| 1004.1 |
Sensitive cookie without HttpOnly attribute |
Low |
Passive |
| 16.1 |
Missing Content-Type header |
Low |
Passive |
| 16.10 |
Content-Security-Policy violations |
Info |
Passive |
| 16.2 |
Server header exposes version information |
Low |
Passive |
| 16.3 |
X-Powered-By header exposes version information |
Low |
Passive |
| 16.4 |
X-Backend-Server header exposes server information |
Info |
Passive |
| 16.5 |
AspNet header exposes version information |
Low |
Passive |
| 16.6 |
AspNetMvc header exposes version information |
Low |
Passive |
| 16.7 |
Strict-Transport-Security header missing or invalid |
Low |
Passive |
| 16.8 |
Content-Security-Policy analysis |
Info |
Passive |
| 16.9 |
Content-Security-Policy-Report-Only analysis |
Info |
Passive |
| 200.1 |
Exposure of sensitive information to an unauthorized actor (private IP address) |
Low |
Passive |
| 209.1 |
Generation of error message containing sensitive information |
Low |
Passive |
| 209.2 |
Generation of database error message containing sensitive information |
Low |
Passive |
| 287.1 |
Insecure authentication over HTTP (Basic Authentication) |
Medium |
Passive |
| 287.2 |
Insecure authentication over HTTP (Digest Authentication) |
Low |
Passive |
| 319.1 |
Mixed Content |
Info |
Passive |
| 352.1 |
Absence of anti-CSRF tokens |
Medium |
Passive |
| 359.1 |
Exposure of Private Personal Information (PII) to an unauthorized actor (credit card) |
Medium |
Passive |
| 359.2 |
Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number) |
Medium |
Passive |
| 548.1 |
Exposure of information through directory listing |
Low |
Passive |
| 598.1 |
Use of GET request method with sensitive query strings (session ID) |
Medium |
Passive |
| 598.2 |
Use of GET request method with sensitive query strings (password) |
Medium |
Passive |
| 598.3 |
Use of GET request method with sensitive query strings (Authorization header details) |
Medium |
Passive |
| 601.1 |
URL redirection to untrusted site ('open redirect') |
Low |
Passive |
| 614.1 |
Sensitive cookie without Secure attribute |
Low |
Passive |
| 693.1 |
Missing X-Content-Type-Options: nosniff |
Low |
Passive |
| 798.1 |
Exposure of confidential secret or token Adafruit API Key |
High |
Passive |
| 798.2 |
Exposure of confidential secret or token Adobe Client ID (OAuth Web) |
High |
Passive |
| 798.3 |
Exposure of confidential secret or token Adobe Client Secret |
High |
Passive |
| 798.4 |
Exposure of confidential secret or token Age secret key |
High |
Passive |
| 798.5 |
Exposure of confidential secret or token Airtable API Key |
High |
Passive |
| 798.6 |
Exposure of confidential secret or token Algolia API Key |
High |
Passive |
| 798.7 |
Exposure of confidential secret or token Alibaba AccessKey ID |
High |
Passive |
| 798.8 |
Exposure of confidential secret or token Alibaba Secret Key |
High |
Passive |
| 798.9 |
Exposure of confidential secret or token Asana Client ID |
High |
Passive |
| 798.10 |
Exposure of confidential secret or token Asana Client Secret |
High |
Passive |
| 798.11 |
Exposure of confidential secret or token Atlassian API token |
High |
Passive |
| 798.12 |
Exposure of confidential secret or token AWS |
High |
Passive |
| 798.13 |
Exposure of confidential secret or token Bitbucket Client ID |
High |
Passive |
| 798.14 |
Exposure of confidential secret or token Bitbucket Client Secret |
High |
Passive |
| 798.15 |
Exposure of confidential secret or token Bittrex Access Key |
High |
Passive |
| 798.16 |
Exposure of confidential secret or token Bittrex Secret Key |
High |
Passive |
| 798.17 |
Exposure of confidential secret or token Beamer API token |
High |
Passive |
| 798.18 |
Exposure of confidential secret or token Codecov Access Token |
High |
Passive |
| 798.19 |
Exposure of confidential secret or token Coinbase Access Token |
High |
Passive |
| 798.20 |
Exposure of confidential secret or token Clojars API token |
High |
Passive |
| 798.21 |
Exposure of confidential secret or token Confluent Access Token |
High |
Passive |
| 798.22 |
Exposure of confidential secret or token Confluent Secret Key |
High |
Passive |
| 798.23 |
Exposure of confidential secret or token Contentful delivery API token |
High |
Passive |
| 798.24 |
Exposure of confidential secret or token Databricks API token |
High |
Passive |
| 798.25 |
Exposure of confidential secret or token Datadog Access Token |
High |
Passive |
| 798.26 |
Exposure of confidential secret or token Discord API key |
