SecNav Code — measurable precision
Per-agent precision & recall measurements on the labelled SecNav Code corpus. Corpus available to auditors on request (james.underwood@live.co.uk). Measured 2026-05-24 · manifest 1.8.0.
Agents
660
Corpus samples
88,377
Mean precision
98.50%
Mean recall
98.75%
Mean FP rate
2.99%
Perfect agents
453 / 660
Recall ≥ 99%
600 / 660
Precision ≥ 99%
558 / 660
Solution-side quality (paired-A / §49.2 floors)
The scanner is one half of the paired-A pitch — the other half is what happens AFTER a finding fires.
MASTER-PLAN §49.2 locks four floors on the solution side: fix-acceptance ≥ 70%, verify-after-fix close-rate ≥ 90%,
hallucination = 0%, and fix-safety = 0% (no new HIGH/CRITICAL findings introduced by an accepted fix).
Pre-customer fixture floor (F3): a fixed set of LLM-shape diffs runs through the verify-after-fix
orchestrator on every push. 5 positive ("must close") + 5 adversarial ("must not silently pass") cases.
Production rollup (F1 telemetry): No production data yet — telemetry begins recording after migration 620 lands and customers start applying fixes.
Fixture pass-rate (F3)
10/10
Fix-acceptance (F1)
pending
Verify-after-fix close-rate
pending
Fix-safety (new H/C introduced)
0 / —
Per-agent measurements (660 agents)
| Agent | Precision | Recall | FP rate | Samples | TP | FP | FN | TN |
|---|---|---|---|---|---|---|---|---|
api.api1.bola |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
api.api10.unsafe-consumption-of-apis |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
api.api2.broken-auth |
100.00% | 93.33% | 0.00% | 30 | 14 | 0 | 1 | 15 |
api.api3.broken-property-level-authz |
100.00% | 80.00% | 0.00% | 30 | 12 | 0 | 3 | 15 |
api.api4.unrestricted-resource-consumption |
100.00% | 80.00% | 0.00% | 30 | 12 | 0 | 3 | 15 |
api.api5.broken-function-level-authz |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
api.api6.unrestricted-business-flows |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
api.api7.ssrf |
93.33% | 93.33% | 6.25% | 31 | 14 | 1 | 1 | 15 |
api.api8.security-misconfiguration |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
api.api9.improper-inventory-management |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art12.backup-config |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art17.incident-runbook |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art19.reporting-clocks |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art24.pen-test-attestation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art28.vendor-register |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art30.contract-clauses |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art7.recovery-objectives |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.dora.art8.asset-inventory |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art10.data-governance |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art11.technical-docs |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art12.event-logging |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art13.transparency-deployer |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art14.human-oversight |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art15.robustness-jailbreak |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art15.robustness-prompt-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art5.prohibited-practices |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art50.transparency-content |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art53.gpai-training-summary |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art6.high-risk-classification |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.eu-ai-act.art9.risk-mgmt-system |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-1-logical-access-controls |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-2-identification-and-authentication |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-3-authorization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-6-external-threat-boundary |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-7-data-transmission-encryption |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc6-8-malware-prevention |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc7-1-system-monitoring |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc7-2-anomaly-detection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc7-3-incident-response |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
compliance.soc2.cc8-1-change-management |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.csharp-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.elixir-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.go-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.java-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.kotlin-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.php-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.python-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.ruby-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.rust-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.scala-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1004.swift-insecure-cookie |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1021.clickjacking |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.117.csharp-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.elixir-log-injection |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.117.go-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.java-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.kotlin-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.log-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.117.php-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.python-log-injection |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.117.ruby-log-injection |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.117.rust-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.scala-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.117.swift-log-injection |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.1287.mass-assignment |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1333.redos |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.csharp-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.elixir-ssti |
