Getting Started

Vulnerability Registry

The Vulnerability Registry contains a list of all the vulnerabilities detected by ZeroThreat. You can search for specific vulnerabilities or filter them by severity.

Error Based SQL Injection

SQLI_ERROR_BASEDhigh Injection

Boolean Based SQL Injection

SQLI_BOOLEAN_BASEDhigh Injection

Time Based SQL Injection

SQLI_TIME_BASEDhigh Injection

Stacked Queries SQL Injection

SQLI_STACK_BASEDcritical Injection

Union Based SQL Injection

SQLI_UNION_BASEDhigh Injection

OS Command Injection OOB

CMDI_OOB_CONFIRMEDcritical Injection

OS Command Injection Reflected Output

CMDI_REFLECTEDcritical Injection

Time Based OS Command Injection

CMDI_TIME_BASEDhigh Injection

Error Based OS Command Injection

CMDI_ERROR_BASEDmedium Injection

Jinja2 Server-Side Template Injection

SSTI_JINJA2critical Injection

Twig Server-Side Template Injection

SSTI_TWIGcritical Injection

FreeMarker Server-Side Template Injection

SSTI_FREEMARKERcritical Injection

Generic Server-Side Template Injection

SSTI_GENERIChigh Injection

Velocity Server-Side Template Injection

SSTI_VELOCITYcritical Injection

Thymeleaf Server-Side Template Injection

SSTI_THYMELEAFcritical Injection

ERB Server-Side Template Injection

SSTI_ERBcritical Injection

EJS Server-Side Template Injection

SSTI_EJScritical Injection

Pug/Jade Server-Side Template Injection

SSTI_PUGcritical Injection

Smarty Server-Side Template Injection

SSTI_SMARTYcritical Injection

Mako Server-Side Template Injection

SSTI_MAKOcritical Injection

Error Based XML External Entity Injection

XXE_ERROR_BASEDhigh Injection

Parameter Entity XML External Entity Injection

XXE_PARAMETER_ENTITYhigh Injection

Local File Inclusion Filter Bypass

LFI_FILTER_BYPASShigh File Inclusion

Local File Inclusion Process Information Disclosure

LFI_PROC_DISCLOSUREhigh File Inclusion

Classic XML External Entity Injection

XXE_CLASSIChigh Injection

Blind XML External Entity Injection

XXE_BLINDhigh Injection

Out-of-Band XML External Entity Injection

XXE_OOBcritical Injection

Local File Inclusion Path Traversal

LFI_PATH_TRAVERSALhigh File Inclusion

Local File Inclusion Source Code Disclosure

LFI_SOURCE_DISCLOSUREhigh File Inclusion

Local File Inclusion PHP Wrapper Protocol

LFI_WRAPPER_PROTOCOLcritical File Inclusion

XPath Authentication Bypass

XPATH_AUTH_BYPASShigh Injection

XPath InjectionData Extraction

XPATH_DATA_EXTRACTIONhigh Injection

XPath Injection Blind

XPATH_BLINDmedium Injection

XPath Injection Error Based

XPATH_ERROR_BASEDmedium Injection

Path Parameter Injection

PATH_PARAMETER_INJECTIONmedium Injection

Reflected Cross-Site Scripting

XSS_REFLECTEDmedium Xss

Stored Cross-Site Scripting

XSS_STOREDhigh Xss

DOM Based Cross-Site Scripting

XSS_DOM_BASEDmedium Xss

SVG Injection Cross-Site Scripting

XSS_SVG_INJECTIONhigh Xss

Angular Template Injection Cross-Site Scripting

XSS_CSTI_ANGULARhigh Xss

Content Security Policy Bypass Cross-Site Scripting

XSS_CSP_BYPASShigh Xss

JavaScript Context Cross-Site Scripting

XSS_JS_CONTEXThigh Xss

Event Handler Injection Cross-Site Scripting

XSS_EVENT_HANDLERhigh Xss

Script Tag Injection Cross-Site Scripting

XSS_SCRIPT_INJECTIONhigh Xss

HTML Injection Cross-Site Scripting

XSS_HTML_INJECTIONmedium Xss

Attribute Injection Cross-Site Scripting

XSS_ATTRIBUTE_INJECTIONmedium Xss

CSS Injection Cross-Site Scripting

XSS_CSS_INJECTIONmedium Xss

Template Literal Injection Cross-Site Scripting

XSS_TEMPLATE_LITERALhigh Xss

Mutation Based Cross-Site Scripting

XSS_MUTATION_BASEDhigh Xss

Vue.js Template Injection Cross-Site Scripting

XSS_CSTI_VUEhigh Xss

Server-Side Request Forgery Cloud Metadata Access

SSRF_CLOUD_METADATAcritical Ssrf

Server-Side Request Forgery Internal Service Access

SSRF_INTERNAL_SERVICEhigh Ssrf

Server-Side Request Forgery Protocol Smuggling

SSRF_PROTOCOL_SMUGGLINGhigh Ssrf

