Skip to content

Vulnerability severity update #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hcastilho merged 1 commit into from
Oct 31, 2025
Merged

Vulnerability severity update #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions angularjs-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: AngularJS library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
6 changes: 3 additions & 3 deletions application-error-message.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Application error message
severity: medium
cvss-score: 5.3
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cwe-id: CWE-550
cwe-name: Server-generated Error Message Containing Sensitive Information
compliance:
HIPAA: 164.306(a)
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.25
owasp10: A5
pci: 6.5.5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
6 changes: 3 additions & 3 deletions aspnet-debugging-enabled.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: ASP.NET debugging enabled
severity: low
cvss-score: 5.3
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cwe-id: CWE-489
cwe-name: Active Debug Code
compliance:
HIPAA: 164.306(a), 164.312(a)(1), 164.312(d)
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.15
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12, A.8.15, A.8.25
owasp10: A1, A5
pci: 6.5.5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
6 changes: 3 additions & 3 deletions aspnet-tracing-enabled.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
---
name: ASP.NET tracing enabled
severity: high
cvss-score: 9.1
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
cvss-score: 8.2
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
cwe-id: CWE-11
cwe-name: 'ASP.NET Misconfiguration: Creating Debug Binary'
compliance:
HIPAA: 164.306(a)
ISO 27001: A.5.33, A.5.34, A.8.4, A.8.9, A.8.12
owasp10: A5
pci: 6.5.5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
6 changes: 3 additions & 3 deletions aspnet-viewstate-without-mac.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
---
name: ASP.NET ViewState without MAC
severity: low
severity: medium
cvss-score: 5.3
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cwe-id: CWE-642
cwe-name: External Control of Critical State Data
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
4 changes: 2 additions & 2 deletions axios-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Axios library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
4 changes: 2 additions & 2 deletions backbone-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Backbone library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
4 changes: 2 additions & 2 deletions bootstrap-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Bootstrap library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
2 changes: 1 addition & 1 deletion browser-content-sniffing-allowed.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
2 changes: 1 addition & 1 deletion certificate-with-insufficient-key-size-or-usage-or-insecure-signature-algorithm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.5.14, A.8.9, A.8.24
owasp10: A2
pci: 4.1, 6.5.4
PCI v4.0: pci4-4.2.1, pci4-6.2.4
PCI-DSS v4.0.1: 4.2.1, 6.2.4

---

Expand Down
2 changes: 1 addition & 1 deletion certificate-without-revocation-information.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.5.14, A.8.9, A.8.24
owasp10: A2
pci: 4.1, 6.5.4
PCI v4.0: pci4-4.2.1, pci4-6.2.4
PCI-DSS v4.0.1: 4.2.1, 6.2.4

---

Expand Down
4 changes: 2 additions & 2 deletions chartjs-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Chart.js library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
4 changes: 2 additions & 2 deletions ckeditor-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: CKEditor library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
6 changes: 3 additions & 3 deletions cookie-with-samesite-attribute-set-to-none.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Cookie with SameSite attribute set to None
severity: low
cvss-score: 3.1
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
cwe-id: CWE-1275
cwe-name: Sensitive Cookie with Improper SameSite Attribute
compliance:
HIPAA: 164.306(a), 164.312(c)(1), 164.312(e)(1)
ISO 27001: A.5.14, A.8.9, A.8.24
ISO 27001: A.5.14, A.8.9, A.8.24, A.8.25
owasp10: A2, A7
pci: 4.1, 6.5.4, 6.5.10
PCI v4.0: pci4-4.2.1, pci4-6.2.4
PCI-DSS v4.0.1: 4.2.1, 6.2.4

---

Expand Down
5 changes: 3 additions & 2 deletions cookie-without-httponly-flag.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@
name: Cookie without HttpOnly flag
severity: low
cvss-score: 3.1
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
cwe-id: CWE-16
cwe-name: Configuration
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.25
owasp10: A7
pci: 6.5.10
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
2 changes: 1 addition & 1 deletion crlf-injection.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.5.33, A.5.34, A.8.3, A.8.12
owasp10: A3
pci: 6.5.1
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
6 changes: 3 additions & 3 deletions cross-origin-resource-sharing-arbitrary-origin-trusted.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: 'Cross Origin Resource Sharing: Arbitrary Origin Trusted'
severity: low
cvss-score: 6.1
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cwe-id: CWE-942
cwe-name: Permission Cross-Domain Policy with Untrusted Domains
compliance:
HIPAA: 164.306(a), 164.312(a)(1), 164.312(d)
ISO 27001: A.8.2, A.8.3
ISO 27001: A.8.2, A.8.3, A.8.25
owasp10: A1
pci: 6.5.8
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
2 changes: 1 addition & 1 deletion deprecated-tls-protocol-version-10-supported.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.5.14, A.8.9, A.8.24
owasp10: A2
pci: 4.1, 6.5.4
PCI v4.0: pci4-4.2.1, pci4-6.2.4
PCI-DSS v4.0.1: 4.2.1, 6.2.4

---

Expand Down
2 changes: 1 addition & 1 deletion deprecated-tls-protocol-version-11-supported.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.5.14, A.8.9, A.8.24
owasp10: A2
pci: 4.1, 6.5.4
PCI v4.0: pci4-4.2.1, pci4-6.2.4
PCI-DSS v4.0.1: 4.2.1, 6.2.4

---

Expand Down
4 changes: 2 additions & 2 deletions directory-listing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@
name: Directory Listing
severity: low
cvss-score: 5.3
cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cwe-id: CWE-548
cwe-name: Exposure of Information Through Directory Listing
compliance:
HIPAA: 164.306(a), 164.312(a)(1), 164.312(d)
ISO 27001: A.8.4, A.8.9
owasp10: A1, A5
PCI v4.0: pci4-6.2.4
PCI-DSS v4.0.1: 6.2.4

---

Expand Down
4 changes: 2 additions & 2 deletions dojo-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: Dojo library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
4 changes: 2 additions & 2 deletions dompurify-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: DOMPurify library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
2 changes: 1 addition & 1 deletion drupal-version-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
2 changes: 1 addition & 1 deletion dwr-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ compliance:
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
4 changes: 2 additions & 2 deletions easyxdm-library-with-known-vulnerabilities.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,15 @@
name: easyXDM library with known vulnerabilities
severity: low
cvss-score: 4.8
cvss-vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
cwe-id: CWE-1035
cwe-name: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
compliance:
HIPAA: 164.306(a)
ISO 27001: A.8.9
owasp10: A5, A6
pci: '6.2'
PCI v4.0: pci4-6.2.4, pci4-6.3.3
PCI-DSS v4.0.1: 6.2.4, 6.3.3

---

Expand Down
Loading