Vulnerabilities

Track, triage, and remediate security vulnerabilities across your stack.

criticalCVE-2024-12345auth-service

SQL Injection in login endpoint

Unsanitised user input passed directly to a raw SQL query in the login handler.

Detected Mar 8, 2026

open

highCVE-2024-67890api-gateway

Outdated lodash dependency (ReDoS)

lodash@4.17.15 is vulnerable to a Regular Expression Denial of Service attack.

Detected Mar 7, 2026

in progress

mediumapi-gateway

Insecure CORS policy on /api/v1

CORS policy allows all origins (*) on sensitive endpoints.

Detected Mar 6, 2026

open

mediumauth-service

Missing rate limiting on auth endpoints

No rate limiting on /login and /reset-password exposes endpoints to brute-force.

Detected Mar 5, 2026

open

lowuser-service

Sensitive data in application logs

User email addresses were being logged at DEBUG level in plain text.

Detected Mar 1, 2026

resolved