88.24% | 100.00% | 13.33% | 30 | 15 | 2 | 0 | 13 |
cwe.1336.go-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.java-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.kotlin-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.php-ssti |
88.24% | 100.00% | 13.33% | 30 | 15 | 2 | 0 | 13 |
cwe.1336.python-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.ruby-ssti |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.1336.rust-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.scala-ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.ssti |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.1336.swift-ssti |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.1391.weak-credentials |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.16.misconfiguration |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
cwe.190.integer-overflow |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
cwe.20.improper-input-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.208.timing-attack |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.209.information-exposure |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.csharp-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.elixir-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.go-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.java-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.kotlin-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.php-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.python-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.ruby-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.rust-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.scala-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.22.swift-path-traversal |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.223.csharp-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.elixir-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.go-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.java-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.kotlin-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.php-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.python-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.ruby-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.rust-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.scala-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.223.security-info-omission |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
cwe.223.swift-security-info-omission |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.csharp-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.elixir-improper-privilege |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.269.go-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.269.java-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.kotlin-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.php-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.python-improper-privilege |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.269.ruby-improper-privilege |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.269.rust-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.scala-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.269.swift-improper-privilege |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.csharp-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.elixir-incorrect-default-permissions |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.276.go-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.incorrect-default-permissions |
100.00% | 81.25% | 0.00% | 28 | 13 | 0 | 3 | 12 |
cwe.276.java-incorrect-default-permissions |
94.12% | 100.00% | 7.14% | 30 | 16 | 1 | 0 | 13 |
cwe.276.kotlin-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.php-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.python-incorrect-default-permissions |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.276.ruby-incorrect-default-permissions |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.276.rust-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.scala-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.276.swift-incorrect-default-permissions |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.csharp-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.elixir-improper-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.287.go-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.improper-auth |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.287.java-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.kotlin-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.php-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.python-improper-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.287.ruby-improper-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.287.rust-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.scala-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.287.swift-improper-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.295.cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.csharp-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.elixir-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.go-cert-validation |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.295.java-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.kotlin-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.php-cert-validation |
100.00% | 93.33% | 0.00% | 30 | 14 | 0 | 1 | 15 |
cwe.295.python-cert-validation |
93.33% | 93.33% | 6.67% | 30 | 14 | 1 | 1 | 14 |
cwe.295.ruby-cert-validation |
88.24% | 100.00% | 13.33% | 30 | 15 | 2 | 0 | 13 |
