JavaScript & TypeScript
(1) Use of Hardcoded Credentials
(798) Use of Hard-coded Credentials
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(259) Use of Hard-coded Password
SANS/CWE Top 25
(2) Use of Password Hash With Insufficient Computational Effort
(916) Use of Password Hash With Insufficient Computational Effort
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(4) Hardcoded Secret
(547) Use of Hard-coded, Security-relevant Constants
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(5) Command Injection
(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(6) Cross-site Scripting (XSS)
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(7) Server-Side Request Forgery (SSRF)
(918) Server-Side Request Forgery (SSRF)
OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
SANS/CWE Top 25
(8) Open Redirect
(601) URL Redirection to Untrusted Site ('Open Redirect')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(9) SQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(10) XML External Entity (XXE) Injection
(611) Improper Restriction of XML External Entity Reference
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
SANS/CWE Top 25
(11) Use of Insufficiently Random Values
(330) Use of Insufficiently Random Values
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(12) Sensitive Cookie Without 'HttpOnly' Flag
(1004) Sensitive Cookie Without 'HttpOnly' Flag
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(13) Deserialization of Untrusted Data
(502) Deserialization of Untrusted Data
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
SANS/CWE Top 25
(14) Code Injection
(94) Improper Control of Generation of Code ('Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(15) Information Exposure
(200) Exposure of Sensitive Information to an Unauthorized Actor
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(16) Path Traversal
(23) Relative Path Traversal
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(17) XPath Injection
(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(18) Arbitrary File Write via Archive Extraction (Zip Slip)
(22) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(19) Use of a Broken or Risky Cryptographic Algorithm
(327) Use of a Broken or Risky Cryptographic Algorithm
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(20) Cleartext Transmission of Sensitive Information
(319) Cleartext Transmission of Sensitive Information
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(21) Origin Validation Error
(942) Permissive Cross-domain Policy with Untrusted Domains
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(346) Origin Validation Error
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(22) Cross-Site Request Forgery (CSRF)
(352) Cross-Site Request Forgery (CSRF)
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(23) Use of Externally-Controlled Format String
(134) Use of Externally-Controlled Format String
(24) Observable Timing Discrepancy (Timing Attack)
(208) Observable Timing Discrepancy
(25) Buffer Over-read
(126) Buffer Over-read
(26) Improper Restriction of Rendered UI Layers or Frames
(1021) Improper Restriction of Rendered UI Layers or Frames
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(27) Unchecked Input for Loop Condition
(400) Uncontrolled Resource Consumption
(606) Unchecked Input for Loop Condition
(28) Improper Input Validation
(20) Improper Input Validation
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(29) Allocation of Resources Without Limits or Throttling
(770) Allocation of Resources Without Limits or Throttling
(30) Permissive Cross-domain Policy
(942) Permissive Cross-domain Policy with Untrusted Domains
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(31) Denial of Service (DoS) through Nested GraphQL Queries
(400) Uncontrolled Resource Consumption
(32) Introspection Enabled
(200) Exposure of Sensitive Information to an Unauthorized Actor
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(33) Weak Password Recovery Mechanism for Forgotten Password
(640) Weak Password Recovery Mechanism for Forgotten Password
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(34) Prototype Pollution
(1321) Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
(35) Regular Expression Denial of Service (ReDoS)
(400) Uncontrolled Resource Consumption
(36) Improper Neutralization of Directives in Statically Saved Code
(96) Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(37) GraphQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(38) NoSQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(39) XML internal entity expansion
(776) Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Last updated
Was this helpful?