Invicti Standard 31 Aug 2022 v6.7.0.37625


  • Added pattern for XSS via file upload SVG.


  • Added the Cache By CSS Selector and Max Cache Elements to the scan policies.
  • Added the GraphQL endpoints and libraries to the Knowledge Base.
  • Updated the Jira tooltip for the access token or password field.
  • Removed the target URL health check that lets the scan continue despite getting error messages such as 403.
  • Improved the raw scan file expired information message.
  • Improved the scan profile test coverage.
  • Updated regex for Stack Trace Disclosure (Java) – Java.Lang Exceptions.
  • Improved the JSON Web Tokens secret list.
  • Improved the re-login process when the logout is detected.


  • Fixed the retest issue.
  • Fixed the null reference error thrown during the late confirmation.
  • Fixed an issue of using the disposed objects.
  • Fixed the exception error when cloning the report policy.
  • Fixed the broken links on the report policy.
  • Fixed mistaken NIST and DISA classifications.
  • Fixed a bug that threw the database locked error when Invicti is restarted after a scan.
  • Fixed an issue where a JavaScript Setting option blocks inputs for the single-page applications to be reported in the Web Pages with Inputs node.
  • Fixed a bug that caused the scan session failure when the scan is paused and resumed.
  • Fixed failed scans where the Target URL is IPv6 and starting with ::1
  • Fixed the Postman collection parsing by removing / in front of the query in the URL.
  • Fixed the Shark validation issue that threw exceptions while validating.
  • Fixed the issue with proxy settings, so Invicti prioritizes the settings in the scan policy.
  • Fixed NodeJS RCE-OOB security check.