Handles PII
Posture
critical
2
high
4
medium
7
low
5
Ownership
Findings (19)
low
Open Redis without auth
SnykSCA
false positive
9.2
low
Open Redis without auth
GrypeContainer
open
4.1
high
Path traversal in file download endpoint
SnykSCA
false positive
9.9
high
Cross-site Scripting in profile renderer
GrypeContainer
open
8.7
low
S3 bucket publicly readable
Scout SuiteCSPM
open
5.6
medium
Path traversal in file download endpoint
TruffleHogSecrets
triaged
5.1
info
Missing CSP header on auth pages
Cloudflare WAFWAF
triaged
4
medium
Path traversal in file download endpoint
CheckmarxSAST
open
6.6
medium
Cross-site Scripting in profile renderer
Contrast RASPRASP
open
9.5
medium
Log4Shell vulnerable dependency
TruffleHogSecrets
open
4.3
critical
Cross-site Scripting in profile renderer
TrivyContainer
open
6.5
medium
JWT signed with weak HS256 secret
ProwlerCSPM
open
7
high
SSRF in webhook fetcher
ProwlerCSPM
open
5.3
low
SSRF in webhook fetcher
CodeQLSAST
triaged
7
critical
Excessive Kubernetes RBAC privileges
Cloudflare WAFWAF
triaged
9.7
medium
Container running as root
SnykSCA
open
5.8
medium
Container running as root
ProwlerCSPM
open
9.8