cwe.295.rust-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.scala-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.295.swift-cert-validation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.306.csharp-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.elixir-missing-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.306.go-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.java-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.kotlin-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.missing-auth |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.306.php-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.python-missing-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.306.ruby-missing-auth |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.306.rust-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.scala-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.306.swift-missing-auth |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.307.rate-limiting |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.csharp-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.elixir-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.go-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.java-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.kotlin-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.php-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.python-cleartext-transmission |
87.50% | 93.33% | 13.33% | 30 | 14 | 2 | 1 | 13 |
cwe.319.ruby-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.rust-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.scala-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.319.swift-cleartext-transmission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.321.hardcoded-crypto-key |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.csharp-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.elixir-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.go-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.java-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.kotlin-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.php-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.python-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.ruby-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.rust-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.scala-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.swift-weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.327.weak-crypto |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.328.java-weak-hash |
78.95% | 100.00% | 26.67% | 30 | 15 | 4 | 0 | 11 |
cwe.330.csharp-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.elixir-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.go-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.java-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.kotlin-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.php-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.python-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.ruby-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.rust-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.scala-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.330.swift-insufficient-randomness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.345.jwt-verification |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.csharp-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.elixir-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.go-csrf |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.352.java-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.kotlin-csrf |
100.00% | 100.00% | 0.00% | 31 | 15 | 0 | 0 | 16 |
cwe.352.php-csrf |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.352.python-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.ruby-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.352.rust-csrf |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
cwe.352.scala-csrf |
100.00% | 93.33% | 0.00% | 30 | 14 | 0 | 1 | 15 |
cwe.352.swift-csrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.359.privacy-violation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.362.csharp-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.elixir-race-condition |
94.12% | 100.00% | 7.14% | 30 | 16 | 1 | 0 | 13 |
cwe.362.go-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.java-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.kotlin-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.php-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.python-race-condition |
94.12% | 100.00% | 7.14% | 30 | 16 | 1 | 0 | 13 |
cwe.362.race-condition |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.362.ruby-race-condition |
94.12% | 100.00% | 7.14% | 30 | 16 | 1 | 0 | 13 |
cwe.362.rust-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.scala-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.362.swift-race-condition |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.384.session-fixation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.434.csharp-unrestricted-upload |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.434.elixir-unrestricted-upload |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.434.go-unrestricted-upload |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.434.java-unrestricted-upload |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.434.kotlin-unrestricted-upload |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.434.php-unrestricted-upload |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.434.python-unrestricted-upload |
93.33% | 93.33% | 6.67% | 30 | 14 | 1 | 1 | 14 |
cwe.434.ruby-unrestricted-upload |
93.33% | 93.33% | 6.67% | 30 | 14 | 1 | 1 | 14 |
cwe.434.rust-unrestricted-upload |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.434.scala-unrestricted-upload |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.434.swift-unrestricted-upload |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.434.unrestricted-upload |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.501.java-trust-boundary |
50.00% | 100.00% | 100.00% | 30 | 15 | 15 | 0 | 0 |