High |
Passive |
| 798.27 |
Exposure of confidential secret or token Discord client ID |
High |
Passive |
| 798.28 |
Exposure of confidential secret or token Discord client secret |
High |
Passive |
| 798.29 |
Exposure of confidential secret or token Doppler API token |
High |
Passive |
| 798.30 |
Exposure of confidential secret or token Dropbox API secret |
High |
Passive |
| 798.31 |
Exposure of confidential secret or token Dropbox long lived API token |
High |
Passive |
| 798.32 |
Exposure of confidential secret or token Dropbox short lived API token |
High |
Passive |
| 798.33 |
Exposure of confidential secret or token Drone CI Access Token |
High |
Passive |
| 798.34 |
Exposure of confidential secret or token Duffel API token |
High |
Passive |
| 798.35 |
Exposure of confidential secret or token Dynatrace API token |
High |
Passive |
| 798.36 |
Exposure of confidential secret or token EasyPost API token |
High |
Passive |
| 798.37 |
Exposure of confidential secret or token EasyPost test API token |
High |
Passive |
| 798.38 |
Exposure of confidential secret or token Etsy Access Token |
High |
Passive |
| 798.39 |
Exposure of confidential secret or token Facebook |
High |
Passive |
| 798.40 |
Exposure of confidential secret or token Fastly API key |
High |
Passive |
| 798.41 |
Exposure of confidential secret or token Finicity Client Secret |
High |
Passive |
| 798.42 |
Exposure of confidential secret or token Finicity API token |
High |
Passive |
| 798.43 |
Exposure of confidential secret or token Flickr Access Token |
High |
Passive |
| 798.44 |
Exposure of confidential secret or token Finnhub Access Token |
High |
Passive |
| 798.46 |
Exposure of confidential secret or token Flutterwave Secret Key |
High |
Passive |
| 798.47 |
Exposure of confidential secret or token Flutterwave Encryption Key |
High |
Passive |
| 798.48 |
Exposure of confidential secret or token Frame.io API token |
High |
Passive |
| 798.49 |
Exposure of confidential secret or token FreshBooks Access Token |
High |
Passive |
| 798.50 |
Exposure of confidential secret or token GoCardless API token |
High |
Passive |
| 798.52 |
Exposure of confidential secret or token GitHub Personal Access Token |
High |
Passive |
| 798.53 |
Exposure of confidential secret or token GitHub OAuth Access Token |
High |
Passive |
| 798.54 |
Exposure of confidential secret or token GitHub App Token |
High |
Passive |
| 798.55 |
Exposure of confidential secret or token GitHub Refresh Token |
High |
Passive |
| 798.56 |
Exposure of confidential secret or token GitLab Personal Access Token |
High |
Passive |
| 798.57 |
Exposure of confidential secret or token Gitter Access Token |
High |
Passive |
| 798.58 |
Exposure of confidential secret or token HashiCorp Terraform user/org API token |
High |
Passive |
| 798.59 |
Exposure of confidential secret or token Heroku API Key |
High |
Passive |
| 798.60 |
Exposure of confidential secret or token HubSpot API Token |
High |
Passive |
| 798.61 |
Exposure of confidential secret or token Intercom API Token |
High |
Passive |
| 798.62 |
Exposure of confidential secret or token Kraken Access Token |
High |
Passive |
| 798.63 |
Exposure of confidential secret or token Kucoin Access Token |
High |
Passive |
| 798.64 |
Exposure of confidential secret or token Kucoin Secret Key |
High |
Passive |
| 798.65 |
Exposure of confidential secret or token LaunchDarkly Access Token |
High |
Passive |
| 798.66 |
Exposure of confidential secret or token Linear API Token |
High |
Passive |
| 798.67 |
Exposure of confidential secret or token Linear Client Secret |
High |
Passive |
| 798.68 |
Exposure of confidential secret or token LinkedIn Client ID |
High |
Passive |
| 798.69 |
Exposure of confidential secret or token LinkedIn Client secret |
High |
Passive |
| 798.70 |
Exposure of confidential secret or token Lob API Key |
High |
Passive |
| 798.72 |
Exposure of confidential secret or token Mailchimp API key |
High |
Passive |
| 798.74 |
Exposure of confidential secret or token Mailgun private API token |
High |
Passive |
| 798.75 |
Exposure of confidential secret or token Mailgun webhook signing key |
High |
Passive |
| 798.77 |
Exposure of confidential secret or token Mattermost Access Token |
High |
Passive |
| 798.78 |
Exposure of confidential secret or token MessageBird API token |
High |
Passive |
| 798.80 |
Exposure of confidential secret or token Netlify Access Token |
High |