Server-Side Request Forgery Blind OOB

SSRF_BLIND_OOBmedium Ssrf

Open Redirect HTTP Header Injection

REDIRECT_HEADER_INJECTIONmedium Business Logic

Open Redirect JavaScript Navigation

REDIRECT_JS_NAVIGATIONmedium Business Logic

Host Header Injection Cache Poisoning

HOST_CACHE_POISONINGhigh Configuration

Host Header Injection Password Reset Poisoning

HOST_PASSWORD_RESEThigh Configuration

Server-Side Request Forgery Filter Bypass

SSRF_FILTER_BYPASShigh Ssrf

Open Redirect Meta Refresh

REDIRECT_META_REFRESHlow Business Logic

Host Header Injection Open Redirect

HOST_REDIRECTmedium Configuration

JWT None Algorithm Attack

JWT_NONE_ALGORITHMcritical Authentication

JWT Weak Secret Key

JWT_WEAK_SECREThigh Authentication

JWT Algorithm Confusion Attack

JWT_KEY_CONFUSIONcritical Authentication

Anonymous Access

BAC_ANONYMOUS_ACCESShigh Access Control

Broken Access Insecure Direct Object Reference

BAC_IDORhigh Access Control

Broken Access Vertical Privilege Escalation

BAC_VERTICAL_PRIVILEGEcritical Access Control

Mass Assignment Role Escalation

MASSASSIGN_ROLE_ESCALATIONhigh Access Control

Mass Assignment Prototype Pollution

MASSASSIGN_PROTOTYPE_POLLUTIONhigh Access Control

JWT Expired Token Accepted

JWT_EXPIRED_TOKENmedium Authentication

JWT Missing Required Claims

JWT_MISSING_CLAIMSmedium Authentication

Broken Access Horizontal Privilege Escalation

BAC_HORIZONTAL_PRIVILEGEhigh Access Control

Mass Assignment Hidden Field Manipulation

MASSASSIGN_HIDDEN_FIELDmedium Access Control

JWT Claim Tampering

JWT_CLAIM_TAMPERINGhigh Authentication

JWT KID Header Injection

JWT_KID_INJECTIONhigh Authentication

JWT JKU Header Injection

JWT_JKU_INJECTIONhigh Authentication

JWT Embedded JWK Injection

JWT_EMBEDDED_JWKhigh Authentication

JWT X5C Header Injection

JWT_X5C_INJECTIONhigh Authentication

Missing Security Header Content-Security-Policy

HEADER_MISSING_CSPmedium Configuration

Missing Security Header Strict-Transport-Security

HEADER_MISSING_HSTSmedium Configuration

HSTS Misconfiguration Invalid Max-Age

HEADER_HSTS_BAD_MAX_AGEmedium Configuration

HSTS Misconfiguration Short Max-Age

HEADER_HSTS_SHORT_MAX_AGEmedium Configuration

HSTS Misconfiguration Missing includeSubDomains

HEADER_HSTS_NO_INCLUDESUBDOMAINSmedium Configuration

HSTS Preload Requirements Not Met

HEADER_HSTS_PRELOAD_LOW_MAX_AGEmedium Configuration

Missing Security Header X-Frame-Options

HEADER_MISSING_XFRAMEmedium Configuration

Weak Content-Security-Policy Configuration

HEADER_WEAK_CSPmedium Configuration

Content-Security-Policy Report-Only Enabled

HEADER_CSP_REPORT_ONLYmedium Configuration

Content-Security-Policy Contains Unsafe Directives

HEADER_CSP_WEAK_DIRECTIVESmedium Configuration

Content-Security-Policy Allows data: in script-src

HEADER_CSP_DATA_URI_SCRIPTmedium Configuration

Content-Security-Policy Allows blob: in script-src

HEADER_CSP_BLOB_URI_SCRIPTmedium Configuration

Content-Security-Policy default-src Uses Wildcard

HEADER_CSP_WILDCARD_DEFAULTmedium Configuration

Content-Security-Policy Missing base-uri Directive

HEADER_CSP_NO_BASE_URImedium Configuration

Content-Security-Policy Missing object-src Directive

HEADER_CSP_NO_OBJECT_SRCmedium Configuration

Content-Security-Policy Missing frame-ancestors Directive

HEADER_CSP_NO_FRAME_ANCESTORSmedium Configuration

CORS Misconfiguration

HEADER_CORS_MISCONFIGUREDhigh Configuration

CORS Wildcard With Credentials

HEADER_CORS_STAR_WITH_CREDENTIALShigh Configuration

CORS Origin Reflection Without Vary

HEADER_CORS_ORIGIN_REFLECT_NO_VARYhigh Configuration

CORS Allows Null Origin

HEADER_CORS_NULL_ORIGINhigh Configuration

CORS Allows Wildcard Subdomains

HEADER_CORS_WILDCARD_SUBDOMAINhigh Configuration

Directory Listing Enabled (Generic)

DIRBROWSE_GENERIClow Configuration

Directory Listing Exposing Sensitive Content (Generic)