cwe.502.csharp-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.elixir-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.go-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.java-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.kotlin-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.php-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.python-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.ruby-deserialization |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.502.rust-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.scala-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.502.swift-deserialization |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.522.insufficiently-protected-credentials |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.601.csharp-open-redirect |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.601.elixir-open-redirect |
92.86% | 86.67% | 6.67% | 30 | 13 | 1 | 2 | 14 |
cwe.601.go-open-redirect |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
cwe.601.java-open-redirect |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.601.kotlin-open-redirect |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.601.open-redirect |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.601.php-open-redirect |
86.67% | 86.67% | 13.33% | 30 | 13 | 2 | 2 | 13 |
cwe.601.python-open-redirect |
86.67% | 86.67% | 13.33% | 30 | 13 | 2 | 2 | 13 |
cwe.601.ruby-open-redirect |
100.00% | 80.00% | 0.00% | 30 | 12 | 0 | 3 | 15 |
cwe.601.rust-open-redirect |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.601.scala-open-redirect |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.601.swift-open-redirect |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
cwe.611.csharp-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.elixir-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.go-xxe |
100.00% | 80.00% | 0.00% | 30 | 12 | 0 | 3 | 15 |
cwe.611.java-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.kotlin-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.php-xxe |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
cwe.611.python-xxe |
100.00% | 93.33% | 0.00% | 30 | 14 | 0 | 1 | 15 |
cwe.611.ruby-xxe |
93.33% | 93.33% | 6.67% | 30 | 14 | 1 | 1 | 14 |
cwe.611.rust-xxe |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
cwe.611.scala-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.swift-xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.611.xxe |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.614.java-cookie-no-secure |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.639.idor |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.643.java-xpath-injection |
50.00% | 100.00% | 100.00% | 30 | 15 | 15 | 0 | 0 |
cwe.668.client-secret-exposure |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.732.incorrect-permission |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.770.resource-exhaustion |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.csharp-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.elixir-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.go-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.java-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.kotlin-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.php-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.python-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.ruby-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.rust-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.scala-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.78.swift-os-command |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.csharp-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.elixir-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.go-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.java-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.kotlin-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.php-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.python-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.ruby-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.rust-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.scala-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.swift-xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.79.xss |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.798.csharp-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.elixir-hardcoded-creds |
92.86% | 81.25% | 6.67% | 31 | 13 | 1 | 3 | 14 |
cwe.798.go-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.hardcoded-creds |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.798.java-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.kotlin-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.php-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.python-hardcoded-creds |
92.86% | 81.25% | 6.67% | 31 | 13 | 1 | 3 | 14 |
cwe.798.ruby-hardcoded-creds |
92.86% | 81.25% | 6.67% | 31 | 13 | 1 | 3 | 14 |
cwe.798.rust-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.scala-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.798.swift-hardcoded-creds |
100.00% | 81.25% | 0.00% | 31 | 13 | 0 | 3 | 15 |
cwe.829.untrusted-search-path |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.862.csharp-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.elixir-missing-authz |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.862.go-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.java-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.kotlin-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.missing-authz |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.862.php-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.python-missing-authz |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.862.ruby-missing-authz |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.862.rust-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.scala-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.862.swift-missing-authz |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.863.csharp-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.elixir-broken-access-control |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.863.go-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.java-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.kotlin-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.php-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.python-broken-access-control |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.863.ruby-broken-access-control |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
