| Use of Weak Hash | low |
| Use of Potentially Dangerous Function | low |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | medium |
| Use of a Broken or Risky Cryptographic Algorithm | high |
| URL Redirection to Untrusted Site ('Open Redirect') | low |
| URL Redirection to Untrusted Site ('Open Redirect') | low |
| URL Redirection to Untrusted Site ('Open Redirect') | medium |
| Unchecked Return Value | low |
| Server-Side Request Forgery (SSRF) | medium |
| Server-Side Request Forgery (SSRF) | medium |
| Server-Side Request Forgery (SSRF) | medium |
| Sensitive Cookie Without 'HttpOnly' Flag | low |
| Sensitive Cookie Without 'HttpOnly' Flag | low |
| Sensitive Cookie with Improper SameSite Attribute | low |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | low |
| Origin Validation Error | low |
| Origin Validation Error | low |
| Integer Overflow or Wraparound | medium |
| Incorrect Comparison | low |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | low |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | high |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | high |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | high |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | high |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | medium |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | high |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | medium |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | medium |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | high |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | low |
| Improper Control of Generation of Code ('Code Injection') | medium |
| Improper Control of Generation of Code ('Code Injection') | high |
| Improper Control of Generation of Code ('Code Injection') | high |
| Improper Control of Generation of Code ('Code Injection') | medium |
| Improper Control of Generation of Code ('Code Injection') | low |
| Improper Control of Generation of Code ('Code Injection') | medium |
| Improper Authorization | low |
| Improper Authorization | low |
| Improper Authentication | low |
| Improper Access Control | medium |
| Generation of Predictable IV with CBC Mode | high |
| File Inclusion | low |
| External Control of File Name or Path | low |
| Exposure of Sensitive Information to an Unauthorized Actor | medium |
| Exposure of Sensitive Information to an Unauthorized Actor | low |
| Deserialization of Untrusted Data | medium |
| Deserialization of Untrusted Data | low |
| Deserialization of Untrusted Data | medium |
| Cross-Site Request Forgery (CSRF) | low |
| Cross-Site Request Forgery (CSRF) | low |
| Cleartext Transmission of Sensitive Information | low |
| Cleartext Transmission of Sensitive Information | low |
| Active Debug Code | low |