SAST-0ACAC
SASTC Sharp Basic Auth Header Hardcoded Credentials
SAST-0ACNE
SASTHtml Form Autocomplete On Sensitive Data
SAST-0ADOM
SASTYaml Env Sensitive Value Exposed
1.7
Low
Target: Docker Compose
Technology: Docker_compose
CWE ID(s):
CWE-798
Last update time: Mar 16, 2026
SAST-0AE6E
SASTJava Insecure Hostname Verifier
SAST-0CTAC
SASTJavascript Unsafe Csv Injection Fast Csv
SAST-0FSTS
SASTTypescript Unsafe Nest Axios Ssrf
SAST-0GSEI
SASTGo Zip Slip Path Traversal
SAST-0IEOV
SASTGo Sensitive Information In Logs
SAST-0JFRI
SASTJava Unsafe Logger Injection
SAST-0LECA
SASTJava Ssrf Apache Client
SAST-0LELG
SASTScala Logging Of Sensitive Data
SAST-0LHIF
SASTPhp Unlink Path Traversal
SAST-0LINT
SASTPython Loads Insecure Deserialization
SAST-0LNNF
SASTPython Fastapi Sensitive Data Logging
SAST-0MULN
SASTGo Dynamic Unsafe Reflection
SAST-0NCIS
SASTJavascript Pino Sensitive Information In Logs
SAST-0OESA
SASTTypescript Insecure Postmessage Wildcard
SAST-0OTUC
SASTTerraform Auth Not Enabled
2.7
Low
Target: Terraform
Technology: Azure_app_service
CWE ID(s):
CWE-306
Last update time: Mar 17, 2026
SAST-0P1SO
SASTJson Yaml Mfa Disabled In Userpool
SAST-0WRII
SASTScala Integer Overflow In Spring
SAST-1AC9E
SASTJavascript Insecure Samesite Cookie Attribute
SAST-1CRFX
SASTTypescript Express Http Https Ssrf
SAST-1E1IB
SASTExecutable Files Insecure Certificate Validation
SAST-1GTEO
SASTGo Accepts Any Mime
SAST-1LTEN
SASTKotlin Xpath Injection Unvalidated Input
SAST-1NACC
SASTC Sharp Accepts Any Mime Type
SAST-1OADL
SASTPhp Unsafe User Controlled Variable
SAST-1POSO
SASTC Sharp Api Use Hardcoded Password
SAST-1RREC
SASTTerraform Ssm Full Access Locals
SAST-1SC0E
SASTJava Like Clause Unescaped Input
SAST-1SPTL
SASTTerraform Outdated Or Missing Tls Policy
SAST-1UUID
SASTPhp Insecure Redirect Untrusted Data
1.3
Low
Target: Php
Technology: Symfony
CWE ID(s):
Last update time: May 4, 2026
SAST-23GWE
SASTSwift Weak Hash Md5
SAST-2A0WW
SASTJava Unsafe Jwt Decode
SAST-2DNR0
SASTPhp User Input Storage Sensitive Data
SAST-2HRTI
SASTRuby Insecure Openuri Http Request
SAST-2LIAE
SASTJson Yaml Capabilities Add Sys Admin
SAST-2R0FW
SASTJavascript Weak Rsa Modulus 1024
SAST-2REED
SASTDart Hardcoded Salt In Pbkdf2
SAST-2SKSN
SASTTypescript Path Undefined In Session Cookie
SAST-2SUIC
SASTJson Yaml Wildcard Action In Trust Policy
SAST-2YMOT
SASTTypescript Sensitive Information Weak Md5
SAST-3ARLR
SASTGradle Credentials Password Hardcoded
SAST-3ATLE
SASTTerraform Wildcard Resource All Actions Locals
SAST-3EO3B
SASTJava Hardcoded Pbe Password
SAST-3IALT
SASTRuby Path Traversal Unsanitized Input
SAST-3PENP
SASTRuby Unsafe Hardcoded Password
SAST-3SDD3
SASTGo Hardcoded Redis Password
SAST-3U1MX
SASTXml Dev Mode Enabled
SAST-3UEUA
SASTPhp Eval With Untrusted Input
SAST-3UYSU