cwe.863.rust-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.scala-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.863.swift-broken-access-control |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
cwe.89.csharp-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.elixir-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.go-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.java-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.kotlin-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.php-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.python-sqli |
100.00% | 100.00% | 0.00% | 31 | 15 | 0 | 0 | 16 |
cwe.89.ruby-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.rust-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.scala-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.89.swift-sqli |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.90.java-ldap-injection |
50.00% | 100.00% | 100.00% | 30 | 15 | 15 | 0 | 0 |
cwe.91.xpath-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.915.prototype-pollution |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.916.csharp-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.elixir-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.go-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.java-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.kotlin-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.php-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.python-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.ruby-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.rust-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.scala-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.swift-weak-password-hash |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
cwe.916.weak-password-hash |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.917.expression-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.csharp-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.elixir-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.go-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.java-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.kotlin-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.php-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.python-ssrf |
100.00% | 100.00% | 0.00% | 31 | 15 | 0 | 0 | 16 |
cwe.918.ruby-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.rust-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.scala-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.918.swift-ssrf |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.csharp-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.elixir-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.go-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.java-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.kotlin-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.php-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.python-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.ruby-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.rust-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.scala-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.94.swift-code-injection |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.942.permissive-cors |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.secnav.audit-chain-gap |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.secnav.canonical-naming |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.secnav.jwt-claim-shape |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.secnav.oauth-verifier |
100.00% | 100.00% | 0.00% | 713 | 701 | 0 | 0 | 12 |
cwe.secnav.rls-policy-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
cwe.secnav.tenant-isolation |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
framework.django-drf.admin-default-url |
100.00% | 100.00% | 0.00% | 68 | 54 | 0 | 0 | 14 |
framework.django-drf.allow-any-permission |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.allowed-hosts-wildcard |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.cors-permissive |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.csrf-exempt |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.database-inline-credentials |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.debug-enabled |
100.00% | 100.00% | 0.00% | 215 | 201 | 0 | 0 | 14 |
framework.django-drf.eval-exec-user-input |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.django-drf.filefield-no-validators |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.insecure-cookie-ssl-settings |
100.00% | 100.00% | 0.00% | 514 | 500 | 0 | 0 | 14 |
framework.django-drf.jsonresponse-model-dict-leak |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.mark-safe-xss |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.django-drf.open-redirect |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.django-drf.orm-expression-sql-injection |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.pickle-deserialization |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.django-drf.raw-sql-injection |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.requests-verify-false |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.django-drf.secret-key-hardcoded |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.send-file-path-traversal |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.django-drf.serializer-fields-all |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.session-auth-no-csrf |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.subprocess-shell-injection |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.django-drf.template-ssti |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.django-drf.xframe-options-allow |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.django-drf.yaml-unsafe-load |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.dotnet.code-injection |
