Posture
critical
1
high
4
medium
11
low
4
Ownership
Findings (24)
info
Missing rate limiting on /login
GitleaksSecrets
false positive
6.6
info
SSRF in webhook fetcher
ProwlerCSPM
accepted
4.2
medium
Missing CSP header on auth pages
SonarQubeSAST
open
7.8
medium
Open Redis without auth
SonarQubeSAST
open
6.5
medium
Path traversal in file download endpoint
WizCSPM
accepted
9.3
medium
SQL Injection in user-input handler
CheckovIaC
accepted
4.2
medium
SQL Injection in user-input handler
GitleaksSecrets
open
6.9
low
Missing rate limiting on /login
TruffleHogSecrets
open
6.7
medium
Path traversal in file download endpoint
SonarQubeSAST
triaged
9.9
medium
Missing CSP header on auth pages
Burp Pro PenTestPenTest
accepted
7.6
low
SSRF in webhook fetcher
GitleaksSecrets
open
7.2
medium
Race condition in payment idempotency
CheckovIaC
open
5.3
low
S3 bucket publicly readable
TruffleHogSecrets
triaged
5.6
high
IAM role with wildcard permissions
SnykSCA
open
9.3
high
Cross-site Scripting in profile renderer
SnykSCA
accepted
9.2
high
SSRF in webhook fetcher
ProwlerCSPM
triaged
6.6
medium
SSRF in webhook fetcher
TruffleHogSecrets
open
7.8
info
Missing CSP header on auth pages
Cloudflare WAFWAF
open
9.3