SASTJson Yaml Unrestricted Dns Port 53
SAST-3VPYR
SASTTypescript Implied Eval In Timer
SAST-3YECA
SASTDart Weak Hash Md5
SAST-4B4RC
SASTRuby Eval Code Injection
SAST-4CBNG
SASTJson Yaml Access Logging Disabled
SAST-4DADD
SASTJson Yaml Redshift Encryption Disabled
1.2
Low
Target: Cloudformation
Technology: Aws_redshift
CWE ID(s):
CWE-312
Last update time: Mar 16, 2026
SAST-4E2SI
SASTTerraform Image Missing Digest
SAST-4ECF4
SASTJava Use Of Insecure Random
SAST-4ED4P
SASTJson Yaml Security Group Unrestricted Ports
SAST-4IKYL
SASTPython Command Injection In Shell Call
SAST-4NE4E
SASTDart Native Language Cmd Injection
SAST-4O4CE
SASTJava Command Injection From Header
SAST-4PSAO
SASTKotlin Csp Unsafe Inline
SAST-4TFPT
SASTC Sharp Plaintext Ftp No Tls
SAST-4TVE4
SASTJava Weak Random Seed
SAST-55RS3
SASTTerraform Unrestricted Rpc Port 135
1.2
Low
Target: Terraform
Technology: Azure_network_security
CWE ID(s):
CWE-1327
Last update time: Mar 16, 2026
SAST-5A5IA
SASTKotlin Crypto Weak Key Size
SAST-5DOOP
SASTC Sharp Directory Browsing Enabled
SAST-5EAES
SASTPhp Hardcoded Db Password
SAST-5EDED
SASTJavascript Hardcoded Session Secret
SAST-5GDIT
SASTRuby Hardcoded Session Secret Token
SAST-5IRVJ
SASTJava Sensitive Information In Slf4j Log
SAST-5NOE1
SASTPhp Curl Unsafe X Frame Options
SAST-5NOSE
SASTGo Insecure File Permissions
SAST-5ORAY
SASTPhp Hardcoded Cryptographic Iv
SAST-5PTSE
SASTTypescript Insecure Ecdh Curve
SAST-5RFTL
SASTPython Hardcoded Flask Secret Key
SAST-5RNNS
SASTDocker Curl No Checksum
SAST-5RYGT
SASTGo Insecure Hash Use
SAST-67026
SASTJson Yaml Run As User Below 10000
SAST-6EEYG
SASTJson Yaml Weak Secret Configuration
2.7
Low
Target: Cloudformation
Technology: Aws_secrets_manager
CWE ID(s):
CWE-521
Last update time: Mar 16, 2026
SAST-7MSRI
SASTJavascript Dom Stored Xss
SAST-7OPEF
SASTTerraform Insecure Http Protocol
SAST-7RERT
SASTTerraform Host Ipc Enabled
SAST-7UA77
SASTTerraform Public Network Enabled True
4.8
Medium
Target: Terraform
Technology: Azure_data_factory
CWE ID(s):
CWE-923
Last update time: Mar 16, 2026
SAST-84OCR
SASTGo Unencrypted Ftp Connection
SAST-8AIEI
SASTJava Trust Boundary Violation
SAST-8NIJL
SASTJson Yaml Insecure Transport Policy
SAST-8TTET
SASTGo User Input As Safe Type
SAST-8YTA8
SASTJson Yaml Hostpath Volume Mount
SAST-9PGTI
SASTTypescript Winston Sensitive Information In Logs
SAST-9ROYR
SASTTypescript Kony Hardcoded Encryption Key
SAST-9RROQ
SASTGo Hardcoded Postgresql Password
SAST-A10TL
SASTPython Ssrf Session Unvalidated Url
SAST-A1O1O
SASTJson Yaml Overpermissive Ssm Wildcard Actions
SAST-A2ISA
SASTTypescript React Native Missing Masking
SAST-A2SAG
SASTKotlin Hardcoded Signing Secret
SAST-A40PM
SASTPython Fastapi Html Injection
SAST-A5SOR
SASTDocker Sshpass Plaintext Password
SAST-A9AFM
SASTTerraform Key Rotation Disabled