99.86% | 100.00% | 8.33% | 713 | 701 | 1 | 0 | 11 |
framework.dotnet.command-injection |
99.67% | 100.00% | 16.67% | 613 | 601 | 2 | 0 | 10 |
framework.dotnet.cors-misconfigured |
99.80% | 100.00% | 8.33% | 512 | 500 | 1 | 0 | 11 |
framework.dotnet.csrf-antiforgery |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.dotnet.hardcoded-secrets |
94.12% | 100.00% | 7.69% | 29 | 16 | 1 | 0 | 12 |
framework.dotnet.header-injection |
99.83% | 100.00% | 8.33% | 612 | 600 | 1 | 0 | 11 |
framework.dotnet.insecure-cookies |
99.80% | 100.00% | 7.69% | 513 | 500 | 1 | 0 | 12 |
framework.dotnet.insecure-deserialization |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.dotnet.ldap-injection |
99.60% | 100.00% | 16.67% | 512 | 500 | 2 | 0 | 10 |
framework.dotnet.log-injection |
99.67% | 100.00% | 15.38% | 614 | 601 | 2 | 0 | 11 |
framework.dotnet.mass-assignment |
99.83% | 100.00% | 7.69% | 613 | 600 | 1 | 0 | 12 |
framework.dotnet.missing-authz |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.dotnet.open-redirect |
99.83% | 100.00% | 8.33% | 612 | 600 | 1 | 0 | 11 |
framework.dotnet.path-traversal |
99.86% | 100.00% | 8.33% | 712 | 700 | 1 | 0 | 11 |
framework.dotnet.redos |
99.88% | 100.00% | 8.33% | 815 | 803 | 1 | 0 | 11 |
framework.dotnet.sql-injection |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.dotnet.ssrf |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.dotnet.tls-validation-disabled |
99.80% | 100.00% | 8.33% | 512 | 500 | 1 | 0 | 11 |
framework.dotnet.verbose-errors |
99.83% | 100.00% | 8.33% | 616 | 604 | 1 | 0 | 11 |
framework.dotnet.weak-crypto |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.dotnet.weak-random |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.dotnet.xpath-injection |
99.83% | 100.00% | 8.33% | 612 | 600 | 1 | 0 | 11 |
framework.dotnet.xss-raw-output |
99.72% | 100.00% | 16.67% | 717 | 705 | 2 | 0 | 10 |
framework.dotnet.xxe |
99.60% | 100.00% | 15.38% | 513 | 500 | 2 | 0 | 11 |
framework.dotnet.zip-slip |
99.80% | 100.00% | 8.33% | 512 | 500 | 1 | 0 | 11 |
framework.go.admin-route-no-auth |
100.00% | 100.00% | 0.00% | 29 | 16 | 0 | 0 | 13 |
framework.go.bcrypt-low-cost |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.go.bind-without-validation |
100.00% | 100.00% | 0.00% | 612 | 600 | 0 | 0 | 12 |
framework.go.cookie-insecure-flags |
100.00% | 100.00% | 0.00% | 613 | 600 | 0 | 0 | 13 |
framework.go.cors-wildcard |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.csrf-middleware-missing |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.go.database-sql-concat |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.go.debug-mode-enabled |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.exec-command-injection |
99.83% | 100.00% | 8.33% | 612 | 600 | 1 | 0 | 11 |
framework.go.hardcoded-signing-secret |
100.00% | 100.00% | 0.00% | 29 | 16 | 0 | 0 | 13 |
framework.go.hmac-timing-attack |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.html-xss |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.go.idor-param-direct-db |
100.00% | 83.33% | 0.00% | 612 | 500 | 0 | 100 | 12 |
framework.go.jwt-none-or-weak-verify |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.log-injection |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.go.net-http-ssrf |
100.00% | 85.71% | 0.00% | 712 | 600 | 0 | 100 | 12 |
framework.go.open-redirect |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.go.path-traversal |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.go.session-fixation |
100.00% | 100.00% | 0.00% | 711 | 700 | 0 | 0 | 11 |
framework.go.text-template-in-http |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.tls-insecure-skip-verify |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.unbounded-request-body |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.go.weak-crypto-algorithms |
100.00% | 100.00% | 0.00% | 612 | 600 | 0 | 0 | 12 |
framework.go.weak-random-tokens |
100.00% | 100.00% | 0.00% | 29 | 16 | 0 | 0 | 13 |
framework.go.xml-xxe |
100.00% | 100.00% | 0.00% | 512 | 500 | 0 | 0 | 12 |
framework.nextjs.api-no-zod |
100.00% | 83.33% | 0.00% | 612 | 500 | 0 | 100 | 12 |
framework.nextjs.cookies-httponly |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.nextjs.gssp-secret-leak |
100.00% | 85.63% | 0.00% | 715 | 602 | 0 | 101 | 12 |
framework.nextjs.image-ssrf |
100.00% | 100.00% | 0.00% | 716 | 704 | 0 | 0 | 12 |
framework.nextjs.layout-bypass |
100.00% | 100.00% | 0.00% | 715 | 703 | 0 | 0 | 12 |
framework.nextjs.middleware-redos |
100.00% | 85.71% | 0.00% | 712 | 600 | 0 | 100 | 12 |
framework.nextjs.nextauth-callbackurl |
100.00% | 87.50% | 0.00% | 29 | 14 | 0 | 2 | 13 |
framework.nextjs.permissive-image-config |
100.00% | 100.00% | 0.00% | 715 | 703 | 0 | 0 | 12 |
framework.nextjs.redirect-open |
100.00% | 100.00% | 0.00% | 714 | 702 | 0 | 0 | 12 |
framework.nextjs.revalidate-untrusted |
99.83% | 85.67% | 8.33% | 717 | 604 | 1 | 101 | 11 |
framework.nextjs.route-stream-auth-bypass |
100.00% | 100.00% | 0.00% | 712 | 700 | 0 | 0 | 12 |
framework.nextjs.server-action-no-auth |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.nextjs.server-component-secret-leak |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.nextjs.server-only-exfil |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.nextjs.unstable-cache-key-poisoning |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.nodejs.admin-route-no-auth |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.child-process-injection |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.cors-misconfigured |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.eval-injection |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.hardcoded-signing-secret |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.hmac-timing-attack |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.insecure-cookies |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.insecure-deserialization |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.jwt-weak-verify |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.log-injection |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.mass-assignment |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.missing-helmet |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.nosql-injection |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.open-redirect |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.path-traversal |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.prototype-pollution |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.redos-user-regex |
