| 1004.1
| Sensitive cookie without HttpOnly attribute
| Low
| Passive
|
| 16.1
| Missing Content-Type header
| Low
| Passive
|
| 16.10
| Content-Security-Policy violations
| Info
| Passive
|
| 16.2
| Server header exposes version information
| Low
| Passive
|
| 16.3
| X-Powered-By header exposes version information
| Low
| Passive
|
| 16.4
| X-Backend-Server header exposes server information
| Info
| Passive
|
| 16.5
| AspNet header exposes version information
| Low
| Passive
|
| 16.6
| AspNetMvc header exposes version information
| Low
| Passive
|
| 16.7
| Strict-Transport-Security header missing or invalid
| Low
| Passive
|
| 16.8
| Content-Security-Policy analysis
| Info
| Passive
|
| 16.9
| Content-Security-Policy-Report-Only analysis
| Info
| Passive
|
| 200.1
| Exposure of sensitive information to an unauthorized actor (private IP address)
| Low
| Passive
|
| 209.1
| Generation of error message containing sensitive information
| Low
| Passive
|
| 209.2
| Generation of database error message containing sensitive information
| Low
| Passive
|
| 287.1
| Insecure authentication over HTTP (Basic Authentication)
| Medium
| Passive
|
| 287.2
| Insecure authentication over HTTP (Digest Authentication)
| Low
| Passive
|
| 319.1
| Mixed Content
| Info
| Passive
|
| 352.1
| Absence of anti-CSRF tokens
| Medium
| Passive
|
| 359.1
| Exposure of Private Personal Information (PII) to an unauthorized actor (credit card)
| Medium
| Passive
|
| 359.2
| Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number)
| Medium
| Passive
|
| 548.1
| Exposure of information through directory listing
| Low
| Passive
|
| 598.1
| Use of GET request method with sensitive query strings (session ID)
| Medium
| Passive
|
| 598.2
| Use of GET request method with sensitive query strings (password)
| Medium
| Passive
|
| 598.3
| Use of GET request method with sensitive query strings (Authorization header details)
| Medium
| Passive
|
| 601.1
| URL redirection to untrusted site (‘open redirect’)
| Low
| Passive
|
| 614.1
| Sensitive cookie without Secure attribute
| Low
| Passive
|
| 693.1
| Missing X-Content-Type-Options: nosniff
| Low
| Passive
|
| 798.1
| Exposure of confidential secret or token Adafruit API Key
| High
| Passive
|
| 798.2
| Exposure of confidential secret or token Adobe Client ID (OAuth Web)
| High
| Passive
|
| 798.3
| Exposure of confidential secret or token Adobe Client Secret
| High
| Passive
|
| 798.4
| Exposure of confidential secret or token Age secret key
| High
| Passive
|
| 798.5
| Exposure of confidential secret or token Airtable API Key
| High
| Passive
|
| 798.6
| Exposure of confidential secret or token Algolia API Key
| High
| Passive
|
| 798.7
| Exposure of confidential secret or token Alibaba AccessKey ID
| High
| Passive
|
| 798.8
| Exposure of confidential secret or token Alibaba Secret Key
| High
| Passive
|
| 798.9
| Exposure of confidential secret or token Asana Client ID
| High
| Passive
|
| 798.10
| Exposure of confidential secret or token Asana Client Secret
| High
| Passive
|
| 798.11
| Exposure of confidential secret or token Atlassian API token
| High
| Passive
|
| 798.12
| Exposure of confidential secret or token AWS
| High
| Passive
|
| 798.13
| Exposure of confidential secret or token Bitbucket Client ID
| High
| Passive
|
| 798.14
| Exposure of confidential secret or token Bitbucket Client Secret
| High
| Passive
|
| 798.15
| Exposure of confidential secret or token Bittrex Access Key
| High
| Passive
|
| 798.16
| Exposure of confidential secret or token Bittrex Secret Key
| High
| Passive
|
| 798.17
| Exposure of confidential secret or token Beamer API token
| High
| Passive
|
| 798.18
| Exposure of confidential secret or token Codecov Access Token
| High
| Passive
|
| 798.19
| Exposure of confidential secret or token Coinbase Access Token
| High
| Passive
|
| 798.20
| Exposure of confidential secret or token Clojars API token
| High
| Passive
|
| 798.21
| Exposure of confidential secret or token Confluent Access Token
| High
| Passive
|
| 798.22
| Exposure of confidential secret or token Confluent Secret Key
| High
| Passive
|
| 798.23
| Exposure of confidential secret or token Contentful delivery API token
| High
| Passive
|
| 798.24
| Exposure of confidential secret or token Databricks API token
| High
| Passive
|
| 798.25
| Exposure of confidential secret or token Datadog Access Token
| High
| Passive
|
| 798.26
| Exposure of confidential secret or token Discord API key