DIRBROWSE_GENERIC_SENSITIVEmedium Configuration

Apache Autoindex Enabled

DIRBROWSE_APACHElow Configuration

Apache Autoindex Exposing Sensitive Content

DIRBROWSE_APACHE_SENSITIVEmedium Configuration

Nginx Autoindex Enabled

DIRBROWSE_NGINXlow Configuration

Nginx Autoindex Exposing Sensitive Content

DIRBROWSE_NGINX_SENSITIVEmedium Configuration

IIS Directory Browsing Enabled

DIRBROWSE_IISlow Configuration

IIS Directory Browsing Exposing Sensitive Content

DIRBROWSE_IIS_SENSITIVEmedium Configuration

Tomcat Directory Listing Enabled

DIRBROWSE_TOMCATlow Configuration

Tomcat Directory Listing Exposing Sensitive Content

DIRBROWSE_TOMCAT_SENSITIVEmedium Configuration

Caddy File Server Browsing Enabled

DIRBROWSE_CADDYlow Configuration

Caddy File Server Browsing Exposing Sensitive Content

DIRBROWSE_CADDY_SENSITIVEmedium Configuration

WebDAV Directory Listing Enabled

DIRBROWSE_WEBDAVlow Configuration

WebDAV Directory Listing Exposing Sensitive Content

DIRBROWSE_WEBDAV_SENSITIVEmedium Configuration

S3 Bucket Listing Enabled

DIRBROWSE_S3low Configuration

S3 Bucket Listing Exposing Sensitive Content

DIRBROWSE_S3_SENSITIVEmedium Configuration

GCS Bucket Listing Enabled

DIRBROWSE_GCSlow Configuration

GCS Bucket Listing Exposing Sensitive Content

DIRBROWSE_GCS_SENSITIVEmedium Configuration

Azure Blob Container Listing Enabled

DIRBROWSE_AZURE_BLOBlow Configuration

Azure Blob Container Listing Exposing Sensitive Content

DIRBROWSE_AZURE_BLOB_SENSITIVEmedium Configuration

Directory Listing Enabled

DIRBROWSE_ENABLEDlow Configuration

Directory Listing Exposing Sensitive Content

DIRBROWSE_SENSITIVEmedium Configuration

Clickjacking Page Frameable

CLICK_FRAMEABLEmedium Configuration

Insecure Deserialization Java

DESER_JAVAcritical Injection

Insecure Deserialization PHP

DESER_PHPcritical Injection

Insecure Deserialization Python

DESER_PYTHONcritical Injection

Insecure Deserialization .NET

DESER_DOTNETcritical Injection

Insecure Deserialization Ruby

DESER_RUBYcritical Injection

Insecure Deserialization Node.js

DESER_NODEcritical Injection

Clickjacking Partial Protection

CLICK_PARTIAL_PROTECTIONlow Configuration

Missing Security Header X-Content-Type-Options

HEADER_MISSING_XCONTENT_TYPElow Configuration

Invalid Security Header X-Content-Type-Options

HEADER_XCONTENT_TYPE_INVALIDlow Configuration

Missing Security Header Referrer-Policy

HEADER_MISSING_REFERRER_POLICYlow Configuration

Unsafe Referrer-Policy Configuration

HEADER_REFERRER_POLICY_UNSAFElow Configuration

Missing Security Header Permissions-Policy

HEADER_MISSING_PERMISSIONS_POLICYinfo Configuration

Missing Security Header X-XSS-Protection

HEADER_MISSING_XSS_PROTECTIONinfo Configuration

Header Misconfiguration COEP Without COOP

HEADER_COEP_WITHOUT_COOPinfo Configuration

Header Misconfiguration Unusual CORP Value

HEADER_CORP_UNUSUALinfo Configuration

Deprecated Header Expect-CT Present

