917 |
Scala_High_Risk | Expression_Language_Injection_SPEL | High | Critical | 917 |
Scala_High_Risk | Resource_Injection | High | Medium | 99 |
Scala_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
Scala_High_Risk | SQL_Injection | High | Critical | 89 |
Scala_High_Risk | Stored_XSS | High | Critical | 79 |
Scala_High_Risk | XPath_Injection | High | Medium | 643 |
Scala_Low_Visibility | Akka_Disabling_Hostname_Verification | Low | Medium | 0 |
Scala_Low_Visibility | Command_Argument_Injection | Low | Medium | 88 |
Scala_Low_Visibility | JWT_Use_Of_None_Algorithm | Low | High | 287 |
Scala_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | Medium | 329 |
Scala_Low_Visibility | Open_Redirect | Low | Medium | 601 |
Scala_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Scala_Low_Visibility | Use_of_Non_Cryptographic_Random | Low | Information | 330 |
Scala_Low_Visibility | Use_of_Unsafe_JNI | Low | Medium | 111 |
Scala_Medium_Threat | Absolute_Path_Traversal | Medium | High | 36 |
Scala_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | High | 319 |
Scala_Medium_Threat | Dangerous_File_Inclusion | Medium | High | 829 |
Scala_Medium_Threat | External_XML_Entities_XXE | Medium | High | 611 |
Scala_Medium_Threat | JWT_Lack_Of_Expiration_Time | Medium | Low | 613 |
Scala_Medium_Threat | JWT_No_Signature_Verification | Medium | High | 287 |
Scala_Medium_Threat | Relative_Path_Traversal | Medium | High | 36 |
Scala_Medium_Threat | Same_Seed_in_PRNG | Medium | Low | 336 |
Scala_Medium_Threat | SSRF | Medium | High | 918 |
Scala_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
Scala_Medium_Threat | Stored_External_XML_Entities_XXE | Medium | High | 611 |
Scala_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
Scala_Stored | Stored_Code_Injection | Low | Critical | 94 |
Scala_Stored | Stored_Open_Redirect | Low | Medium | 601 |
Scala_Stored | Stored_XPath_Injection | Low | Medium | 643 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
Swift_Best_Coding_Practices | Third_Party_Keyboard_Enabled | Information | Medium | 829 |
Swift_High_Risk | Information_Exposure_Through_Extension | High | Medium | 200 |
Swift_High_Risk | Third_Party_Keyboards_On_Sensitive_Field | High | Medium | 829 |
Swift_High_Risk | URL_Scheme_Hijacking | High | Medium | 319 |
Swift_Low_Visibility | Missing_Certificate_Pinning | Low | Information | 295 |
Swift_Low_Visibility | Password_In_Comment | Low | Medium | 615 |
Swift_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
Swift_Low_Visibility | Use_of_Hardcoded_Cryptographic_Key | Low | High | 321 |
Swift_Low_Visibility | Use_of_Hardcoded_Password | Low | Medium | 259 |
Swift_Medium_Threat | Path_Traversal | Medium | Low | 22 |
Swift_Medium_Threat | WebView_JavaScript_Injection_From_URL_Scheme | Medium | High | 79 |
Swift_Medium_Threat | XML_External_Entity | Medium | Low | 611 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
VB6_High_Risk | Code_Injection | High | Critical | 94 |
VB6_High_Risk | Command_Injection | High | Critical | 77 |
VB6_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
VB6_High_Risk | SQL_Injection | High | Critical | 89 |
VB6_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
VB6_Low_Visibility | Stored_Code_Injection | Low | Critical | 94 |
VB6_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
VB6_Medium_Threat | Path_Traversal | Medium | High | 22 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
VbNet_High_Risk | Code_Injection | High | Critical | 94 |
VbNet_High_Risk | Command_Injection | High | Critical | 77 |
VbNet_High_Risk | Resource_Injection | High | Medium | 99 |
VbNet_High_Risk | Second_Order_SQL_Injection | High | Critical | 89 |
VbNet_High_Risk | SQL_Injection | High | Critical | 89 |
VbNet_High_Risk | Stored_XSS | High | Critical | 79 |
VbNet_High_Risk | XPath_Injection | High | Medium | 643 |
VbNet_Low_Visibility | Insufficiently_Protected_Credentials | Low | High | 522 |
VbNet_Low_Visibility | Open_Redirect | Low | Medium | 601 |
VbNet_Low_Visibility | Stored_Code_Injection | Low | Critical | 94 |
VbNet_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | Medium | 327 |
VbNet_Low_Visibility | Use_Of_Hardcoded_Password | Low | Medium | 259 |
VbNet_Medium_Threat | Buffer_Overflow | Medium | High | 120 |
VbNet_Medium_Threat | CGI_XSS | Medium | High | 79 |
VbNet_Medium_Threat | Integer_Overflow | Medium | Low | 190 |
VbNet_Medium_Threat | Path_Traversal | Medium | High | 22 |
VbNet_Medium_Threat | Stored_Command_Injection | Medium | Critical | 77 |
VbNet_Medium_Threat | Stored_LDAP_Injection | Medium | High | 90 |
VbNet_WebConfig | HttpOnlyCookies_XSS | High | Medium | 1004 |
Package Name | Query Name | Old severity | New severity | CWE ID |
|---|---|---|---|---|
VbScript_Medium_Threat | Client_DoS_By_Sleep | Medium | Low | 730 |
VbScript_Low_Visibility | DOM_Open_Redirect | Low | Medium | 601 |