| High
| Passive
|
| 798.27
| Exposure of confidential secret or token Discord client ID
| High
| Passive
|
| 798.28
| Exposure of confidential secret or token Discord client secret
| High
| Passive
|
| 798.29
| Exposure of confidential secret or token Doppler API token
| High
| Passive
|
| 798.30
| Exposure of confidential secret or token Dropbox API secret
| High
| Passive
|
| 798.31
| Exposure of confidential secret or token Dropbox long lived API token
| High
| Passive
|
| 798.32
| Exposure of confidential secret or token Dropbox short lived API token
| High
| Passive
|
| 798.33
| Exposure of confidential secret or token Drone CI Access Token
| High
| Passive
|
| 798.34
| Exposure of confidential secret or token Duffel API token
| High
| Passive
|
| 798.35
| Exposure of confidential secret or token Dynatrace API token
| High
| Passive
|
| 798.36
| Exposure of confidential secret or token EasyPost API token
| High
| Passive
|
| 798.37
| Exposure of confidential secret or token EasyPost test API token
| High
| Passive
|
| 798.38
| Exposure of confidential secret or token Etsy Access Token
| High
| Passive
|
| 798.39
| Exposure of confidential secret or token Facebook
| High
| Passive
|
| 798.40
| Exposure of confidential secret or token Fastly API key
| High
| Passive
|
| 798.41
| Exposure of confidential secret or token Finicity Client Secret
| High
| Passive
|
| 798.42
| Exposure of confidential secret or token Finicity API token
| High
| Passive
|
| 798.43
| Exposure of confidential secret or token Flickr Access Token
| High
| Passive
|
| 798.44
| Exposure of confidential secret or token Finnhub Access Token
| High
| Passive
|
| 798.46
| Exposure of confidential secret or token Flutterwave Secret Key
| High
| Passive
|
| 798.47
| Exposure of confidential secret or token Flutterwave Encryption Key
| High
| Passive
|
| 798.48
| Exposure of confidential secret or token Frame.io API token
| High
| Passive
|
| 798.49
| Exposure of confidential secret or token FreshBooks Access Token
| High
| Passive
|
| 798.50
| Exposure of confidential secret or token GoCardless API token
| High
| Passive
|
| 798.52
| Exposure of confidential secret or token GitHub Personal Access Token
| High
| Passive
|
| 798.53
| Exposure of confidential secret or token GitHub OAuth Access Token
| High
| Passive
|
| 798.54
| Exposure of confidential secret or token GitHub App Token
| High
| Passive
|
| 798.55
| Exposure of confidential secret or token GitHub Refresh Token
| High
| Passive
|
| 798.56
| Exposure of confidential secret or token GitLab Personal Access Token
| High
| Passive
|
| 798.57
| Exposure of confidential secret or token Gitter Access Token
| High
| Passive
|
| 798.58
| Exposure of confidential secret or token HashiCorp Terraform user/org API token
| High
| Passive
|
| 798.59
| Exposure of confidential secret or token Heroku API Key
| High
| Passive
|
| 798.60
| Exposure of confidential secret or token HubSpot API Token
| High
| Passive
|
| 798.61
| Exposure of confidential secret or token Intercom API Token
| High
| Passive
|
| 798.62
| Exposure of confidential secret or token Kraken Access Token
| High
| Passive
|
| 798.63
| Exposure of confidential secret or token Kucoin Access Token
| High
| Passive
|
| 798.64
| Exposure of confidential secret or token Kucoin Secret Key
| High
| Passive
|
| 798.65
| Exposure of confidential secret or token LaunchDarkly Access Token
| High
| Passive
|
| 798.66
| Exposure of confidential secret or token Linear API Token
| High
| Passive
|
| 798.67
| Exposure of confidential secret or token Linear Client Secret
| High
| Passive
|
| 798.68
| Exposure of confidential secret or token LinkedIn Client ID
| High
| Passive
|
| 798.69
| Exposure of confidential secret or token LinkedIn Client secret
| High
| Passive
|
| 798.70
| Exposure of confidential secret or token Lob API Key
| High
| Passive
|
| 798.72
| Exposure of confidential secret or token Mailchimp API key
| High
| Passive
|
| 798.74
| Exposure of confidential secret or token Mailgun private API token
| High
| Passive
|
| 798.75
| Exposure of confidential secret or token Mailgun webhook signing key
| High
| Passive
|
| 798.77
| Exposure of confidential secret or token Mattermost Access Token
| High
| Passive
|
| 798.78
| Exposure of confidential secret or token MessageBird API token
| High
| Passive
|
| 798.80
| Exposure of confidential secret or token Netlify Access Token
| High
| Passive
