SAST-0ACAC
SASTC Sharp Basic Auth Header Hardcoded Credentials
SAST-0ACNE
SASTHtml Form Autocomplete On Sensitive Data
SAST-0ADOM
SASTYaml Env Sensitive Value Exposed
1.7
Low
Target: Docker Compose
Technology: Docker_compose
CWE ID(s):
CWE-798
Last update time: Mar 16, 2026
SAST-0AE6E
SASTJava Insecure Hostname Verifier
SAST-0GSEI
SASTGo Zip Slip Path Traversal
SAST-0LECA
SASTJava Ssrf Apache Client
SAST-0LELG
SASTScala Logging Of Sensitive Data
SAST-0LINT
SASTPython Loads Insecure Deserialization
SAST-0LNNF
SASTPython Fastapi Sensitive Data Logging
SAST-0MULN
SASTGo Dynamic Unsafe Reflection
SAST-0OESA
SASTTypescript Insecure Postmessage Wildcard
SAST-0OTUC
SASTTerraform Auth Not Enabled
2.7
Low
Target: Terraform
Technology: Azure_app_service
CWE ID(s):
CWE-306
Last update time: Mar 17, 2026
SAST-0P1SO
SASTJson Yaml Mfa Disabled In Userpool
SAST-1AC9E
SASTJavascript Insecure Samesite Cookie Attribute
SAST-1E1IB
SASTExecutable Files Insecure Certificate Validation
SAST-1GTEO
SASTGo Accepts Any Mime
SAST-1LTEN
SASTKotlin Xpath Injection Unvalidated Input
SAST-1NACC
SASTC Sharp Accepts Any Mime Type
SAST-1POSO
SASTC Sharp Api Use Hardcoded Password
SAST-1RREC
SASTTerraform Ssm Full Access Locals
SAST-1SC0E
SASTJava Like Clause Unescaped Input
SAST-1SPTL
SASTTerraform Outdated Or Missing Tls Policy
SAST-1UUID
SASTPhp Insecure Redirect Untrusted Data
1.3
Low
Target: Php
Technology: Symfony
CWE ID(s):
Last update time: Mar 16, 2026
SAST-23GWE
SASTSwift Weak Hash Md5
SAST-2A0WW
SASTJava Unsafe Jwt Decode
SAST-2HRTI
SASTRuby Insecure Openuri Http Request
SAST-2LIAE
SASTJson Yaml Capabilities Add Sys Admin
SAST-2R0FW
SASTJavascript Weak Rsa Modulus 1024
SAST-2REED
SASTDart Hardcoded Salt In Pbkdf2
SAST-2SKSN
SASTTypescript Path Undefined In Session Cookie
SAST-2SUIC
SASTJson Yaml Wildcard Action In Trust Policy
SAST-2YMOT
SASTTypescript Sensitive Information Weak Md5
SAST-3ARLR
SASTGradle Credentials Password Hardcoded
SAST-3ATLE
SASTTerraform Wildcard Resource All Actions Locals
SAST-3EO3B
SASTJava Hardcoded Pbe Password
SAST-3IALT
SASTRuby Path Traversal Unsanitized Input
SAST-3PENP
SASTRuby Unsafe Hardcoded Password
SAST-3U1MX
SASTXml Dev Mode Enabled
SAST-3UEUA
SASTPhp Eval With Untrusted Input
SAST-3UYSU
SASTJson Yaml Unrestricted Dns Port 53
SAST-3VPYR
SASTTypescript Implied Eval In Timer
SAST-4B4RC
SASTRuby Eval Code Injection
SAST-4CBNG
SASTJson Yaml Access Logging Disabled
SAST-4DADD
SASTJson Yaml Redshift Encryption Disabled
1.2
Low
Target: Cloudformation
Technology: Aws_redshift
CWE ID(s):
CWE-312
Last update time: Mar 16, 2026
SAST-4E2SI
SASTTerraform Image Missing Digest
SAST-4ED4P
SASTJson Yaml Security Group Unrestricted Ports
SAST-4IKYL
SASTPython Command Injection In Shell Call
SAST-4NE4E
SASTDart Native Language Cmd Injection
SAST-4O4CE
SASTJava Command Injection From Header
