Web Application Vulnerabilities Index
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Select Vulnerability
Vulnerability Name
Classification
Severity
Sensitive Data Exposure - Facebook App ID
Sensitive Data Exposure - Facebook App Secret
Sensitive Data Exposure - Gitlab Personal Access Token
Sensitive Data Exposure - Google Cloud API Key
Sensitive Data Exposure - Google OAuth Access Token
Sensitive Data Exposure - Heroku API Key
Sensitive Data Exposure - JDBC Database Connection String
Sensitive Data Exposure - Jenkins Secret
Sensitive Data Exposure - LinkedIn API Key
Sensitive Data Exposure - MailChimp API Key
Sensitive Data Exposure - MailGun API Key
Sensitive Data Exposure - Mapbox Token
Sensitive Data Exposure - Nexmo Secret
Sensitive Data Exposure - NPM Access Token
Sensitive Data Exposure - NuGet API Key
Sensitive Data Exposure - Okta Secret Key
Sensitive Data Exposure - Omise Secret Key
Sensitive Data Exposure - Paypal Access Token
Sensitive Data Exposure - Picatic API key
Sensitive Data Exposure - SendGrid API Key
Sensitive Data Exposure - Sentry Auth Token
Sensitive Data Exposure - Slack Token
Sensitive Data Exposure - Slack v1.x Token
Sensitive Data Exposure - Slack Webhook
Sensitive Data Exposure - SonarQube User Token
Sensitive Data Exposure - Square OAuth Secret
Sensitive Data Exposure - Square Personal Access Token
Sensitive Data Exposure - SSH Key
Sensitive Data Exposure - Stripe API key
Sensitive Data Exposure - Symfony Application Secret
Sensitive Data Exposure - Teams Webhook
Sensitive Data Exposure - Telegram Bot API Token
Sensitive Data Exposure - Twilio API Key
Sensitive Data Exposure - Twitter Access Token Secret
Sensitive Data Exposure - Twitter API Secret Key
Sensitive Data Exposure - WordPress Authentication Key/Salt
Server-Side Request Forgery
Server-Side Request Forgery (Time Based)
Session Cookie Not Marked as Secure
Source Code Disclosure (ASP.NET)
Source Code Disclosure (ColdFusion)
Source Code Disclosure (Generic)
Source Code Disclosure (Java)
Source Code Disclosure (Java Servlet)
Source Code Disclosure (JSP)
Source Code Disclosure (Perl)
Source Code Disclosure (PHP)
Source Code Disclosure (Python)
Source Code Disclosure (Ruby)
Source Code Disclosure (Tomcat)
Spring Boot Misconfiguration: Actuator endpoint security disabled
Spring Boot Misconfiguration: Admin MBean enabled
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
Spring Boot Misconfiguration: Developer tools enabled on production
Spring Boot Misconfiguration: H2 console enabled
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
Spring Boot Misconfiguration: Overly long session timeout
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
Spring Boot Misconfiguration: Unsafe value for session tracking
Spring Misconfiguration: HTML Escaping disabled
SQLite Database File Found
SSL Certificate Is About To Expire
SSL Certificate Name Hostname Mismatch
SSL/TLS Not Implemented
SSL Untrusted Root Certificate
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (Django)
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Python)
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (Ruby-Sinatra Framework)