HEADER_EXPECT_CT_PRESENTinfo Configuration

Information Exposure Server Header Present

HEADER_SERVER_HEADER_PRESENTinfo Configuration

Information Exposure X-Powered-By Present

HEADER_X_POWERED_BY_PRESENTinfo Configuration

Deprecated Header X-XSS-Protection Enabled

HEADER_X_XSS_PROTECTION_ENABLEDlow Configuration

Cookie Misconfiguration SameSite=None Without Secure

COOKIE_SAMESITE_NONE_WITHOUT_SECUREmedium Configuration

Cookie Misconfiguration Session Cookie Missing Secure

COOKIE_SESSION_MISSING_SECUREhigh Configuration

Cookie Misconfiguration Missing Secure Attribute

COOKIE_MISSING_SECUREmedium Configuration

Cookie Misconfiguration Session Cookie Missing HttpOnly

COOKIE_SESSION_MISSING_HTTPONLYhigh Configuration

Cookie Misconfiguration Missing HttpOnly Attribute

COOKIE_MISSING_HTTPONLYmedium Configuration

Cookie Misconfiguration Missing SameSite Attribute

COOKIE_MISSING_SAMESITEmedium Configuration

Cookie Misconfiguration __Host- Prefix Violations

COOKIE_HOST_PREFIX_INVALIDmedium Configuration

Cookie Misconfiguration __Secure- Prefix Violations

COOKIE_SECURE_PREFIX_INVALIDmedium Configuration

Header Drift Content-Security-Policy Inconsistent

HEADER_DRIFT_CSPlow Configuration

Header Drift Strict-Transport-Security Inconsistent

HEADER_DRIFT_HSTSlow Configuration

Header Drift X-Content-Type-Options Inconsistent

HEADER_DRIFT_XCONTENT_TYPElow Configuration

Header Drift Referrer-Policy Inconsistent

HEADER_DRIFT_REFERRER_POLICYlow Configuration

Header Drift X-Frame-Options Inconsistent

HEADER_DRIFT_XFRAMElow Configuration

Header Drift Permissions-Policy Inconsistent

HEADER_DRIFT_PERMISSIONS_POLICYlow Configuration

Header Drift COOP Inconsistent

HEADER_DRIFT_COOPlow Configuration

Header Drift COEP Inconsistent

HEADER_DRIFT_COEPlow Configuration

Header Drift CORP Inconsistent

HEADER_DRIFT_CORPlow Configuration

AWS Credentials Exposed

SENS_CRIT_AWS_CREDENTIALScritical Information Disclosure

SSH Private Key Exposed

SENS_CRIT_SSH_PRIVATE_KEYcritical Information Disclosure

SSL/TLS Private Key Exposed

SENS_CRIT_SSL_PRIVATE_KEYcritical Cryptographic

Rails Master Key Exposed

SENS_CRIT_RAILS_MASTER_KEYcritical Information Disclosure

Terraform State File Exposed

SENS_CRIT_TERRAFORM_STATEcritical Information Disclosure

Kubernetes Config Exposed

SENS_CRIT_KUBE_CONFIGcritical Information Disclosure

HashiCorp Vault Secret Exposed

SENS_CRIT_VAULT_SECRETcritical Information Disclosure

Git Repository Exposed

SENS_HIGH_GIT_EXPOSEDhigh Information Disclosure

Environment File Exposed

SENS_HIGH_ENV_FILEhigh Information Disclosure

WordPress Configuration File Exposed

SENS_HIGH_WORDPRESS_CONFIGhigh Information Disclosure

Spring Boot Actuator Endpoints Exposed

SENS_HIGH_SPRING_ACTUATORhigh Information Disclosure

Spring Boot Heapdump Exposed

SENS_HIGH_SPRING_HEAPDUMPcritical Information Disclosure

PHP Info Page Exposed

SENS_HIGH_PHPINFOmedium Information Disclosure

Laravel Debug Mode Enabled