|
| 798.81
| Exposure of confidential secret or token New Relic user API Key
| High
| Passive
|
| 798.82
| Exposure of confidential secret or token New Relic user API ID
| High
| Passive
|
| 798.83
| Exposure of confidential secret or token New Relic ingest browser API token
| High
| Passive
|
| 798.84
| Exposure of confidential secret or token npm access token
| High
| Passive
|
| 798.86
| Exposure of confidential secret or token Okta Access Token
| High
| Passive
|
| 798.87
| Exposure of confidential secret or token Plaid Client ID
| High
| Passive
|
| 798.88
| Exposure of confidential secret or token Plaid Secret key
| High
| Passive
|
| 798.89
| Exposure of confidential secret or token Plaid API Token
| High
| Passive
|
| 798.90
| Exposure of confidential secret or token PlanetScale password
| High
| Passive
|
| 798.91
| Exposure of confidential secret or token PlanetScale API token
| High
| Passive
|
| 798.92
| Exposure of confidential secret or token PlanetScale OAuth token
| High
| Passive
|
| 798.93
| Exposure of confidential secret or token Postman API token
| High
| Passive
|
| 798.94
| Exposure of confidential secret or token Private Key
| High
| Passive
|
| 798.95
| Exposure of confidential secret or token Pulumi API token
| High
| Passive
|
| 798.96
| Exposure of confidential secret or token PyPI upload token
| High
| Passive
|
| 798.97
| Exposure of confidential secret or token RubyGems API token
| High
| Passive
|
| 798.98
| Exposure of confidential secret or token RapidAPI Access Token
| High
| Passive
|
| 798.99
| Exposure of confidential secret or token Sendbird Access ID
| High
| Passive
|
| 798.100
| Exposure of confidential secret or token Sendbird Access Token
| High
| Passive
|
| 798.101
| Exposure of confidential secret or token SendGrid API token
| High
| Passive
|
| 798.102
| Exposure of confidential secret or token Sendinblue API token
| High
| Passive
|
| 798.103
| Exposure of confidential secret or token Sentry Access Token
| High
| Passive
|
| 798.104
| Exposure of confidential secret or token Shippo API token
| High
| Passive
|
| 798.105
| Exposure of confidential secret or token Shopify access token
| High
| Passive
|
| 798.106
| Exposure of confidential secret or token Shopify custom access token
| High
| Passive
|
| 798.107
| Exposure of confidential secret or token Shopify private app access token
| High
| Passive
|
| 798.108
| Exposure of confidential secret or token Shopify shared secret
| High
| Passive
|
| 798.109
| Exposure of confidential secret or token Slack token
| High
| Passive
|
| 798.110
| Exposure of confidential secret or token Slack Webhook
| High
| Passive
|
| 798.111
| Exposure of confidential secret or token Stripe
| High
| Passive
|
| 798.112
| Exposure of confidential secret or token Square Access Token
| High
| Passive
|
| 798.113
| Exposure of confidential secret or token Squarespace Access Token
| High
| Passive
|
| 798.114
| Exposure of confidential secret or token SumoLogic Access ID
| High
| Passive
|
| 798.115
| Exposure of confidential secret or token SumoLogic Access Token
| High
| Passive
|
| 798.116
| Exposure of confidential secret or token Travis CI Access Token
| High
| Passive
|
| 798.117
| Exposure of confidential secret or token Twilio API Key
| High
| Passive
|
| 798.118
| Exposure of confidential secret or token Twitch API token
| High
| Passive
|
| 798.119
| Exposure of confidential secret or token Twitter API Key
| High
| Passive
|
| 798.120
| Exposure of confidential secret or token Twitter API Secret
| High
| Passive
|
| 798.121
| Exposure of confidential secret or token Twitter Access Token
| High
| Passive
|
| 798.122
| Exposure of confidential secret or token Twitter Access Secret
| High
| Passive
|
| 798.123
| Exposure of confidential secret or token Twitter Bearer Token
| High
| Passive
|
| 798.124
| Exposure of confidential secret or token Typeform API token
| High
| Passive
|
| 798.125
| Exposure of confidential secret or token Yandex API Key
| High
| Passive
|
| 798.126
| Exposure of confidential secret or token Yandex AWS Access Token
| High
| Passive
|
| 798.127
| Exposure of confidential secret or token Yandex Access Token
| High
| Passive
|
| 798.128
| Exposure of confidential secret or token Zendesk Secret Key
| High
| Passive
|
| 829.1
| Inclusion of Functionality from Untrusted Control Sphere
| Low
| Passive
|
| 829.2
| Invalid Sub-Resource Integrity values detected
| Medium
| Passive
|