SAST-4PSAO
SASTKotlin Csp Unsafe Inline
SAST-4TFPT
SASTC Sharp Plaintext Ftp No Tls
SAST-4TVE4
SASTJava Weak Random Seed
SAST-4TVG4
SASTTypescript Local Storage With Sensitive Data
SAST-55RS3
SASTTerraform Unrestricted Rpc Port 135
1.2
Low
Target: Terraform
Technology: Azure_network_security
CWE ID(s):
CWE-1327
Last update time: Mar 16, 2026
SAST-5A5IA
SASTKotlin Crypto Weak Key Size
SAST-5DOOP
SASTC Sharp Directory Browsing Enabled
SAST-5EAES
SASTPhp Hardcoded Db Password
SAST-5EDED
SASTJavascript Hardcoded Session Secret
SAST-5GDIT
SASTRuby Hardcoded Session Secret Token
SAST-5NOSE
SASTGo Insecure File Permissions
SAST-5PTSE
SASTTypescript Insecure Ecdh Curve
SAST-5RFTL
SASTPython Hardcoded Flask Secret Key
SAST-5RNNS
SASTDocker Curl No Checksum
SAST-5RYGT
SASTGo Insecure Hash Use
SAST-67026
SASTJson Yaml Run As User Below 10000
SAST-6EEYG
SASTJson Yaml Weak Secret Configuration
2.7
Low
Target: Cloudformation
Technology: Aws_secrets_manager
CWE ID(s):
CWE-521
Last update time: Mar 16, 2026
SAST-7MSRI
SASTJavascript Dom Stored Xss
SAST-7OPEF
SASTTerraform Insecure Http Protocol
SAST-7RERT
SASTTerraform Host Ipc Enabled
SAST-7UA77
SASTTerraform Public Network Enabled True
4.8
Medium
Target: Terraform
Technology: Azure_data_factory
CWE ID(s):
CWE-923
Last update time: Mar 16, 2026
SAST-84OCR
SASTGo Unencrypted Ftp Connection
SAST-8AIEI
SASTJava Trust Boundary Violation
SAST-8NIJL
SASTJson Yaml Insecure Transport Policy
SAST-8TTET
SASTGo User Input As Safe Type
SAST-8YTA8
SASTJson Yaml Hostpath Volume Mount
SAST-9ROYR
SASTTypescript Kony Hardcoded Encryption Key
SAST-A1O1O
SASTJson Yaml Overpermissive Ssm Wildcard Actions
SAST-A2ISA
SASTTypescript React Native Missing Masking
SAST-A2SAG
SASTKotlin Hardcoded Signing Secret
SAST-A5SOR
SASTDocker Sshpass Plaintext Password
SAST-A9AFM
SASTTerraform Key Rotation Disabled
SAST-AAARA
SASTJava Accept Wildcard Header
SAST-AAIHY
SASTC Sharp Hardcoded Insecure Keys
SAST-AAIVT
SASTJava Session Id Not Regenerated
SAST-AAVAE
SASTJava Datasource Encryption Disabled
SAST-AAVID
SASTJavascript Unsafe Deserialization Untrusted Data
SAST-AAZAS
SASTJava Excessive Max Upload Size
SAST-AC0EL
SASTScala Insecure Ec Key
SAST-AC1GC
SASTC Sharp Cache Control Public True
SAST-ACLRG
SASTScala Insecure Hash Algorithm
SAST-ACVCT
SASTJavascript Accepts Wildcard Mime
SAST-AD31D
SASTPython Sensitive Data In Payload
SAST-ADCSS
SASTJava Hardcoded Connection Password
SAST-ADHZV
SASTJavascript Hardcoded Db Password
SAST-ADISA
SASTTerraform Trust Policy Wildcard Action
SAST-ADLYC
SASTScala Cors Wildcard Origin Header
SAST-ADORR
SASTJava Use Of Hardcoded Password
1.3
Low
Target: Java
Technology: Hakaricp
CWE ID(s):
Last update time: Mar 16, 2026
SAST-ADSAA
SASTJava Hardcoded Password Authentication
SAST-ADY9T
SASTPython Hardcoded Aes Key
SAST-AE1AS
SASTC Sharp String Format Sql Injection