SENS_HIGH_LARAVEL_DEBUGhigh Information Disclosure

GraphQL Introspection Enabled

SENS_HIGH_GRAPHQL_INTROSPECTIONmedium Information Disclosure

Database Backup File Exposed

SENS_HIGH_DATABASE_BACKUPcritical Information Disclosure

Swagger/OpenAPI Documentation Exposed

SENS_MED_SWAGGER_DOCSlow Information Disclosure

Prometheus Metrics Endpoint Exposed

SENS_MED_PROMETHEUS_METRICSmedium Information Disclosure

Admin Panel Publicly Accessible

SENS_MED_ADMIN_PANELmedium Access Control

JavaScript Source Maps Exposed

SENS_MED_SOURCE_MAPlow Information Disclosure

Un Protected Config JSON

SENS_MED_UN_PROTECTED_CONFIG_JSONmedium Information Disclosure

Web Server Configuration File Detected

SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTEDhigh Information Disclosure

Appsettings JSON Exposed

SENS_HIGH_APPSETTINGS_JSON_EXPOSEDhigh Information Disclosure

Spring Config Exposed

SENS_HIGH_SPRING_CONFIG_EXPOSEDhigh Information Disclosure

Npmrc Exposed

SENS_HIGH_NPMRC_EXPOSEDhigh Information Disclosure

TOML Project File Exposed

SENS_LOW_TOML_PROJECT_FILE_EXPOSEDlow Information Disclosure

Rails Database YML Exposed

SENS_HIGH_RAILS_DATABASE_YML_EXPOSEDhigh Information Disclosure

Drupal Settings PHP Exposed

SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSEDhigh Information Disclosure

Magento Env PHP Exposed

SENS_HIGH_MAGENTO_ENV_PHP_EXPOSEDhigh Information Disclosure

Jolokia Exposed

SENS_HIGH_JOLOKIA_EXPOSEDhigh Information Disclosure

SVN Working Copy Database Exposed

SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSEDhigh Information Disclosure

Subversion Repository Detected

SENS_HIGH_SUBVERSION_REPOSITORY_DETECTEDhigh Information Disclosure

Mercurial Repository Found

SENS_MED_MERCURIAL_REPOSITORY_FOUNDmedium Information Disclosure

Mercurial Hgrc Exposed

SENS_MED_MERCURIAL_HGRC_EXPOSEDmedium Information Disclosure

CVS Root Exposed

SENS_MED_CVS_ROOT_EXPOSEDmedium Information Disclosure

CVS Entries Exposed

SENS_MED_CVS_ENTRIES_EXPOSEDmedium Information Disclosure

Bazaar Repo Exposed

SENS_MED_BAZAAR_REPO_EXPOSEDmedium Information Disclosure

Spring Boot Thread Dump Exposed

SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSEDhigh Information Disclosure

Redis Rdb Dump Detected

SENS_HIGH_REDIS_RDB_DUMP_DETECTEDhigh Information Disclosure

Atlassian Bitbucket Pipelines Configuration Detected

SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTEDlow Information Disclosure

AZURE Pipelines Configuration Detected

SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTEDlow Information Disclosure

AWS Code Build Buildspec Detected

SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTEDlow Information Disclosure

Github Actions Workflow Detected

SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTEDlow Information Disclosure

Docker Compose Configuration Detected

SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTEDmedium Information Disclosure