99.75% | 100.00% | 7.14% | 416 | 402 | 1 | 0 | 13 |
framework.nodejs.sql-injection |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.ssrf |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.tls-verify-disabled |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.nodejs.unrestricted-upload |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.verbose-error-exposure |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.weak-crypto |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.nodejs.xml-xxe |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.nodejs.xss-html-reflection |
99.50% | 100.00% | 14.29% | 414 | 400 | 2 | 0 | 12 |
framework.php.assert-string-rce |
99.83% | 100.00% | 8.33% | 613 | 601 | 1 | 0 | 11 |
framework.php.debug-mode-enabled |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.eval-and-dynamic-code |
94.12% | 100.00% | 9.09% | 27 | 16 | 1 | 0 | 10 |
framework.php.extract-untrusted-input |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.hmac-timing-attack |
93.33% | 87.50% | 8.33% | 28 | 14 | 1 | 2 | 11 |
framework.php.insecure-cookies |
99.80% | 100.00% | 8.33% | 513 | 501 | 1 | 0 | 11 |
framework.php.laravel-admin-route-no-auth |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.php.laravel-blade-raw-output |
93.33% | 87.50% | 8.33% | 28 | 14 | 1 | 2 | 11 |
framework.php.laravel-csrf-skip |
99.80% | 100.00% | 8.33% | 515 | 503 | 1 | 0 | 11 |
framework.php.laravel-eloquent-raw-sql |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.laravel-mass-assignment |
94.12% | 100.00% | 7.69% | 29 | 16 | 1 | 0 | 12 |
framework.php.laravel-raw-sql |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.ldap-injection |
99.80% | 83.33% | 8.33% | 612 | 500 | 1 | 100 | 11 |
framework.php.open-redirect |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.os-command-injection |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.path-traversal |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.ssrf |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.symfony-csrf-disabled |
98.18% | 98.18% | 8.33% | 67 | 54 | 1 | 1 | 11 |
framework.php.tls-verify-disabled |
99.83% | 100.00% | 8.33% | 614 | 602 | 1 | 0 | 11 |
framework.php.unrestricted-file-upload |
100.00% | 100.00% | 0.00% | 514 | 502 | 0 | 0 | 12 |
framework.php.unserialize-user-input |
88.89% | 100.00% | 16.67% | 28 | 16 | 2 | 0 | 10 |
framework.php.weak-password-hash |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.php.weak-random-tokens |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.php.wordpress-wpdb-unprepared |
99.83% | 100.00% | 8.33% | 613 | 601 | 1 | 0 | 11 |
framework.php.xxe |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rails.action-mailer-no-tls |
94.12% | 100.00% | 7.14% | 30 | 16 | 1 | 0 | 13 |
framework.rails.active-record-raw-sql-methods |
93.33% | 87.50% | 8.33% | 28 | 14 | 1 | 2 | 11 |
framework.rails.active-record-sql-injection |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rails.activestorage-no-validators |
100.00% | 100.00% | 0.00% | 613 | 600 | 0 | 0 | 13 |
framework.rails.consider-all-requests-local |
100.00% | 100.00% | 0.00% | 515 | 503 | 0 | 0 | 12 |
framework.rails.eval-user-input |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.rails.force-ssl-disabled |
100.00% | 100.00% | 0.00% | 516 | 502 | 0 | 0 | 14 |
framework.rails.json-api-csrf-skip |
99.67% | 100.00% | 16.67% | 614 | 602 | 2 | 0 | 10 |
framework.rails.logger-param-injection |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.rails.marshal-load-deserialization |
99.67% | 100.00% | 15.38% | 613 | 600 | 2 | 0 | 11 |
framework.rails.net-http-ssrf |
88.24% | 93.75% | 18.18% | 27 | 15 | 2 | 1 | 9 |
framework.rails.os-command-injection |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
framework.rails.params-permit-mass-assignment |
99.67% | 100.00% | 16.67% | 613 | 601 | 2 | 0 | 10 |
framework.rails.protect-from-forgery-skipped |
99.83% | 100.00% | 7.14% | 615 | 601 | 1 | 0 | 13 |
framework.rails.rack-attack-misconfigured |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.rails.rack-cors-wildcard |
99.67% | 100.00% | 16.67% | 613 | 601 | 2 | 0 | 10 |
framework.rails.raw-html-safe-xss |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.rails.redirect-to-open-redirect |
100.00% | 100.00% | 0.00% | 613 | 600 | 0 | 0 | 13 |
framework.rails.respond-to-any-format |
100.00% | 100.00% | 0.00% | 611 | 600 | 0 | 0 | 11 |
framework.rails.secret-key-base-hardcoded |
100.00% | 100.00% | 0.00% | 30 | 16 | 0 | 0 | 14 |
framework.rails.secure-headers-weak-csp |
88.89% | 100.00% | 14.29% | 30 | 16 | 2 | 0 | 12 |
framework.rails.send-file-path-traversal |
100.00% | 100.00% | 0.00% | 613 | 600 | 0 | 0 | 13 |
framework.rails.session-fixation-on-login |
88.89% | 100.00% | 15.38% | 29 | 16 | 2 | 0 | 11 |
framework.rails.weak-random-tokens |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.rails.yaml-load-unsafe |
99.83% | 100.00% | 9.09% | 611 | 600 | 1 | 0 | 10 |
framework.react.dangerous-link-protocol |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.react.dangerouslysetinnerhtml |
100.00% | 100.00% | 0.00% | 612 | 600 | 0 | 0 | 12 |
framework.react.eval-handler |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.react.formaction-csrf |
100.00% | 100.00% | 0.00% | 513 | 501 | 0 | 0 | 12 |
framework.react.hardcoded-secret |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.react.href-javascript-uri |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.react.localstorage-jwt |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.react.ref-innerhtml |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.react.tabnabbing |