Passive |
| 798.81 |
Exposure of confidential secret or token New Relic user API Key |
High |
Passive |
| 798.82 |
Exposure of confidential secret or token New Relic user API ID |
High |
Passive |
| 798.83 |
Exposure of confidential secret or token New Relic ingest browser API token |
High |
Passive |
| 798.84 |
Exposure of confidential secret or token npm access token |
High |
Passive |
| 798.86 |
Exposure of confidential secret or token Okta Access Token |
High |
Passive |
| 798.87 |
Exposure of confidential secret or token Plaid Client ID |
High |
Passive |
| 798.88 |
Exposure of confidential secret or token Plaid Secret key |
High |
Passive |
| 798.89 |
Exposure of confidential secret or token Plaid API Token |
High |
Passive |
| 798.90 |
Exposure of confidential secret or token PlanetScale password |
High |
Passive |
| 798.91 |
Exposure of confidential secret or token PlanetScale API token |
High |
Passive |
| 798.92 |
Exposure of confidential secret or token PlanetScale OAuth token |
High |
Passive |
| 798.93 |
Exposure of confidential secret or token Postman API token |
High |
Passive |
| 798.94 |
Exposure of confidential secret or token Private Key |
High |
Passive |
| 798.95 |
Exposure of confidential secret or token Pulumi API token |
High |
Passive |
| 798.96 |
Exposure of confidential secret or token PyPI upload token |
High |
Passive |
| 798.97 |
Exposure of confidential secret or token RubyGems API token |
High |
Passive |
| 798.98 |
Exposure of confidential secret or token RapidAPI Access Token |
High |
Passive |
| 798.99 |
Exposure of confidential secret or token Sendbird Access ID |
High |
Passive |
| 798.100 |
Exposure of confidential secret or token Sendbird Access Token |
High |
Passive |
| 798.101 |
Exposure of confidential secret or token SendGrid API token |
High |
Passive |
| 798.102 |
Exposure of confidential secret or token Sendinblue API token |
High |
Passive |
| 798.103 |
Exposure of confidential secret or token Sentry Access Token |
High |
Passive |
| 798.104 |
Exposure of confidential secret or token Shippo API token |
High |
Passive |
| 798.105 |
Exposure of confidential secret or token Shopify access token |
High |
Passive |
| 798.106 |
Exposure of confidential secret or token Shopify custom access token |
High |
Passive |
| 798.107 |
Exposure of confidential secret or token Shopify private app access token |
High |
Passive |
| 798.108 |
Exposure of confidential secret or token Shopify shared secret |
High |
Passive |
| 798.109 |
Exposure of confidential secret or token Slack token |
High |
Passive |
| 798.110 |
Exposure of confidential secret or token Slack Webhook |
High |
Passive |
| 798.111 |
Exposure of confidential secret or token Stripe |
High |
Passive |
| 798.112 |
Exposure of confidential secret or token Square Access Token |
High |
Passive |
| 798.113 |
Exposure of confidential secret or token Squarespace Access Token |
High |
Passive |
| 798.114 |
Exposure of confidential secret or token SumoLogic Access ID |
High |
Passive |
| 798.115 |
Exposure of confidential secret or token SumoLogic Access Token |
High |
Passive |
| 798.116 |
Exposure of confidential secret or token Travis CI Access Token |
High |
Passive |
| 798.117 |
Exposure of confidential secret or token Twilio API Key |
High |
Passive |
| 798.118 |
Exposure of confidential secret or token Twitch API token |
High |
Passive |
| 798.119 |
Exposure of confidential secret or token Twitter API Key |
High |
Passive |
| 798.120 |
Exposure of confidential secret or token Twitter API Secret |
High |
Passive |
| 798.121 |
Exposure of confidential secret or token Twitter Access Token |
High |
Passive |
| 798.122 |
Exposure of confidential secret or token Twitter Access Secret |
High |
Passive |
| 798.123 |
Exposure of confidential secret or token Twitter Bearer Token |
High |
Passive |
| 798.124 |
Exposure of confidential secret or token Typeform API token |
High |
Passive |
| 798.125 |
Exposure of confidential secret or token Yandex API Key |
High |
Passive |
| 798.126 |
Exposure of confidential secret or token Yandex AWS Access Token |
High |
Passive |
| 798.127 |
Exposure of confidential secret or token Yandex Access Token |
High |
Passive |
| 798.128 |
Exposure of confidential secret or token Zendesk Secret Key |
High |
Passive |
| 829.1 |
Inclusion of Functionality from Untrusted Control Sphere |
Low |
Passive |
| 829.2 |
Invalid Sub-Resource Integrity values detected |
Medium |
Passive |