Trace Axd

SENS_HIGH_TRACE_AXDhigh Information Disclosure

Elmah Axd Exposed

SENS_HIGH_ELMAH_AXD_EXPOSEDhigh Information Disclosure

Laravel Log Viewer Enabled

SENS_MED_LARAVEL_LOG_VIEWER_ENABLEDmedium Information Disclosure

Apache Htaccess File Detected

SENS_MED_APACHE_HTACCESS_FILE_DETECTEDmedium Information Disclosure

Apache Server Info Exposed

SENS_MED_APACHE_SERVER_INFO_EXPOSEDmedium Information Disclosure

Sqlite Database Detected

SENS_HIGH_SQLITE_DATABASE_DETECTEDhigh Information Disclosure

Package Dependencies Detected

SENS_MED_PACKAGE_DEPENDENCIES_DETECTEDmedium Information Disclosure

PHP Composer Dependencies Detected

SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTEDmedium Information Disclosure

Python Requirements Detected

SENS_LOW_PYTHON_REQUIREMENTS_DETECTEDlow Information Disclosure

AWS Config Exposed

SENS_HIGH_AWS_CONFIG_EXPOSEDhigh Information Disclosure

AZURE Credentials Exposed

SENS_HIGH_AZURE_CREDENTIALS_EXPOSEDhigh Information Disclosure

Helm Values Exposed

SENS_HIGH_HELM_VALUES_EXPOSEDhigh Information Disclosure

SSH Public Key Exposed

SENS_MED_SSH_PUBLIC_KEY_EXPOSEDmedium Information Disclosure

SSL Certificate Exposed

SENS_MED_SSL_CERTIFICATE_EXPOSEDmedium Information Disclosure

Graph Ql Endpoint Exposed

SENS_MED_GRAPH_QL_ENDPOINT_EXPOSEDmedium Information Disclosure

Graphi Ql Exposed

SENS_MED_GRAPHI_QL_EXPOSEDmedium Information Disclosure

Terraform Lock Exposed

SENS_MED_TERRAFORM_LOCK_EXPOSEDmedium Information Disclosure

Terraform Vars Exposed

SENS_HIGH_TERRAFORM_VARS_EXPOSEDhigh Information Disclosure

Error Log Exposed

SENS_MED_ERROR_LOG_EXPOSEDmedium Information Disclosure

Access Log Exposed

SENS_MED_ACCESS_LOG_EXPOSEDmedium Information Disclosure

Debug Log Exposed

SENS_MED_DEBUG_LOG_EXPOSEDmedium Information Disclosure

Application Log Exposed

SENS_MED_APPLICATION_LOG_EXPOSEDmedium Information Disclosure

Laravel Log Exposed

SENS_HIGH_LARAVEL_LOG_EXPOSEDhigh Information Disclosure

Word Press Debug Log Exposed

SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSEDhigh Information Disclosure

Adminer Exposed

SENS_HIGH_ADMINER_EXPOSEDhigh Information Disclosure

WSDL Exposed

SENS_MED_WSDL_EXPOSEDmedium Information Disclosure

Debug Endpoint Exposed

SENS_HIGH_DEBUG_ENDPOINT_EXPOSEDhigh Information Disclosure

Go Debug Vars Exposed

SENS_HIGH_GO_DEBUG_VARS_EXPOSEDhigh Information Disclosure

Go Pprof Exposed

SENS_HIGH_GO_PPROF_EXPOSEDhigh Information Disclosure

Word Press XML Rpc Exposed

SENS_MED_WORD_PRESS_XML_RPC_EXPOSEDmedium Information Disclosure

Test Endpoint Exposed

SENS_LOW_TEST_ENDPOINT_EXPOSEDlow Information Disclosure

Staging Endpoint Exposed

SENS_LOW_STAGING_ENDPOINT_EXPOSEDlow Information Disclosure

Editor Backup File Detected

SENS_LOW_EDITOR_BACKUP_FILE_DETECTEDlow Information Disclosure

VIM Swap File Detected

SENS_LOW_VIM_SWAP_FILE_DETECTEDlow Information Disclosure

Directory Listing Enabled

SENS_LOW_DIRECTORY_LISTING_ENABLEDlow Information Disclosure

AZURE Storage Config Exposed

SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSEDhigh Information Disclosure

