Documentation
Vulnerabilities

API Vulnerabilities

NameOWASPSeveritySupport
Broken Object Level Authorization (BOLA)API1:2023 Broken Object Level AuthorizationMedium
Private Field AccessAPI1:2023 Broken Object Level AuthorizationMedium
Mass AssignmentAPI1:2023 Broken Object Level AuthorizationMedium
Authentication BypassAPI2:2023 Broken AuthenticationHigh
JWT none algorithmAPI2:2023 Broken AuthenticationHigh
JWT blank secretAPI2:2023 Broken AuthenticationHigh
JWT weak secretAPI2:2023 Broken AuthenticationHigh
JWT Audience cross service relay attackAPI2:2023 Broken AuthenticationHigh
JWT Null SignatureAPI2:2023 Broken AuthenticationHigh
JWT Algorithm ConfusionAPI2:2023 Broken AuthenticationHigh
JWT Signature not verifiedAPI2:2023 Broken AuthenticationHigh
JWT ExpiredAPI2:2023 Broken AuthenticationHigh
Discoverable OpenAPIAPI7:2023 Server Side Request ForgeryInfo
Discoverable GraphQL EndpointAPI7:2023 Server Side Request ForgeryInfo
GraphQL Introspection EnabledAPI8:2023 Security MisconfigurationInfo
Secrets LeakAPI8:2023 Security MisconfigurationHigh
Directory ListingAPI8:2023 Security MisconfigurationMedium
Private IP DisclosureAPI8:2023 Security MisconfigurationLow
Not HTTP-only CookieAPI8:2023 Security MisconfigurationInfo
Not Secure CookieAPI8:2023 Security MisconfigurationInfo
Not SameSite CookieAPI8:2023 Security MisconfigurationInfo
No Cookie expirationAPI8:2023 Security MisconfigurationInfo
No CORS HeadersAPI8:2023 Security MisconfigurationInfo
Permissive CORS HeadersAPI8:2023 Security MisconfigurationInfo
HTTP Method Override EnabledAPI8:2023 Security MisconfigurationInfo - High
X-Content-Type-Options Header Not SetAPI8:2023 Security MisconfigurationInfo
X-Frame-Options Header Not SetAPI8:2023 Security MisconfigurationInfo
CSP Header Not SetAPI8:2023 Security MisconfigurationInfo
CSP Frame Ancestors Not SetAPI8:2023 Security MisconfigurationInfo
HSTS Header Not SetAPI8:2023 Security MisconfigurationInfo
HTTP TRACE Method EnabledAPI8:2023 Security MisconfigurationInfo
HTTP TRACK Method EnabledAPI8:2023 Security MisconfigurationInfo
Server Signature LeakAPI8:2023 Security MisconfigurationInfo
SSL Certificate Not TrustedAPI8:2023 Security MisconfigurationMedium
SSL Not EnforcedAPI8:2023 Security MisconfigurationMedium
Directory TraversalAPI10:2023 Unsafe Consumption of APIsHigh
GitHub ActionJWT None Algorithm