100.00% | 83.36% | 0.00% | 613 | 501 | 0 | 100 | 12 |
framework.react.useeffect-secret-deps |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.cleartext-transmission |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.command-injection |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.cors-misconfigured |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rust.csrf-missing |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.hardcoded-secrets |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rust.header-injection |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.rust.information-exposure |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.rust.insecure-deserialization |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rust.jwt-weak-verify |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.log-injection |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.mass-assignment |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rust.open-redirect |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.path-traversal |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.rate-limiting-missing |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.redos-user-regex |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.session-fixation |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.sql-injection |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.ssrf |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.ssti |
94.12% | 100.00% | 8.33% | 28 | 16 | 1 | 0 | 11 |
framework.rust.timing-attack |
100.00% | 81.25% | 0.00% | 28 | 13 | 0 | 3 | 12 |
framework.rust.tls-verify-disabled |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.unrestricted-upload |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.weak-crypto |
100.00% | 87.50% | 0.00% | 28 | 14 | 0 | 2 | 12 |
framework.rust.xss-html-response |
100.00% | 100.00% | 0.00% | 28 | 16 | 0 | 0 | 12 |
framework.rust.xxe |
100.00% | 81.25% | 0.00% | 28 | 13 | 0 | 3 | 12 |
framework.spring-boot.actuator-exposed |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.actuator-sensitive-endpoint |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.crossorigin-permissive |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.csrf-disabled |
99.75% | 100.00% | 7.14% | 415 | 401 | 1 | 0 | 13 |
framework.spring-boot.datasource-url-inline-credentials |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.default-credentials |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.devtools-enabled |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.error-stacktrace-config |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.exception-handler-stacktrace-leak |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.frame-options-disabled |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.h2-console-enabled |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.hibernate-native-sql-injection |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.jackson-polymorphic-deserialization |
99.75% | 100.00% | 6.67% | 415 | 400 | 1 | 0 | 14 |
framework.spring-boot.method-override-enabled |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.oauth2-redirect-uri-wildcard |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.preauthorize-gap |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.query-sql-injection |
99.75% | 100.00% | 7.14% | 414 | 400 | 1 | 0 | 13 |
framework.spring-boot.resttemplate-ssl-disabled |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.security-permitall |
100.00% | 100.00% | 0.00% | 415 | 401 | 0 | 0 | 14 |
framework.spring-boot.servlet-path-traversal |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.session-fixation-disabled |
100.00% | 100.00% | 0.00% | 415 | 401 | 0 | 0 | 14 |
framework.spring-boot.snakeyaml-xstream-deserialization |
100.00% | 100.00% | 0.00% | 415 | 400 | 0 | 0 | 15 |
framework.spring-boot.spel-injection |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.ssrf-resttemplate |
99.75% | 100.00% | 6.67% | 415 | 400 | 1 | 0 | 14 |
framework.spring-boot.swagger-ui-exposed |
100.00% | 100.00% | 0.00% | 88 | 74 | 0 | 0 | 14 |
framework.spring-boot.thymeleaf-ssti |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.unlimited-request-size |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.unrestricted-file-upload |
99.75% | 100.00% | 6.67% | 415 | 400 | 1 | 0 | 14 |
framework.spring-boot.weak-random-token |
100.00% | 100.00% | 0.00% | 414 | 400 | 0 | 0 | 14 |
framework.spring-boot.xxe-jaxb-sax |
99.75% | 100.00% | 6.67% | 415 | 400 | 1 | 0 | 14 |
meta.build-sheet-validator |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.doc-assert-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.dogfood-baseline-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.endpoint-inventory-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.frontend-callsite-routing-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.github-actions-version-drift |
93.75% | 100.00% | 6.67% | 30 | 15 | 1 | 0 | 14 |
meta.measurement-baseline-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.migration-stub-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.ratchet-baseline-drift |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
meta.registry-manifest-drift |
100.00% | 86.67% | 0.00% | 30 | 13 | 0 | 2 | 15 |
meta.scan-artefact-staleness |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.semgrep-rule-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.skip-marker-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.tag-coverage-drift |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |
meta.todo-rot-drift |
93.75% | 100.00% | 6.25% | 31 | 15 | 1 | 0 | 15 |
supply-chain.ci.workflow-injection |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
supply-chain.npm.cooldown |
100.00% | 100.00% | 0.00% | 31 | 16 | 0 | 0 | 15 |
supply-chain.npm.install-hook |
100.00% | 100.00% | 0.00% | 34 | 18 | 0 | 0 | 16 |
supply-chain.npm.slsa-provenance |
100.00% | 100.00% | 0.00% | 30 | 15 | 0 | 0 | 15 |