Mongo Rc Exposed

SENS_HIGH_MONGO_RC_EXPOSEDhigh Information Disclosure

Awssam Template Exposed

SENS_LOW_AWSSAM_TEMPLATE_EXPOSEDlow Information Disclosure

Serverless Config Exposed

SENS_LOW_SERVERLESS_CONFIG_EXPOSEDlow Information Disclosure

Cloud Formation Template Exposed

SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSEDlow Information Disclosure

Azure Storage Key Exposed

SENS_CRIT_AZURE_STORAGE_KEYcritical Information Disclosure

Consul KV Exposed

SENS_CRIT_CONSUL_KVcritical Information Disclosure

Docker Secret Exposed

SENS_CRIT_DOCKER_SECRETcritical Information Disclosure

Firebase Admin SDK Exposed

SENS_CRIT_FIREBASE_ADMIN_SDKcritical Information Disclosure

Backup File Exposed

SENS_HIGH_BACKUP_FILEhigh Information Disclosure

DS Store Exposed

SENS_HIGH_DS_STOREhigh Information Disclosure

GCP Service Account Exposed

SENS_HIGH_GCP_SERVICE_ACCOUNThigh Information Disclosure

Git Config Exposed

SENS_HIGH_GIT_CONFIGhigh Information Disclosure

Htpasswd File Exposed

SENS_HIGH_HTPASSWDhigh Information Disclosure

Java Keystore Exposed

SENS_HIGH_JAVA_KEYSTOREhigh Information Disclosure

MongoDB Config Exposed

SENS_HIGH_MONGODB_CONFIGhigh Information Disclosure

PhpMyAdmin Exposed

SENS_HIGH_PHPMYADMINhigh Information Disclosure

PHP Session File Exposed

SENS_HIGH_PHP_SESSIONhigh Information Disclosure

Apache Status Exposed

SENS_MED_APACHE_STATUSmedium Information Disclosure

Composer Lock Exposed

SENS_MED_COMPOSER_LOCKmedium Information Disclosure

Dockerfile Exposed

SENS_MED_DOCKERFILEmedium Information Disclosure

Elasticsearch Exposed

SENS_MED_ELASTICSEARCHmedium Information Disclosure

Firebase Config Exposed

SENS_MED_FIREBASE_CONFIGmedium Information Disclosure

Gemfile Lock Exposed

SENS_MED_GEMFILE_LOCKmedium Information Disclosure

Package Lock Exposed

SENS_MED_PACKAGE_LOCKmedium Information Disclosure

CircleCI Config Exposed

SENS_LOW_CIRCLECIlow Information Disclosure

GitLab CI Config Exposed

SENS_LOW_GITLAB_CIlow Information Disclosure

Jenkinsfile Exposed

SENS_LOW_JENKINSFILElow Information Disclosure

Travis CI Config Exposed

SENS_LOW_TRAVIS_CIlow Information Disclosure

AWS Access Key ID Exposed

SENS_DATA_AWS_ACCESS_KEY_IDcritical Information Disclosure

AWS Secret Access Key Exposed

SENS_DATA_AWS_SECRET_ACCESS_KEYcritical Information Disclosure

Amazon MWS Auth Token Exposed

SENS_DATA_AWS_MWS_AUTH_TOKENcritical Information Disclosure

Google API Key Exposed

SENS_DATA_GOOGLE_API_KEYhigh Information Disclosure

Google OAuth Token Exposed

SENS_DATA_GOOGLE_OAUTH_TOKENhigh Information Disclosure

Google Cloud Private Key ID Exposed

SENS_DATA_GOOGLE_CLOUD_PRIVATE_KEY_IDcritical Information Disclosure

GitHub Personal Access Token Exposed

SENS_DATA_GITHUB_PATcritical Information Disclosure

GitHub OAuth Token Exposed

SENS_DATA_GITHUB_OAUTH_TOKENcritical Information Disclosure

GitHub App Token Exposed

SENS_DATA_GITHUB_APP_TOKENcritical Information Disclosure

GitHub Refresh Token Exposed

SENS_DATA_GITHUB_REFRESH_TOKENcritical Information Disclosure

GitLab Personal Access Token Exposed

SENS_DATA_GITLAB_PATcritical Information Disclosure

GitLab Pipeline Token Exposed

SENS_DATA_GITLAB_PIPELINE_TOKENcritical Information Disclosure

Azure Storage Account Key Exposed

SENS_DATA_AZURE_STORAGE_ACCOUNT_KEYcritical Information Disclosure

Stripe Secret Key Exposed

SENS_DATA_STRIPE_SECRET_KEYcritical Information Disclosure

Stripe Publishable Key Exposed

SENS_DATA_STRIPE_PUBLISHABLE_KEYmedium Information Disclosure

Stripe Restricted Key Exposed

SENS_DATA_STRIPE_RESTRICTED_KEYcritical Information Disclosure

Slack Token Exposed

SENS_DATA_SLACK_TOKENcritical Information Disclosure

Slack Webhook Exposed

SENS_DATA_SLACK_WEBHOOKhigh Information Disclosure

Discord Bot Token Exposed

SENS_DATA_DISCORD_BOT_TOKENcritical Information Disclosure

Discord Webhook Exposed

SENS_DATA_DISCORD_WEBHOOKhigh Information Disclosure

Twilio Account SID Exposed

SENS_DATA_TWILIO_ACCOUNT_SIDhigh Information Disclosure

SendGrid API Key Exposed

SENS_DATA_SENDGRID_API_KEYcritical Information Disclosure

Mailgun API Key Exposed

SENS_DATA_MAILGUN_API_KEYcritical Information Disclosure

Mailchimp API Key Exposed

SENS_DATA_MAILCHIMP_API_KEYcritical Information Disclosure

NPM Token Exposed

SENS_DATA_NPM_TOKENcritical Information Disclosure

PyPI Token Exposed

SENS_DATA_PYPI_TOKENcritical Information Disclosure

RSA Private Key Exposed

SENS_DATA_RSA_PRIVATE_KEYcritical Information Disclosure

OpenSSH Private Key Exposed

SENS_DATA_OPENSSH_PRIVATE_KEYcritical Information Disclosure

DSA Private Key Exposed

SENS_DATA_DSA_PRIVATE_KEYcritical Information Disclosure

EC Private Key Exposed

SENS_DATA_EC_PRIVATE_KEYcritical Information Disclosure

PGP Private Key Exposed

SENS_DATA_PGP_PRIVATE_KEYcritical Information Disclosure

Encrypted Private Key Exposed

SENS_DATA_ENCRYPTED_PRIVATE_KEYcritical Information Disclosure

MongoDB Connection String Exposed

SENS_DATA_MONGODB_URIcritical Information Disclosure

PostgreSQL Connection String Exposed

SENS_DATA_POSTGRESQL_URIcritical Information Disclosure

MySQL Connection String Exposed

SENS_DATA_MYSQL_URIcritical Information Disclosure

Redis Connection String Exposed

SENS_DATA_REDIS_URIcritical Information Disclosure

MSSQL Connection String Exposed

SENS_DATA_MSSQL_URIcritical Information Disclosure

DigitalOcean Token Exposed

SENS_DATA_DIGITALOCEAN_TOKENcritical Information Disclosure

Alibaba Cloud Access Key Exposed

SENS_DATA_ALIBABA_CLOUD_ACCESS_KEYcritical Information Disclosure

Square Access Token Exposed

SENS_DATA_SQUARE_ACCESS_TOKENcritical Information Disclosure

Square OAuth Secret Exposed

SENS_DATA_SQUARE_OAUTH_SECRETcritical Information Disclosure

Shopify Access Token Exposed

SENS_DATA_SHOPIFY_ACCESS_TOKENcritical Information Disclosure

Shopify Custom App Token Exposed

SENS_DATA_SHOPIFY_CUSTOM_APP_TOKENcritical Information Disclosure

Shopify Private App Token Exposed

SENS_DATA_SHOPIFY_PRIVATE_APP_TOKENcritical Information Disclosure

Shopify Shared Secret Exposed

SENS_DATA_SHOPIFY_SHARED_SECRETcritical Information Disclosure

Telegram Bot Token Exposed

SENS_DATA_TELEGRAM_BOT_TOKENcritical Information Disclosure

OpenAI API Key Exposed

SENS_DATA_OPENAI_API_KEYcritical Information Disclosure

Sentry DSN Exposed

SENS_DATA_SENTRY_DSNhigh Information Disclosure